Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
VqBVE8dJEA.exe

Overview

General Information

Sample Name:VqBVE8dJEA.exe
Original Sample Name:297dc90d62648d3f034db5ebb2e583f7.exe
Analysis ID:1308691
MD5:297dc90d62648d3f034db5ebb2e583f7
SHA1:d9a23ea738c61cfd87b04d2ac1bc44eb1d27be2f
SHA256:bdd8f37906415bcb5b8b541376358b07517afea5cefd379b279f75155a4cdb1a
Tags:32exe
Infos:

Detection

Remcos
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected Remcos RAT
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Maps a DLL or memory area into another process
Writes to foreign memory regions
Contain functionality to detect virtual machines
Found hidden mapped module (file has been removed from disk)
Injects code into the Windows Explorer (explorer.exe)
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Detected potential crypto function
Found potential string decryption / allocating functions
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
PE file contains executable resources (Code or Archives)
Creates a DirectInput object (often for capturing keystrokes)
Drops files with a non-matching file extension (content does not match file extension)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Searches for the Microsoft Outlook file path
Allocates memory with a write watch (potentially for evading sandboxes)
Drops PE files
Tries to load missing DLLs
PE / OLE file has an invalid certificate
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • VqBVE8dJEA.exe (PID: 6752 cmdline: C:\Users\user\Desktop\VqBVE8dJEA.exe MD5: 297DC90D62648D3F034DB5EBB2E583F7)
    • ManyCam.exe (PID: 6816 cmdline: C:\Users\user\AppData\Roaming\wininet\ManyCam.exe MD5: BA699791249C311883BAA8CE3432703B)
      • pcaui.exe (PID: 6824 cmdline: C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To function properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\wininet\ManyCam.exe MD5: 54CE7125F4149F2BA28ED251E51794E4)
      • cmd.exe (PID: 6852 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 6860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • explorer.exe (PID: 7124 cmdline: C:\Windows\SysWOW64\explorer.exe MD5: 166AB1B9462E5C1D6D18EC5EC0B6A5F7)
  • ManyCam.exe (PID: 6404 cmdline: "C:\Users\user\AppData\Roaming\wininet\ManyCam.exe" MD5: BA699791249C311883BAA8CE3432703B)
    • pcaui.exe (PID: 6440 cmdline: C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To function properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\wininet\ManyCam.exe MD5: 54CE7125F4149F2BA28ED251E51794E4)
    • cmd.exe (PID: 6540 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • explorer.exe (PID: 2996 cmdline: C:\Windows\SysWOW64\explorer.exe MD5: 166AB1B9462E5C1D6D18EC5EC0B6A5F7)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Remcos, RemcosRATRemcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.
  • APT33
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos

Malware Configuration

Threatname: Remcos

{"Version": "3.5.1 Pro", "Host:Port:Password": "servicios.disenospublici.info:5507:1", "Assigned name": "NUEVOS 2023 SEPTIEMBRE 14", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\xduJoeSecurity_RemcosYara detected Remcos RATJoe Security
    C:\Users\user\AppData\Local\Temp\xduWindows_Trojan_Remcos_b296e965unknownunknown
    • 0x664ac:$a1: Remcos restarted by watchdog!
    • 0x66498:$a2: Mutex_RemWatchdog
    • 0x66964:$a3: %02i:%02i:%02i:%03i
    • 0x66ba5:$a4: * Remcos v
    C:\Users\user\AppData\Local\Temp\xduREMCOS_RAT_variantsunknownunknown
    • 0x61494:$str_a1: C:\Windows\System32\cmd.exe
    • 0x61410:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
    • 0x61410:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
    • 0x609f8:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
    • 0x61050:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
    • 0x605f4:$str_b2: Executing file:
    • 0x615d8:$str_b3: GetDirectListeningPort
    • 0x60e10:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject")
    • 0x61038:$str_b7: \update.vbs
    • 0x6061c:$str_b9: Downloaded file:
    • 0x60608:$str_b10: Downloading file:
    • 0x606ac:$str_b12: Failed to upload file:
    • 0x615a0:$str_b13: StartForward
    • 0x615c0:$str_b14: StopForward
    • 0x60fe0:$str_b15: fso.DeleteFile "
    • 0x60f74:$str_b16: On Error Resume Next
    • 0x61010:$str_b17: fso.DeleteFolder "
    • 0x6069c:$str_b18: Uploaded file:
    • 0x6065c:$str_b19: Unable to delete:
    • 0x60fa8:$str_b20: while fso.FileExists("
    • 0x60b31:$str_c0: [Firefox StoredLogins not found]
    C:\Users\user\AppData\Local\Temp\xduINDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewerdetects Windows exceutables potentially bypassing UAC using eventvwr.exeditekSHen
    • 0x60500:$s1: \Classes\mscfile\shell\open\command
    • 0x60560:$s1: \Classes\mscfile\shell\open\command
    • 0x60548:$s2: eventvwr.exe
    C:\Users\user\AppData\Local\Temp\hqwohppjianeJoeSecurity_RemcosYara detected Remcos RATJoe Security
      Click to see the 3 entries

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000000B.00000002.277689055.0000000005D20000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
        0000000B.00000002.277689055.0000000005D20000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Remcos_b296e965unknownunknown
        • 0x66574:$a1: Remcos restarted by watchdog!
        • 0x66560:$a2: Mutex_RemWatchdog
        • 0x66a2c:$a3: %02i:%02i:%02i:%03i
        • 0x66c6d:$a4: * Remcos v
        00000006.00000002.310064498.0000000000454000.00000002.00000001.01000000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
          00000006.00000002.310064498.0000000000454000.00000002.00000001.01000000.00000000.sdmpWindows_Trojan_Remcos_b296e965unknownunknown
          • 0x130ac:$a1: Remcos restarted by watchdog!
          • 0x13098:$a2: Mutex_RemWatchdog
          • 0x13564:$a3: %02i:%02i:%02i:%03i
          • 0x137a5:$a4: * Remcos v
          00000003.00000002.246155492.00000000036F0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
            Click to see the 11 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            3.2.cmd.exe.36f00c8.6.raw.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
              3.2.cmd.exe.36f00c8.6.raw.unpackWindows_Trojan_Remcos_b296e965unknownunknown
              • 0x664ac:$a1: Remcos restarted by watchdog!
              • 0x66498:$a2: Mutex_RemWatchdog
              • 0x66964:$a3: %02i:%02i:%02i:%03i
              • 0x66ba5:$a4: * Remcos v
              3.2.cmd.exe.36f00c8.6.raw.unpackREMCOS_RAT_variantsunknownunknown
              • 0x61494:$str_a1: C:\Windows\System32\cmd.exe
              • 0x61410:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
              • 0x61410:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
              • 0x609f8:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
              • 0x61050:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
              • 0x605f4:$str_b2: Executing file:
              • 0x615d8:$str_b3: GetDirectListeningPort
              • 0x60e10:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject")
              • 0x61038:$str_b7: \update.vbs
              • 0x6061c:$str_b9: Downloaded file:
              • 0x60608:$str_b10: Downloading file:
              • 0x606ac:$str_b12: Failed to upload file:
              • 0x615a0:$str_b13: StartForward
              • 0x615c0:$str_b14: StopForward
              • 0x60fe0:$str_b15: fso.DeleteFile "
              • 0x60f74:$str_b16: On Error Resume Next
              • 0x61010:$str_b17: fso.DeleteFolder "
              • 0x6069c:$str_b18: Uploaded file:
              • 0x6065c:$str_b19: Unable to delete:
              • 0x60fa8:$str_b20: while fso.FileExists("
              • 0x60b31:$str_c0: [Firefox StoredLogins not found]
              3.2.cmd.exe.36f00c8.6.raw.unpackINDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewerdetects Windows exceutables potentially bypassing UAC using eventvwr.exeditekSHen
              • 0x60500:$s1: \Classes\mscfile\shell\open\command
              • 0x60560:$s1: \Classes\mscfile\shell\open\command
              • 0x60548:$s2: eventvwr.exe
              11.2.cmd.exe.5d200c8.7.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
                Click to see the 11 entries

                Sigma Signatures

                No Sigma rule has matched

                Snort Signatures

                No Snort rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 11.2.cmd.exe.5d200c8.7.raw.unpackMalware Configuration Extractor: Remcos {"Version": "3.5.1 Pro", "Host:Port:Password": "servicios.disenospublici.info:5507:1", "Assigned name": "NUEVOS 2023 SEPTIEMBRE 14", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable"}
                Multi AV Scanner detection for submitted file
                Source: VqBVE8dJEA.exeVirustotal: Detection: 9%Perma Link
                Yara detected Remcos RAT
                Source: Yara matchFile source: 3.2.cmd.exe.36f00c8.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 11.2.cmd.exe.5d200c8.7.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.cmd.exe.36f00c8.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 11.2.cmd.exe.5d200c8.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000B.00000002.277689055.0000000005D20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.310064498.0000000000454000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.246155492.00000000036F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.341504013.0000000000454000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 6852, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 7124, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 6540, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 2996, type: MEMORYSTR
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\xdu, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\hqwohppjiane, type: DROPPED
                Antivirus detection for URL or domain
                Source: servicios.disenospublici.infoAvira URL Cloud: Label: malware
                Multi AV Scanner detection for domain / URL
                Source: servicios.disenospublici.infoVirustotal: Detection: 13%Perma Link
                Antivirus detection for dropped file
                Source: C:\Users\user\AppData\Local\Temp\xduAvira: detection malicious, Label: BDS/Backdoor.Gen
                Source: C:\Users\user\AppData\Local\Temp\hqwohppjianeAvira: detection malicious, Label: BDS/Backdoor.Gen
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Local\Temp\hqwohppjianeReversingLabs: Detection: 95%
                Source: C:\Users\user\AppData\Local\Temp\hqwohppjianeVirustotal: Detection: 77%Perma Link
                Source: C:\Users\user\AppData\Local\Temp\xduReversingLabs: Detection: 95%
                Source: C:\Users\user\AppData\Local\Temp\xduVirustotal: Detection: 77%Perma Link
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Local\Temp\xduJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Local\Temp\hqwohppjianeJoe Sandbox ML: detected
                Source: cmd.exe, 00000003.00000002.246155492.00000000036F0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_4aba14eb-a
                Source: VqBVE8dJEA.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
                Source: unknownHTTPS traffic detected: 104.18.6.142:443 -> 192.168.2.4:49710 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.6.94:443 -> 192.168.2.4:49711 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 146.75.28.193:443 -> 192.168.2.4:49712 version: TLS 1.2
                Source: VqBVE8dJEA.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: Binary string: F:\Development\pdfxchange\Editor\_build\Release.Win32\XCVault.pdb,- source: VqBVE8dJEA.exe
                Source: Binary string: d:\branch_2.5\bin\cximagecrt.pdb0 source: ManyCam.exe, 00000001.00000002.195885940.0000000010062000.00000002.00000001.01000000.00000006.sdmp, ManyCam.exe, 00000009.00000002.239044441.0000000010062000.00000002.00000001.01000000.00000006.sdmp, cximagecrt.dll.0.dr
                Source: Binary string: d:\branch_2.5\bin\cximagecrt.pdb source: ManyCam.exe, 00000001.00000002.195885940.0000000010062000.00000002.00000001.01000000.00000006.sdmp, ManyCam.exe, 00000009.00000002.239044441.0000000010062000.00000002.00000001.01000000.00000006.sdmp, cximagecrt.dll.0.dr
                Source: Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb8` source: ManyCam.exe, 00000001.00000002.195282409.0000000001D8D000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000009.00000002.238830119.0000000000D5D000.00000002.00000001.01000000.0000000B.sdmp, highgui099.dll.0.dr
                Source: Binary string: c:\Program Files\OpenCV\bin\cxcore099.pdb source: ManyCam.exe, 00000001.00000002.195228773.0000000001D01000.00000002.00000001.01000000.00000009.sdmp, ManyCam.exe, 00000009.00000002.238753795.0000000000CC1000.00000002.00000001.01000000.00000009.sdmp, cxcore099.dll.0.dr
                Source: Binary string: diaLocatePDB-> Looking for %s... %s%s.pdbFPOPDATAXDATAOMAPFROMOMAPTO$$$IP not set! source: ManyCam.exe, 00000001.00000002.195938679.000000006D511000.00000020.00000001.01000000.00000008.sdmp, ManyCam.exe, 00000009.00000002.239058853.000000006D511000.00000020.00000001.01000000.00000008.sdmp, dbghelp.dll.0.dr
                Source: Binary string: wntdll.pdbUGP source: ManyCam.exe, 00000001.00000002.195731485.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246211120.0000000005680000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246176022.0000000005354000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310173988.0000000004BF0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310148781.00000000048CD000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238987805.0000000003ACE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277620151.000000000555E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277649555.0000000005880000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341659795.0000000005690000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341629480.0000000005370000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: ManyCam.exe, 00000001.00000002.195731485.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246211120.0000000005680000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246176022.0000000005354000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310173988.0000000004BF0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310148781.00000000048CD000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238987805.0000000003ACE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277620151.000000000555E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277649555.0000000005880000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341659795.0000000005690000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341629480.0000000005370000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb source: ManyCam.exe, 00000001.00000002.195282409.0000000001D8D000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000009.00000002.238830119.0000000000D5D000.00000002.00000001.01000000.0000000B.sdmp, highgui099.dll.0.dr
                Source: Binary string: c:\Program Files\OpenCV\bin\cxcore099.pdbu source: ManyCam.exe, 00000001.00000002.195228773.0000000001D01000.00000002.00000001.01000000.00000009.sdmp, ManyCam.exe, 00000009.00000002.238753795.0000000000CC1000.00000002.00000001.01000000.00000009.sdmp, cxcore099.dll.0.dr
                Source: Binary string: c:\Program Files\OpenCV\bin\cv099.pdb source: ManyCam.exe, 00000001.00000002.195139991.0000000000C2F000.00000002.00000001.01000000.0000000A.sdmp, ManyCam.exe, 00000009.00000002.238720189.0000000000BDF000.00000002.00000001.01000000.0000000A.sdmp, cv099.dll.0.dr
                Source: Binary string: d:\branch_2.5\Bin\CrashRpt.pdb source: ManyCam.exe, 00000001.00000002.195431442.0000000002012000.00000002.00000001.01000000.00000007.sdmp, ManyCam.exe, 00000009.00000002.238956185.0000000002012000.00000002.00000001.01000000.00000007.sdmp, CrashRpt.dll.0.dr
                Source: Binary string: d:\branch_2.5\bin\ManyCam.pdb source: ManyCam.exe, 00000001.00000000.193835713.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.dr
                Source: Binary string: F:\Development\pdfxchange\Editor\_build\Release.Win32\XCVault.pdb source: VqBVE8dJEA.exe
                Source: Binary string: dbghelp.pdb source: ManyCam.exe, 00000001.00000002.195938679.000000006D511000.00000020.00000001.01000000.00000008.sdmp, ManyCam.exe, 00000009.00000002.239058853.000000006D511000.00000020.00000001.01000000.00000008.sdmp, dbghelp.dll.0.dr
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 1_2_004164A0 lstrlenW,FindFirstFileW,GetFullPathNameW,SetLastError,1_2_004164A0
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 9_2_004164A0 lstrlenW,FindFirstFileW,GetFullPathNameW,SetLastError,9_2_004164A0
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior

                Networking

                barindex
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: servicios.disenospublici.info
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveHost: wwf.org
                Source: global trafficHTTP traffic detected: GET /?utm_campaign=301-redirects&utm_source=wwf.org&utm_medium=referral&utm_content=wwf.org HTTP/1.1Connection: Keep-AliveHost: www.worldwildlife.org
                Source: global trafficHTTP traffic detected: GET /unqTcwu.png HTTP/1.1Connection: Keep-AliveHost: i.imgur.com
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmp, VqBVE8dJEA.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmp, VqBVE8dJEA.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                Source: VqBVE8dJEA.exeString found in binary or memory: http://crl.globalsign.com/gsextendcodesignsha2g3.crl0
                Source: VqBVE8dJEA.exeString found in binary or memory: http://crl.globalsign.com/root-r3.crl0b
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmp, VqBVE8dJEA.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmp, VqBVE8dJEA.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmp, VqBVE8dJEA.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmp, VqBVE8dJEA.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                Source: ManyCam.exe, 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237650488.00000000005A4000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drString found in binary or memory: http://download.manycam.com
                Source: ManyCam.exeString found in binary or memory: http://download.manycam.com/effects/%s/%s?v=%s
                Source: ManyCam.exe, 00000001.00000000.193835713.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drString found in binary or memory: http://download.manycam.com/effects/%s/%s?v=%sBackgroundsDynamicDynamic
                Source: ManyCam.exe, 00000001.00000000.193835713.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drString found in binary or memory: http://download.manycam.com/effects/%s/%s?v=%sManyCam
                Source: ManyCam.exe, 00000001.00000000.193835713.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drString found in binary or memory: http://download.manycam.comNew
                Source: ManyCam.exe, 00000001.00000000.193835713.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drString found in binary or memory: http://download.manycam.comVerdanaThis
                Source: ManyCam.exeString found in binary or memory: http://manycam.com/feedback/?version=%s
                Source: ManyCam.exe, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drString found in binary or memory: http://manycam.com/help/effects
                Source: ManyCam.exeString found in binary or memory: http://manycam.com/upload_effect?filepath=
                Source: ManyCam.exe, 00000001.00000000.193835713.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drString found in binary or memory: http://manycam.com/upload_effect?filepath=ManyCam
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmp, VqBVE8dJEA.exeString found in binary or memory: http://ocsp.digicert.com0C
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0L
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmp, VqBVE8dJEA.exeString found in binary or memory: http://ocsp.digicert.com0O
                Source: VqBVE8dJEA.exeString found in binary or memory: http://ocsp2.globalsign.com/gsextendcodesignsha2g30U
                Source: VqBVE8dJEA.exeString found in binary or memory: http://ocsp2.globalsign.com/rootr306
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
                Source: VqBVE8dJEA.exeString found in binary or memory: http://secure.globalsign.com/cacert/gsextendcodesignsha2g3ocsp.crt0
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
                Source: VqBVE8dJEA.exeString found in binary or memory: http://www.digicert.com/CPS0
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                Source: ManyCam.exe, 00000001.00000002.195510592.00000000037C6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.0000000003603000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.0000000004781000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001EBB000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.00000000037F8000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.0000000003877000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
                Source: ManyCam.exe, ManyCam.exe, 00000009.00000000.237650488.00000000005A4000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drString found in binary or memory: http://www.manycam.com
                Source: ManyCam.exe, ManyCam.exe, 00000009.00000000.237650488.00000000005A4000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drString found in binary or memory: http://www.manycam.com/codec
                Source: ManyCam.exe, 00000001.00000000.193835713.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drString found in binary or memory: http://www.manycam.com/codecVerdanaThis
                Source: ManyCam.exe, 00000001.00000000.193835713.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drString found in binary or memory: http://www.manycam.com/codecVerdanaTo
                Source: ManyCam.exe, 00000001.00000000.193835713.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drString found in binary or memory: http://www.manycam.com/help/effects/snapshot/these
                Source: CrashRpt.dll.0.dr, ManyCam.exe.0.dr, cximagecrt.dll.0.drString found in binary or memory: http://www.manycam.com0
                Source: ManyCam.exe, 00000001.00000000.193835713.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drString found in binary or memory: http://www.manycam.comhttp://manycam.com/feedback/?version=%sAnchor
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0/
                Source: VqBVE8dJEA.exeString found in binary or memory: http://xml.org/sax/features/namespacesschema-validationlcidlcodelenamellnameproductts
                Source: VqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmp, VqBVE8dJEA.exe, 00000000.00000003.187244034.0000000000A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.freshaddress.biz/js/lib/freshaddress-client-7.0.min.js?token=6075cbbd36a1f0f92cddb595415
                Source: VqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmp, VqBVE8dJEA.exe, 00000000.00000003.187244034.0000000000A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/luminateExtend/1.8.3/luminateExtend.min.js
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
                Source: VqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fca7603378a4e3ebeab2-4e03b1ac88f27f7b20b4cf232f717383.ssl.cf1.rackcdn.com/photos/social/land
                Source: VqBVE8dJEA.exe, 00000000.00000003.187244034.0000000000AAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwf.org/
                Source: VqBVE8dJEA.exeString found in binary or memory: https://wwf.orgmsg.activateKeysRes.allKeysActivatedmsg.activateKeysRes.keyActivatedmsg.activateKeysR
                Source: ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmp, VqBVE8dJEA.exeString found in binary or memory: https://www.digicert.com/CPS0
                Source: VqBVE8dJEA.exeString found in binary or memory: https://www.globalsign.com/repository/0
                Source: VqBVE8dJEA.exeString found in binary or memory: https://www.tracker-software.com/store/activate-serial-key0123456789ABCDEFuuuuuuuubtnufruuuuuuuuuuuu
                Source: VqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmp, VqBVE8dJEA.exe, 00000000.00000003.187244034.0000000000AC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.worldwildlife.org/
                Source: VqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.worldwildlife.org/about/
                Source: VqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.worldwildlife.org/about/history
                Source: VqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.worldwildlife.org/experts
                Source: VqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.worldwildlife.org/leaders
                Source: VqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.worldwildlife.org/magazine
                Source: VqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.worldwildlife.org/pages/our-values
                Source: VqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmp, VqBVE8dJEA.exe, 00000000.00000003.187244034.0000000000A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.worldwildlife.org/pages/privacy-policy
                Source: VqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmp, VqBVE8dJEA.exe, 00000000.00000003.187244034.0000000000A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.worldwildlife.org/pages/site-terms
                Source: VqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmp, VqBVE8dJEA.exe, 00000000.00000003.187244034.0000000000A91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.worldwildlife.org/pages/state-disclosures
                Source: VqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.worldwildlife.org/stories
                Source: unknownDNS traffic detected: queries for: wwf.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveHost: wwf.org
                Source: global trafficHTTP traffic detected: GET /?utm_campaign=301-redirects&utm_source=wwf.org&utm_medium=referral&utm_content=wwf.org HTTP/1.1Connection: Keep-AliveHost: www.worldwildlife.org
                Source: global trafficHTTP traffic detected: GET /unqTcwu.png HTTP/1.1Connection: Keep-AliveHost: i.imgur.com
                Source: unknownHTTPS traffic detected: 104.18.6.142:443 -> 192.168.2.4:49710 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.18.6.94:443 -> 192.168.2.4:49711 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 146.75.28.193:443 -> 192.168.2.4:49712 version: TLS 1.2
                Source: ManyCam.exe, 00000001.00000002.195161196.0000000000C5B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>memstr_9286b874-f

                E-Banking Fraud

                barindex
                Yara detected Remcos RAT
                Source: Yara matchFile source: 3.2.cmd.exe.36f00c8.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 11.2.cmd.exe.5d200c8.7.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.cmd.exe.36f00c8.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 11.2.cmd.exe.5d200c8.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000B.00000002.277689055.0000000005D20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.310064498.0000000000454000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.246155492.00000000036F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.341504013.0000000000454000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 6852, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 7124, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 6540, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 2996, type: MEMORYSTR
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\xdu, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\hqwohppjiane, type: DROPPED

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 3.2.cmd.exe.36f00c8.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: 3.2.cmd.exe.36f00c8.6.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 3.2.cmd.exe.36f00c8.6.raw.unpack, type: UNPACKEDPEMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
                Source: 11.2.cmd.exe.5d200c8.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: 11.2.cmd.exe.5d200c8.7.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 11.2.cmd.exe.5d200c8.7.unpack, type: UNPACKEDPEMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
                Source: 3.2.cmd.exe.36f00c8.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: 3.2.cmd.exe.36f00c8.6.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 3.2.cmd.exe.36f00c8.6.unpack, type: UNPACKEDPEMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
                Source: 11.2.cmd.exe.5d200c8.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: 11.2.cmd.exe.5d200c8.7.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                Source: 11.2.cmd.exe.5d200c8.7.raw.unpack, type: UNPACKEDPEMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
                Source: 0000000B.00000002.277689055.0000000005D20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: 00000006.00000002.310064498.0000000000454000.00000002.00000001.01000000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: 00000003.00000002.246155492.00000000036F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: 0000000D.00000002.341504013.0000000000454000.00000002.00000001.01000000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: Process Memory Space: cmd.exe PID: 6852, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: Process Memory Space: explorer.exe PID: 7124, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: Process Memory Space: cmd.exe PID: 6540, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: Process Memory Space: explorer.exe PID: 2996, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: C:\Users\user\AppData\Local\Temp\xdu, type: DROPPEDMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: C:\Users\user\AppData\Local\Temp\xdu, type: DROPPEDMatched rule: REMCOS_RAT_variants Author: unknown
                Source: C:\Users\user\AppData\Local\Temp\xdu, type: DROPPEDMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
                Source: C:\Users\user\AppData\Local\Temp\hqwohppjiane, type: DROPPEDMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                Source: C:\Users\user\AppData\Local\Temp\hqwohppjiane, type: DROPPEDMatched rule: REMCOS_RAT_variants Author: unknown
                Source: C:\Users\user\AppData\Local\Temp\hqwohppjiane, type: DROPPEDMatched rule: detects Windows exceutables potentially bypassing UAC using eventvwr.exe Author: ditekSHen
                Source: VqBVE8dJEA.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 3.2.cmd.exe.36f00c8.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: 3.2.cmd.exe.36f00c8.6.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 3.2.cmd.exe.36f00c8.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
                Source: 11.2.cmd.exe.5d200c8.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: 11.2.cmd.exe.5d200c8.7.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 11.2.cmd.exe.5d200c8.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
                Source: 3.2.cmd.exe.36f00c8.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: 3.2.cmd.exe.36f00c8.6.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 3.2.cmd.exe.36f00c8.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
                Source: 11.2.cmd.exe.5d200c8.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: 11.2.cmd.exe.5d200c8.7.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: 11.2.cmd.exe.5d200c8.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
                Source: 0000000B.00000002.277689055.0000000005D20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: 00000006.00000002.310064498.0000000000454000.00000002.00000001.01000000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: 00000003.00000002.246155492.00000000036F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: 0000000D.00000002.341504013.0000000000454000.00000002.00000001.01000000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: Process Memory Space: cmd.exe PID: 6852, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: Process Memory Space: explorer.exe PID: 7124, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: Process Memory Space: cmd.exe PID: 6540, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: Process Memory Space: explorer.exe PID: 2996, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: C:\Users\user\AppData\Local\Temp\xdu, type: DROPPEDMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: C:\Users\user\AppData\Local\Temp\xdu, type: DROPPEDMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: C:\Users\user\AppData\Local\Temp\xdu, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
                Source: C:\Users\user\AppData\Local\Temp\hqwohppjiane, type: DROPPEDMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                Source: C:\Users\user\AppData\Local\Temp\hqwohppjiane, type: DROPPEDMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                Source: C:\Users\user\AppData\Local\Temp\hqwohppjiane, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer author = ditekSHen, description = detects Windows exceutables potentially bypassing UAC using eventvwr.exe
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 1_2_0050EC901_2_0050EC90
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 9_2_0050EC909_2_0050EC90
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 9_2_00B861809_2_00B86180
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 9_2_00B861D99_2_00B861D9
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 9_2_00B762A09_2_00B762A0
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 9_2_00B6A2709_2_00B6A270
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 9_2_00B862499_2_00B86249
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 9_2_00BC03F09_2_00BC03F0
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 9_2_00BB64409_2_00BB6440
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 9_2_00B866999_2_00B86699
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 9_2_00B9A6309_2_00B9A630
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 9_2_00B5A6409_2_00B5A640
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 9_2_00B866409_2_00B86640
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 9_2_00B847809_2_00B84780
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 9_2_00B8A7109_2_00B8A710
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 9_2_00BD27109_2_00BD2710
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 9_2_00B867099_2_00B86709
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: String function: 00416740 appears 320 times
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: String function: 004167C0 appears 54 times
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: String function: 004B77A0 appears 202 times
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: String function: 0041DE10 appears 38 times
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: String function: 0040EF00 appears 32 times
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: String function: 004888D0 appears 36 times
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: String function: 004B76D0 appears 72 times
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: String function: 0041A3B0 appears 84 times
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: String function: 00BDD568 appears 166 times
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: String function: 004065A0 appears 38 times
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: String function: 0047BCF0 appears 282 times
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: String function: 0040EA00 appears 64 times
                Source: CrashRpt.dll.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                Source: VqBVE8dJEA.exe, 00000000.00000000.183030236.00000000007E0000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameXCVault.exeD vs VqBVE8dJEA.exe
                Source: VqBVE8dJEA.exeBinary or memory string: OriginalFilenameXCVault.exeD vs VqBVE8dJEA.exe
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeSection loaded: cxcore099.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeSection loaded: cv099.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeSection loaded: highgui099.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeSection loaded: cxcore099.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeSection loaded: cv099.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeSection loaded: highgui099.dllJump to behavior
                Source: VqBVE8dJEA.exeStatic PE information: invalid certificate
                Source: VqBVE8dJEA.exeVirustotal: Detection: 9%
                Source: C:\Users\user\Desktop\VqBVE8dJEA.exeFile read: C:\Users\user\Desktop\VqBVE8dJEA.exeJump to behavior
                Source: VqBVE8dJEA.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\VqBVE8dJEA.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\VqBVE8dJEA.exe C:\Users\user\Desktop\VqBVE8dJEA.exe
                Source: C:\Users\user\Desktop\VqBVE8dJEA.exeProcess created: C:\Users\user\AppData\Roaming\wininet\ManyCam.exe C:\Users\user\AppData\Roaming\wininet\ManyCam.exe
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To function properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\wininet\ManyCam.exe
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\wininet\ManyCam.exe "C:\Users\user\AppData\Roaming\wininet\ManyCam.exe"
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To function properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\wininet\ManyCam.exe
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe
                Source: C:\Users\user\Desktop\VqBVE8dJEA.exeProcess created: C:\Users\user\AppData\Roaming\wininet\ManyCam.exe C:\Users\user\AppData\Roaming\wininet\ManyCam.exeJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To function properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\wininet\ManyCam.exeJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To function properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\wininet\ManyCam.exeJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
                Source: pngvfwlqwp.3.drLNK file: ..\..\Roaming\wininet\ManyCam.exe
                Source: C:\Users\user\Desktop\VqBVE8dJEA.exeFile created: C:\Users\user\AppData\Roaming\JAMVTYDFCGJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeFile created: C:\Users\user\AppData\Local\Temp\a542cd20Jump to behavior
                Source: classification engineClassification label: mal100.troj.evad.winEXE@18/14@3/3
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 1_2_004B2100 CoCreateInstance,1_2_004B2100
                Source: C:\Windows\SysWOW64\cmd.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 1_2_004B7920 GetLastError,FormatMessageW,GlobalFree,1_2_004B7920
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6592:120:WilError_01
                Source: C:\Users\user\Desktop\VqBVE8dJEA.exeMutant created: \Sessions\1\BaseNamedObjects\s.dscrt.mks.--.2.0.1A60
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6860:120:WilError_01
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 1_2_00488A00 FindResourceW,GetLastError,SizeofResource,GetLastError,GetLastError,1_2_00488A00
                Source: VqBVE8dJEA.exeString found in binary or memory: /AddKeys filename [/S] [/M] [/R]
                Source: VqBVE8dJEA.exeString found in binary or memory: /AddKeyData "<key>" [/M] [/S] [/R]
                Source: VqBVE8dJEA.exeString found in binary or memory: /Install
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
                Source: C:\Users\user\Desktop\VqBVE8dJEA.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\VqBVE8dJEA.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: VqBVE8dJEA.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
                Source: VqBVE8dJEA.exeStatic file information: File size 3742080 > 1048576
                Source: VqBVE8dJEA.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x28b600
                Source: VqBVE8dJEA.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                Source: VqBVE8dJEA.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                Source: VqBVE8dJEA.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                Source: VqBVE8dJEA.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: VqBVE8dJEA.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                Source: VqBVE8dJEA.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                Source: VqBVE8dJEA.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                Source: VqBVE8dJEA.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: F:\Development\pdfxchange\Editor\_build\Release.Win32\XCVault.pdb,- source: VqBVE8dJEA.exe
                Source: Binary string: d:\branch_2.5\bin\cximagecrt.pdb0 source: ManyCam.exe, 00000001.00000002.195885940.0000000010062000.00000002.00000001.01000000.00000006.sdmp, ManyCam.exe, 00000009.00000002.239044441.0000000010062000.00000002.00000001.01000000.00000006.sdmp, cximagecrt.dll.0.dr
                Source: Binary string: d:\branch_2.5\bin\cximagecrt.pdb source: ManyCam.exe, 00000001.00000002.195885940.0000000010062000.00000002.00000001.01000000.00000006.sdmp, ManyCam.exe, 00000009.00000002.239044441.0000000010062000.00000002.00000001.01000000.00000006.sdmp, cximagecrt.dll.0.dr
                Source: Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb8` source: ManyCam.exe, 00000001.00000002.195282409.0000000001D8D000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000009.00000002.238830119.0000000000D5D000.00000002.00000001.01000000.0000000B.sdmp, highgui099.dll.0.dr
                Source: Binary string: c:\Program Files\OpenCV\bin\cxcore099.pdb source: ManyCam.exe, 00000001.00000002.195228773.0000000001D01000.00000002.00000001.01000000.00000009.sdmp, ManyCam.exe, 00000009.00000002.238753795.0000000000CC1000.00000002.00000001.01000000.00000009.sdmp, cxcore099.dll.0.dr
                Source: Binary string: diaLocatePDB-> Looking for %s... %s%s.pdbFPOPDATAXDATAOMAPFROMOMAPTO$$$IP not set! source: ManyCam.exe, 00000001.00000002.195938679.000000006D511000.00000020.00000001.01000000.00000008.sdmp, ManyCam.exe, 00000009.00000002.239058853.000000006D511000.00000020.00000001.01000000.00000008.sdmp, dbghelp.dll.0.dr
                Source: Binary string: wntdll.pdbUGP source: ManyCam.exe, 00000001.00000002.195731485.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246211120.0000000005680000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246176022.0000000005354000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310173988.0000000004BF0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310148781.00000000048CD000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238987805.0000000003ACE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277620151.000000000555E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277649555.0000000005880000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341659795.0000000005690000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341629480.0000000005370000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: ManyCam.exe, 00000001.00000002.195731485.0000000003ECC000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246211120.0000000005680000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246176022.0000000005354000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310173988.0000000004BF0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310148781.00000000048CD000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238987805.0000000003ACE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277620151.000000000555E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277649555.0000000005880000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341659795.0000000005690000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341629480.0000000005370000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb source: ManyCam.exe, 00000001.00000002.195282409.0000000001D8D000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000009.00000002.238830119.0000000000D5D000.00000002.00000001.01000000.0000000B.sdmp, highgui099.dll.0.dr
                Source: Binary string: c:\Program Files\OpenCV\bin\cxcore099.pdbu source: ManyCam.exe, 00000001.00000002.195228773.0000000001D01000.00000002.00000001.01000000.00000009.sdmp, ManyCam.exe, 00000009.00000002.238753795.0000000000CC1000.00000002.00000001.01000000.00000009.sdmp, cxcore099.dll.0.dr
                Source: Binary string: c:\Program Files\OpenCV\bin\cv099.pdb source: ManyCam.exe, 00000001.00000002.195139991.0000000000C2F000.00000002.00000001.01000000.0000000A.sdmp, ManyCam.exe, 00000009.00000002.238720189.0000000000BDF000.00000002.00000001.01000000.0000000A.sdmp, cv099.dll.0.dr
                Source: Binary string: d:\branch_2.5\Bin\CrashRpt.pdb source: ManyCam.exe, 00000001.00000002.195431442.0000000002012000.00000002.00000001.01000000.00000007.sdmp, ManyCam.exe, 00000009.00000002.238956185.0000000002012000.00000002.00000001.01000000.00000007.sdmp, CrashRpt.dll.0.dr
                Source: Binary string: d:\branch_2.5\bin\ManyCam.pdb source: ManyCam.exe, 00000001.00000000.193835713.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.dr
                Source: Binary string: F:\Development\pdfxchange\Editor\_build\Release.Win32\XCVault.pdb source: VqBVE8dJEA.exe
                Source: Binary string: dbghelp.pdb source: ManyCam.exe, 00000001.00000002.195938679.000000006D511000.00000020.00000001.01000000.00000008.sdmp, ManyCam.exe, 00000009.00000002.239058853.000000006D511000.00000020.00000001.01000000.00000008.sdmp, dbghelp.dll.0.dr
                Source: VqBVE8dJEA.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: VqBVE8dJEA.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: VqBVE8dJEA.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: VqBVE8dJEA.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: VqBVE8dJEA.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 1_2_005242D1 push ecx; ret 1_2_005242E4
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 9_2_005242D1 push ecx; ret 9_2_005242E4
                Source: xdu.3.drStatic PE information: section name: cahgwl
                Source: hqwohppjiane.11.drStatic PE information: section name: cahgwl
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 1_2_0052309D IsProcessorFeaturePresent,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,InterlockedCompareExchange,GetProcessHeap,HeapFree,1_2_0052309D
                Source: xdu.3.drStatic PE information: real checksum: 0x0 should be: 0x84fe0
                Source: VqBVE8dJEA.exeStatic PE information: real checksum: 0x39f8c7 should be: 0x396feb
                Source: hqwohppjiane.11.drStatic PE information: real checksum: 0x0 should be: 0x84fe0
                Source: cximagecrt.dll.0.drStatic PE information: real checksum: 0x82161 should be: 0x7d1d7
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\xduJump to dropped file
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\hqwohppjianeJump to dropped file
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\hqwohppjianeJump to dropped file
                Source: C:\Users\user\Desktop\VqBVE8dJEA.exeFile created: C:\Users\user\AppData\Roaming\wininet\highgui099.dllJump to dropped file
                Source: C:\Users\user\Desktop\VqBVE8dJEA.exeFile created: C:\Users\user\AppData\Roaming\wininet\cxcore099.dllJump to dropped file
                Source: C:\Users\user\Desktop\VqBVE8dJEA.exeFile created: C:\Users\user\AppData\Roaming\wininet\CrashRpt.dllJump to dropped file
                Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\xduJump to dropped file
                Source: C:\Users\user\Desktop\VqBVE8dJEA.exeFile created: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeJump to dropped file
                Source: C:\Users\user\Desktop\VqBVE8dJEA.exeFile created: C:\Users\user\AppData\Roaming\wininet\cximagecrt.dllJump to dropped file
                Source: C:\Users\user\Desktop\VqBVE8dJEA.exeFile created: C:\Users\user\AppData\Roaming\wininet\cv099.dllJump to dropped file
                Source: C:\Users\user\Desktop\VqBVE8dJEA.exeFile created: C:\Users\user\AppData\Roaming\wininet\dbghelp.dllJump to dropped file

                Hooking and other Techniques for Hiding and Protection

                barindex
                Found hidden mapped module (file has been removed from disk)
                Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\XDU
                Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\HQWOHPPJIANE
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Contain functionality to detect virtual machines
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: CvBoxFilter::init CvBoxFilter::init CvBoxFilter::init CvBoxFilter::init CvBoxFilter::init CvBoxFilter::init CvBoxFilter::init 9_2_00B9A3E0
                Source: C:\Users\user\Desktop\VqBVE8dJEA.exe TID: 6808Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeMemory allocated: 3DA0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeMemory allocated: 38F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\VqBVE8dJEA.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 1_2_004164A0 lstrlenW,FindFirstFileW,GetFullPathNameW,SetLastError,1_2_004164A0
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 9_2_004164A0 lstrlenW,FindFirstFileW,GetFullPathNameW,SetLastError,9_2_004164A0
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                Source: explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com0
                Source: explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0
                Source: explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1!0
                Source: VqBVE8dJEA.exe, 00000000.00000003.187244034.0000000000AC5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0/
                Source: explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1
                Source: explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.0
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 1_2_00523722 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,1_2_00523722
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 1_2_0052309D IsProcessorFeaturePresent,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,InterlockedCompareExchange,GetProcessHeap,HeapFree,1_2_0052309D
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 1_2_00523077 GetProcessHeap,HeapFree,1_2_00523077
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 1_2_00523722 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,1_2_00523722
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 9_2_00523722 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,9_2_00523722

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Maps a DLL or memory area into another process
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeSection loaded: C:\Windows\SysWOW64\mshtml.dll target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: C:\Users\user\AppData\Local\Temp\xdu target: C:\Windows\SysWOW64\explorer.exe protection: read writeJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeSection loaded: C:\Windows\SysWOW64\mshtml.dll target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeSection loaded: C:\Users\user\AppData\Local\Temp\hqwohppjiane target: C:\Windows\SysWOW64\explorer.exe protection: read writeJump to behavior
                Writes to foreign memory regions
                Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 10BF380Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 400000Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 10BF380Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 400000Jump to behavior
                Injects code into the Windows Explorer (explorer.exe)
                Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 7124 base: 10BF380 value: 55Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 7124 base: 400000 value: 00Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 2996 base: 10BF380 value: 55Jump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 2996 base: 400000 value: 00Jump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to function properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\roaming\wininet\manycam.exe
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to function properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\roaming\wininet\manycam.exe
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to function properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\roaming\wininet\manycam.exeJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to function properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\roaming\wininet\manycam.exeJump to behavior
                Source: C:\Users\user\Desktop\VqBVE8dJEA.exeProcess created: C:\Users\user\AppData\Roaming\wininet\ManyCam.exe C:\Users\user\AppData\Roaming\wininet\ManyCam.exeJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
                Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 1_2_00524748 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,1_2_00524748
                Source: C:\Users\user\AppData\Roaming\wininet\ManyCam.exeCode function: 1_2_004170D0 memset,GetVersionExW,1_2_004170D0

                Stealing of Sensitive Information

                barindex
                Yara detected Remcos RAT
                Source: Yara matchFile source: 3.2.cmd.exe.36f00c8.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 11.2.cmd.exe.5d200c8.7.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.cmd.exe.36f00c8.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 11.2.cmd.exe.5d200c8.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000B.00000002.277689055.0000000005D20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.310064498.0000000000454000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.246155492.00000000036F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.341504013.0000000000454000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 6852, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 7124, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 6540, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 2996, type: MEMORYSTR
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\xdu, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\hqwohppjiane, type: DROPPED

                Remote Access Functionality

                barindex
                Yara detected Remcos RAT
                Source: Yara matchFile source: 3.2.cmd.exe.36f00c8.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 11.2.cmd.exe.5d200c8.7.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.cmd.exe.36f00c8.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 11.2.cmd.exe.5d200c8.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000B.00000002.277689055.0000000005D20000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.310064498.0000000000454000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.246155492.00000000036F0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.341504013.0000000000454000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 6852, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 7124, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 6540, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: explorer.exe PID: 2996, type: MEMORYSTR
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\xdu, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\hqwohppjiane, type: DROPPED

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid Accounts12
                Command and Scripting Interpreter                		11
                DLL Side-Loading                		311
                Process Injection                		11
                Masquerading                		1
                Input Capture                		1
                System Time Discovery                		Remote Services1
                Email Collection                		Exfiltration Over Other Network Medium11
                Encrypted Channel                		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                Default Accounts1
                Native API                		Boot or Logon Initialization Scripts11
                DLL Side-Loading                		12
                Virtualization/Sandbox Evasion                		LSASS Memory221
                Security Software Discovery                		Remote Desktop Protocol1
                Input Capture                		Exfiltration Over Bluetooth1
                Ingress Tool Transfer                		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)311
                Process Injection                		Security Account Manager12
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares11
                Archive Collected Data                		Automated Exfiltration2
                Non-Application Layer Protocol                		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
                Deobfuscate/Decode Files or Information                		NTDS1
                Process Discovery                		Distributed Component Object ModelInput CaptureScheduled Transfer13
                Application Layer Protocol                		SIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
                Obfuscated Files or Information                		LSA Secrets1
                Remote System Discovery                		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                Replication Through Removable MediaLaunchdRc.commonRc.common11
                DLL Side-Loading                		Cached Domain Credentials3
                File and Directory Discovery                		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync13
                System Information Discovery                		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 signatures2 2 Behavior Graph ID: 1308691 Sample: VqBVE8dJEA.exe Startdate: 15/09/2023 Architecture: WINDOWS Score: 100 55 Multi AV Scanner detection for domain / URL 2->55 57 Found malware configuration 2->57 59 Malicious sample detected (through community Yara rule) 2->59 61 7 other signatures 2->61 8 VqBVE8dJEA.exe 12 2->8         started        12 ManyCam.exe 1 2->12         started        process3 dnsIp4 49 ipv4.imgur.map.fastly.net 146.75.28.193, 443, 49712 SCCGOVUS Sweden 8->49 51 wwf.org 104.18.6.142, 443, 49710 CLOUDFLARENETUS United States 8->51 53 2 other IPs or domains 8->53 41 C:\Users\user\AppData\...\highgui099.dll, PE32 8->41 dropped 43 C:\Users\user\AppData\...\cximagecrt.dll, PE32 8->43 dropped 45 C:\Users\user\AppData\...\cxcore099.dll, PE32 8->45 dropped 47 4 other files (3 malicious) 8->47 dropped 15 ManyCam.exe 1 8->15         started        71 Maps a DLL or memory area into another process 12->71 18 cmd.exe 2 12->18         started        21 pcaui.exe 12->21         started        file5 signatures6 process7 file8 73 Contain functionality to detect virtual machines 15->73 75 Maps a DLL or memory area into another process 15->75 23 cmd.exe 4 15->23         started        27 pcaui.exe 15->27         started        37 C:\Users\user\AppData\Local\...\hqwohppjiane, PE32 18->37 dropped 77 Injects code into the Windows Explorer (explorer.exe) 18->77 79 Writes to foreign memory regions 18->79 29 conhost.exe 18->29         started        31 explorer.exe 18->31         started        signatures9 process10 file11 39 C:\Users\user\AppData\Local\Temp\xdu, PE32 23->39 dropped 63 Injects code into the Windows Explorer (explorer.exe) 23->63 65 Writes to foreign memory regions 23->65 67 Found hidden mapped module (file has been removed from disk) 23->67 69 Maps a DLL or memory area into another process 23->69 33 conhost.exe 23->33         started        35 explorer.exe 23->35         started        signatures12 process13

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                VqBVE8dJEA.exe4%ReversingLabs
                VqBVE8dJEA.exe10%VirustotalBrowse

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Temp\xdu100%AviraBDS/Backdoor.Gen
                C:\Users\user\AppData\Local\Temp\hqwohppjiane100%AviraBDS/Backdoor.Gen
                C:\Users\user\AppData\Local\Temp\xdu100%Joe Sandbox ML
                C:\Users\user\AppData\Local\Temp\hqwohppjiane100%Joe Sandbox ML
                C:\Users\user\AppData\Local\Temp\hqwohppjiane96%ReversingLabsWin32.Trojan.Remcos
                C:\Users\user\AppData\Local\Temp\hqwohppjiane77%VirustotalBrowse
                C:\Users\user\AppData\Local\Temp\xdu96%ReversingLabsWin32.Trojan.Remcos
                C:\Users\user\AppData\Local\Temp\xdu77%VirustotalBrowse
                C:\Users\user\AppData\Roaming\wininet\CrashRpt.dll0%ReversingLabs
                C:\Users\user\AppData\Roaming\wininet\CrashRpt.dll0%VirustotalBrowse
                C:\Users\user\AppData\Roaming\wininet\ManyCam.exe0%ReversingLabs
                C:\Users\user\AppData\Roaming\wininet\ManyCam.exe0%VirustotalBrowse
                C:\Users\user\AppData\Roaming\wininet\cv099.dll0%ReversingLabs
                C:\Users\user\AppData\Roaming\wininet\cv099.dll0%VirustotalBrowse
                C:\Users\user\AppData\Roaming\wininet\cxcore099.dll0%ReversingLabs
                C:\Users\user\AppData\Roaming\wininet\cxcore099.dll0%VirustotalBrowse
                C:\Users\user\AppData\Roaming\wininet\cximagecrt.dll0%ReversingLabs
                C:\Users\user\AppData\Roaming\wininet\cximagecrt.dll0%VirustotalBrowse
                C:\Users\user\AppData\Roaming\wininet\dbghelp.dll0%ReversingLabs
                C:\Users\user\AppData\Roaming\wininet\dbghelp.dll0%VirustotalBrowse
                C:\Users\user\AppData\Roaming\wininet\highgui099.dll0%ReversingLabs
                C:\Users\user\AppData\Roaming\wininet\highgui099.dll0%VirustotalBrowse

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                wwf.org0%VirustotalBrowse
                ipv4.imgur.map.fastly.net0%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                https://wwf.org/0%Avira URL Cloudsafe
                http://www.manycam.com00%Avira URL Cloudsafe
                https://api.freshaddress.biz/js/lib/freshaddress-client-7.0.min.js?token=6075cbbd36a1f0f92cddb5954150%Avira URL Cloudsafe
                http://download.manycam.comVerdanaThis0%Avira URL Cloudsafe
                http://www.manycam.comhttp://manycam.com/feedback/?version=%sAnchor0%Avira URL Cloudsafe
                http://download.manycam.comNew0%Avira URL Cloudsafe
                https://wwf.org/0%VirustotalBrowse
                servicios.disenospublici.info100%Avira URL Cloudmalware
                https://wwf.orgmsg.activateKeysRes.allKeysActivatedmsg.activateKeysRes.keyActivatedmsg.activateKeysR0%Avira URL Cloudsafe
                servicios.disenospublici.info13%VirustotalBrowse

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.worldwildlife.org
                		104.18.6.94
                		truefalse
                  		high
                  wwf.org
                  		104.18.6.142
                  		truefalseunknown
                  ipv4.imgur.map.fastly.net
                  		146.75.28.193
                  		truefalseunknown
                  i.imgur.com
                  		unknown
                  		unknownfalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://i.imgur.com/unqTcwu.pngfalse
                      		high
                      https://www.worldwildlife.org/?utm_campaign=301-redirects&utm_source=wwf.org&utm_medium=referral&utm_content=wwf.orgfalse
                        		high
                        https://wwf.org/false
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        		unknown
                        servicios.disenospublici.infotrue
                        • 13%, Virustotal, Browse
                        • Avira URL Cloud: malware
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://download.manycam.com/effects/%s/%s?v=%sManyCam.exefalse
                          		high
                          http://www.manycam.com/codecManyCam.exe, ManyCam.exe, 00000009.00000000.237650488.00000000005A4000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drfalse
                            		high
                            http://xml.org/sax/features/namespacesschema-validationlcidlcodelenamellnameproducttsVqBVE8dJEA.exefalse
                              		high
                              http://www.vmware.com/0ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.manycam.com/codecVerdanaThisManyCam.exe, 00000001.00000000.193835713.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drfalse
                                  		high
                                  http://manycam.com/help/effectsManyCam.exe, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drfalse
                                    		high
                                    https://www.worldwildlife.org/pages/state-disclosuresVqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmp, VqBVE8dJEA.exe, 00000000.00000003.187244034.0000000000A91000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.tracker-software.com/store/activate-serial-key0123456789ABCDEFuuuuuuuubtnufruuuuuuuuuuuuVqBVE8dJEA.exefalse
                                        		high
                                        http://www.vmware.com/0/ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.worldwildlife.org/VqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmp, VqBVE8dJEA.exe, 00000000.00000003.187244034.0000000000AC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://download.manycam.com/effects/%s/%s?v=%sBackgroundsDynamicDynamicManyCam.exe, 00000001.00000000.193835713.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drfalse
                                              		high
                                              https://www.worldwildlife.org/storiesVqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.worldwildlife.org/about/VqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.symauth.com/cps0(ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.manycam.comManyCam.exe, ManyCam.exe, 00000009.00000000.237650488.00000000005A4000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drfalse
                                                      		high
                                                      http://manycam.com/upload_effect?filepath=ManyCam.exefalse
                                                        		high
                                                        https://www.worldwildlife.org/pages/privacy-policyVqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmp, VqBVE8dJEA.exe, 00000000.00000003.187244034.0000000000A91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.manycam.com/codecVerdanaToManyCam.exe, 00000001.00000000.193835713.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drfalse
                                                            		high
                                                            https://fca7603378a4e3ebeab2-4e03b1ac88f27f7b20b4cf232f717383.ssl.cf1.rackcdn.com/photos/social/landVqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.worldwildlife.org/about/historyVqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.manycam.com/help/effects/snapshot/theseManyCam.exe, 00000001.00000000.193835713.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drfalse
                                                                  		high
                                                                  http://www.symauth.com/rpa00ManyCam.exe, 00000001.00000002.195510592.0000000003819000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.000000000364A000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.00000000047C8000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001F0E000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.000000000383F000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.00000000038BE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://manycam.com/upload_effect?filepath=ManyCamManyCam.exe, 00000001.00000000.193835713.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drfalse
                                                                      		high
                                                                      https://www.worldwildlife.org/leadersVqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://api.freshaddress.biz/js/lib/freshaddress-client-7.0.min.js?token=6075cbbd36a1f0f92cddb595415VqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmp, VqBVE8dJEA.exe, 00000000.00000003.187244034.0000000000A91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.manycam.com0CrashRpt.dll.0.dr, ManyCam.exe.0.dr, cximagecrt.dll.0.drfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://download.manycam.comVerdanaThisManyCam.exe, 00000001.00000000.193835713.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.info-zip.org/ManyCam.exe, 00000001.00000002.195510592.00000000037C6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000003.00000002.246131149.0000000003603000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000006.00000002.310127867.0000000004781000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000009.00000002.238925356.0000000001EBB000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000B.00000002.277580263.00000000037F8000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000D.00000002.341563260.0000000003877000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://cdnjs.cloudflare.com/ajax/libs/luminateExtend/1.8.3/luminateExtend.min.jsVqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmp, VqBVE8dJEA.exe, 00000000.00000003.187244034.0000000000A91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://download.manycam.comManyCam.exe, 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237650488.00000000005A4000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drfalse
                                                                              		high
                                                                              http://www.manycam.comhttp://manycam.com/feedback/?version=%sAnchorManyCam.exe, 00000001.00000000.193835713.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://download.manycam.com/effects/%s/%s?v=%sManyCamManyCam.exe, 00000001.00000000.193835713.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drfalse
                                                                                		high
                                                                                http://download.manycam.comNewManyCam.exe, 00000001.00000000.193835713.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000000.237638959.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe.0.drfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.worldwildlife.org/pages/our-valuesVqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.worldwildlife.org/magazineVqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.worldwildlife.org/pages/site-termsVqBVE8dJEA.exe, 00000000.00000003.187240135.0000000002DBB000.00000004.00000020.00020000.00000000.sdmp, VqBVE8dJEA.exe, 00000000.00000003.187244034.0000000000A91000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://manycam.com/feedback/?version=%sManyCam.exefalse
                                                                                        		high
                                                                                        https://wwf.orgmsg.activateKeysRes.allKeysActivatedmsg.activateKeysRes.keyActivatedmsg.activateKeysRVqBVE8dJEA.exefalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown

                                                                                        World Map of Contacted IPs

                                                                                        • No. of IPs < 25%
                                                                                        • 25% < No. of IPs < 50%
                                                                                        • 50% < No. of IPs < 75%
                                                                                        • 75% < No. of IPs

                                                                                        Public IPs

                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                        104.18.6.142
                                                                                        		wwf.orgUnited States
                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                        104.18.6.94
                                                                                        		www.worldwildlife.orgUnited States
                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                        146.75.28.193
                                                                                        		ipv4.imgur.map.fastly.netSweden
                                                                                        		30051SCCGOVUSfalse

                                                                                        General Information

                                                                                        Joe Sandbox Version:38.0.0 Beryl
                                                                                        Analysis ID:1308691
                                                                                        Start date and time:2023-09-15 05:49:08 +02:00
                                                                                        Joe Sandbox Product:CloudBasic
                                                                                        Overall analysis duration:0h 7m 50s
                                                                                        Hypervisor based Inspection enabled:false
                                                                                        Report type:full
                                                                                        Cookbook file name:default.jbs
                                                                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                        Number of analysed new started processes analysed:38
                                                                                        Number of new started drivers analysed:0
                                                                                        Number of existing processes analysed:0
                                                                                        Number of existing drivers analysed:0
                                                                                        Number of injected processes analysed:0
                                                                                        Technologies:
                                                                                        • HCA enabled
                                                                                        • EGA enabled
                                                                                        • HDC enabled
                                                                                        • AMSI enabled
                                                                                        Analysis Mode:default
                                                                                        Analysis stop reason:Timeout
                                                                                        Sample file name:VqBVE8dJEA.exe
                                                                                        Original Sample Name:297dc90d62648d3f034db5ebb2e583f7.exe
                                                                                        Detection:MAL
                                                                                        Classification:mal100.troj.evad.winEXE@18/14@3/3
                                                                                        EGA Information:Failed
                                                                                        HDC Information:Failed
                                                                                        HCA Information:Failed
                                                                                        Cookbook Comments:
                                                                                        • Found application associated with file extension: .exe

                                                                                        Warnings

                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, audiodg.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                        • Excluded domains from analysis (whitelisted): kv601.prod.do.dsp.mp.microsoft.com, geover.prod.do.dsp.mp.microsoft.com, client.wns.windows.com, fs.microsoft.com, geo.prod.do.dsp.mp.microsoft.com, tse1.mm.bing.net, displaycatalog.mp.microsoft.com, arc.msn.com
                                                                                        • Execution Graph export aborted for target ManyCam.exe, PID 6404 because there are no executed function
                                                                                        • Execution Graph export aborted for target ManyCam.exe, PID 6816 because there are no executed function
                                                                                        • Execution Graph export aborted for target VqBVE8dJEA.exe, PID 6752 because there are no executed function
                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                        Simulations

                                                                                        Behavior and APIs

                                                                                        TimeTypeDescription
                                                                                        05:49:51API Interceptor3x Sleep call for process: VqBVE8dJEA.exe modified
                                                                                        05:49:54API Interceptor2x Sleep call for process: ManyCam.exe modified
                                                                                        05:50:06AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KBDTIPRD.lnk
                                                                                        05:50:18API Interceptor4x Sleep call for process: cmd.exe modified

                                                                                        Created / dropped Files

                                                                                        C:\Users\user\AppData\Local\Temp\a542cd20

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Roaming\wininet\ManyCam.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):918960
                                                                                        Entropy (8bit):7.749870075267247
                                                                                        Encrypted:false
                                                                                        SSDEEP:24576:A7+SSdIRlXbb/u9uPqATrN9ZHwfLdaJEvzprTLPPAOKNX+nTg4lH1gtAFl7sM54m:E+Jdql2AJA8FrVm
                                                                                        MD5:BA524E35A867D7FD5C8D0DA2B4B92384
                                                                                        SHA1:87C08CB8C79F39FB2CC4A0BEBA8FBCB588F924AB
                                                                                        SHA-256:1BDADD0142A434611CCED8A0C10209136D0C480A315C534BE4EA707FDF9213DF
                                                                                        SHA-512:A22A1F30FE8352FF7CA0B4E5C1494292D2C40A5C4C413D9AA5E713AE7846CC67BFBC79A40BBA9A7B5FE0074F77AC26DF208684913E0FDA199FB434C2A2B677CE
                                                                                        Malicious:false
                                                                                        Reputation:low
                                                                                        Preview:T1t.V1t.W1t.W1t.V1t..1t.C1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.rp$..p .rm9.4C..8W...X..8F...E..#.9.9D(.%^..6\...E..#D..W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t..^=.>E..;X...It.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t..^7.2P..._..6_..W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.rf=..x&..|..%^..1EZ..e(.%P.. ^..W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.!.Z.y.D.e.t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.

                                                                                        C:\Users\user\AppData\Local\Temp\a7de6fda

                                                                                        Download File
                                                                                        Process:C:\Users\user\AppData\Roaming\wininet\ManyCam.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):918960
                                                                                        Entropy (8bit):7.749873646071228
                                                                                        Encrypted:false
                                                                                        SSDEEP:24576:S7+SSdIRlXbb/u9uPqATrN9ZHwfLdaJEvzprTLPPAOKNX+nTg4lH1gtAFl7sM54m:q+Jdql2AJA8FrVm
                                                                                        MD5:1106FE0C06D8C3C9664E56C1C180313A
                                                                                        SHA1:E0E786CDEBE5EFE119B614275101D46C3467C957
                                                                                        SHA-256:F282A16928501C840F2A42D74D8CCFD23FF6115660BF336DC05EFD19D506EE24
                                                                                        SHA-512:C9033B37798D5C9176BF4CD41DF10D7894DA39977911100D37BE91A4C512D72DC90EF6822B6BC8648DD411F8E2DD3223003ADD7BB1D8D7EA69343B1BCFDA5C86
                                                                                        Malicious:false
                                                                                        Reputation:low
                                                                                        Preview:T1t.V1t.W1t.W1t.V1t..1t.C1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.rp$..p .rm9.4C..8W...X..8F...E..#.9.9D(.%^..6\...E..#D..W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t..^=.>E..;X...It.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t..^7.2P..._..6_..W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.rf=..x&..|..%^..1EZ..e(.%P.. ^..W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.!.Z.y.D.e.t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.W1t.

                                                                                        C:\Users\user\AppData\Local\Temp\hqwohppjiane

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):481280
                                                                                        Entropy (8bit):6.566944902002387
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:esrjeS3UVprYfELtx6uz6s3Q4KsfZ2QtS6dJ:DHeaUVxYVuzB3hZp0aJ
                                                                                        MD5:AAB4202DF015B85A2BF13442C4A58165
                                                                                        SHA1:852AA74DB45142A59498D5E9AD29D2A1B10D6F66
                                                                                        SHA-256:A12DCA9E3EACD0A5997ADB1EF446E3AECB5A8778BCB554D505B3EEDC32C2798B
                                                                                        SHA-512:5BF5A00692042B52E76A39FCDFA00209885699041CCF25873E4270784161C303F49711B2C30EAA9F8CECDCF0B36E07310C63447B3D4884A8F0BA39F72910E30E
                                                                                        Malicious:true
                                                                                        Yara Hits:
                                                                                        • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: C:\Users\user\AppData\Local\Temp\hqwohppjiane, Author: Joe Security
                                                                                        • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\hqwohppjiane, Author: unknown
                                                                                        • Rule: REMCOS_RAT_variants, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\hqwohppjiane, Author: unknown
                                                                                        • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer, Description: detects Windows exceutables potentially bypassing UAC using eventvwr.exe, Source: C:\Users\user\AppData\Local\Temp\hqwohppjiane, Author: ditekSHen
                                                                                        Antivirus:
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                        • Antivirus: ReversingLabs, Detection: 96%
                                                                                        • Antivirus: Virustotal, Detection: 77%, Browse
                                                                                        Reputation:low
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........2w..\$..\$..\$-..$..\$-..$?.\$-..$..\$...$..\$.1.$..\$.._%..\$..Y%..\$..X%..\$...$..\$..]$..\$..U%.\$..$..\$..^%..\$Rich..\$................PE..L...Z7.V.................0..........=........@....@.........................................................................8........ ...K...................p...8...{..8....................|......(|..@............@...............................text............0.................. ..`.rdata...p...@...r...4..............@..@.data....?..........................@....tls................................@....gfids..0...........................@..@.rsrc....K... ...L..................@..@.reloc...8...p...:..................@..Bcahgwl... ...........@..............@...................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Local\Temp\pngvfwlqwp

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Sep 15 02:49:54 2023, mtime=Fri Sep 15 02:49:54 2023, atime=Fri Sep 15 02:49:54 2023, length=1756232, window=hide
                                                                                        Category:dropped
                                                                                        Size (bytes):872
                                                                                        Entropy (8bit):5.051955778061882
                                                                                        Encrypted:false
                                                                                        SSDEEP:12:8vAeJc443Y4CLrY//g9eJLe/Fvr6L9GEjArZrHDl7JsCjnR5jB5j7Bm:843JZo9eFetWUQAdNyOzBm
                                                                                        MD5:0A57B8E09C1299BCDD325B3C59B7C3BD
                                                                                        SHA1:FF65636F72281CE7E9FA15006AE8BA5D1D9C0F3B
                                                                                        SHA-256:3FBA4AC4E81A51D14129DE5D5DDEB510A94FF3A34E11B85B9A608C99B6F8422E
                                                                                        SHA-512:75B7407DD091C283ADC73DD3246E7CD9C69CD4218911566F7F76BA4D500C2E1E52415AB31395F9348EA94EA03F33D0B099BCA3124C575725F340D5762E8F0A56
                                                                                        Malicious:false
                                                                                        Reputation:low
                                                                                        Preview:L..................F.... ....[...............[......H.........................:..DG..Yr?.D..U..k0.&...&...........-..d.}.2...............t...CFSF..1......N....AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......N../W8......Y....................yN|.A.p.p.D.a.t.a...B.V.1...../W<...Roaming.@.......N../W<......Y....................+(..R.o.a.m.i.n.g.....V.1...../W<...wininet.@....../W<./W<......A........................w.i.n.i.n.e.t.....b.2.H.../W<. .ManyCam.exe.H....../W<./W<.....<W....................D...M.a.n.y.C.a.m...e.x.e.......a...............-.......`...........~s......C:\Users\user\AppData\Roaming\wininet\ManyCam.exe..!.....\.....\.R.o.a.m.i.n.g.\.w.i.n.i.n.e.t.\.M.a.n.y.C.a.m...e.x.e.`.......X.......610930...........!a..%.H.VZAj.......%8...........!a..%.H.VZAj.......%8..........E.......9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............

                                                                                        C:\Users\user\AppData\Local\Temp\xdu

                                                                                        Download File
                                                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):481280
                                                                                        Entropy (8bit):6.566944902002387
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:esrjeS3UVprYfELtx6uz6s3Q4KsfZ2QtS6dJ:DHeaUVxYVuzB3hZp0aJ
                                                                                        MD5:AAB4202DF015B85A2BF13442C4A58165
                                                                                        SHA1:852AA74DB45142A59498D5E9AD29D2A1B10D6F66
                                                                                        SHA-256:A12DCA9E3EACD0A5997ADB1EF446E3AECB5A8778BCB554D505B3EEDC32C2798B
                                                                                        SHA-512:5BF5A00692042B52E76A39FCDFA00209885699041CCF25873E4270784161C303F49711B2C30EAA9F8CECDCF0B36E07310C63447B3D4884A8F0BA39F72910E30E
                                                                                        Malicious:true
                                                                                        Yara Hits:
                                                                                        • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: C:\Users\user\AppData\Local\Temp\xdu, Author: Joe Security
                                                                                        • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\xdu, Author: unknown
                                                                                        • Rule: REMCOS_RAT_variants, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\xdu, Author: unknown
                                                                                        • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer, Description: detects Windows exceutables potentially bypassing UAC using eventvwr.exe, Source: C:\Users\user\AppData\Local\Temp\xdu, Author: ditekSHen
                                                                                        Antivirus:
                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                        • Antivirus: ReversingLabs, Detection: 96%
                                                                                        • Antivirus: Virustotal, Detection: 77%, Browse
                                                                                        Reputation:low
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........2w..\$..\$..\$-..$..\$-..$?.\$-..$..\$...$..\$.1.$..\$.._%..\$..Y%..\$..X%..\$...$..\$..]$..\$..U%.\$..$..\$..^%..\$Rich..\$................PE..L...Z7.V.................0..........=........@....@.........................................................................8........ ...K...................p...8...{..8....................|......(|..@............@...............................text............0.................. ..`.rdata...p...@...r...4..............@..@.data....?..........................@....tls................................@....gfids..0...........................@..@.rsrc....K... ...L..................@..@.reloc...8...p...:..................@..Bcahgwl... ...........@..............@...................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Roaming\JAMVTYDFCG\RRIKHRSTZJZVEJ

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\VqBVE8dJEA.exe
                                                                                        File Type:data
                                                                                        Category:dropped
                                                                                        Size (bytes):3973418
                                                                                        Entropy (8bit):7.860753369775905
                                                                                        Encrypted:false
                                                                                        SSDEEP:49152:rVs7vb+acYtKelGYZ/RZSIcJC9aGaBjdB2f3mDZ5BD//Fxj6XwGweKfk1QG5Zf:WG2l3ZbSIcJC9aGEb9fHp5e91QGL
                                                                                        MD5:4C6FFA1944028868A244E17FC4CD8DDD
                                                                                        SHA1:E3AD3C8A5BFFC3786CF03581AE4B2C09680E8245
                                                                                        SHA-256:FC12EEF9A5436AAFD6B32F12D6CFC3AFEA123260BB979D8126A962F4E74FBCD7
                                                                                        SHA-512:2629ADFE9DA6DEF2333979D72CCB5976B1DD759BBD7B7E75DB65041907615C7B9EDF8766DF6E7C3AD1635AB6DAC9FDD6161C7331BFF6E141B63DF861AEEC5C95
                                                                                        Malicious:false
                                                                                        Reputation:low
                                                                                        Preview:.6A..l...f..].K..f.^.f...d....0TTf.../K.@..........Be.t..j.9t........F.f.4O.^~.g......1....-...." ...7"..I....,k.yU.....R.i.C..Y-.......6...t..U...I..|:.h....e... ..^..RE........ .6......s.ty...._..)..u.-..:...s...A.....[..7...f..4..=...|:.K.YD.Se....!...h7T.~........^..#b,.7.?...SC.It.q... ..IeRJ...*9..|:.h....w9.q&7.....x.L......E.V..y.T..~..;3...|...E.........F...W. f...=.&x.>..K.1t....-..../{G....u.N..UC.p..7y.o\...._...2..4Q.......{..9.j:.5....6. ...2gmK...{..;..P/R....Y...>;.A.[AZ..1.x....iX.,~+..g..z.e..lJV..k.)H..A..Y....Hx`.m.l*..+...."../......td.7.....4...};..y.q.....v......N.]8.|.YHH..lH.bZ..pE.I.+.O./.b&.0...;. x.5D.....X~;..H..C%l.0....4.....nW.._....k.k]....R.<...KK.....0.b..t..4.:1.W...G..L......$......x.a...:Wa.fG.....8..L?V.g..8W...{........K.......r..ETvT...<Q."..k..%`V.......K=."3.)B...VI...@.@....(R..6...&.....3?.....\<.g..`i....|E^G"-P..x.y........GN.3.....p..r....J.S=.s....R.D..\....T....<b.m....:@X..z....

                                                                                        C:\Users\user\AppData\Roaming\wininet\CrashRpt.dll

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\VqBVE8dJEA.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):123976
                                                                                        Entropy (8bit):6.382577198291231
                                                                                        Encrypted:false
                                                                                        SSDEEP:3072:fzjKVg7GOfS5SqPcCXA4SQlah+8Z4OAAHWTtopW+Z:fzjKVg7GOESqPcCXxT8hhZ4OAAHW2Wa
                                                                                        MD5:B2D1F5E4A1F0E8D85F0A8AEB7B8148C7
                                                                                        SHA1:871078213FCC0CE143F518BD69CAA3156B385415
                                                                                        SHA-256:C28E0AEC124902E948C554436C0EBBEBBA9FC91C906CE2CD887FADA0C64E3386
                                                                                        SHA-512:1F6D97E02CD684CF4F4554B0E819196BD2811E19B964A680332268BCBB6DEE0E17B2B35B6E66F0FE5622DFFB0A734F39F8E49637A38E4FE7F10D3B5182B30260
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                        Reputation:low
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................W.....U.....U.............U.......U.......U.....U.....U....Rich....................PE..L.....M...........!................'........ ......................................Gb..............................P........t..........d%..............H...........`$..............................0W..@............ ...............................text...8........................... ..`.rdata../l... ...n..................@..@.data...t...........................@....rsrc...d%.......&..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Roaming\wininet\ManyCam.exe

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\VqBVE8dJEA.exe
                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):1756232
                                                                                        Entropy (8bit):6.047140524753333
                                                                                        Encrypted:false
                                                                                        SSDEEP:49152:wlkcF8MnJ6tdGeHzpNTxlSvQynZAWBM2FU+SrzcBsWLZF5:wlf8MnJ6tdGeHzpNTxlSvfnOWC6U5Ed5
                                                                                        MD5:BA699791249C311883BAA8CE3432703B
                                                                                        SHA1:F8734601F9397CB5EBB8872AF03F5B0639C2EAC6
                                                                                        SHA-256:7C4EB51A737A81C163F95B50EC54518B82FCF91389D0560E855F3E26CEC07282
                                                                                        SHA-512:6A0386424C61FBF525625EBE53BB2193ACCD51C2BE9A2527FD567D0A6E112B0D1A047D8F7266D706B726E9C41EA77496E1EDE186A5E59F5311EEEA829A302325
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                        Reputation:low
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3...R..R..R..f]..R..2...R....R....R....R....R..R..Q.....R....R....R..Rich.R..........................PE..L...e..M............................|B............@.................................f.........P......................................@..................H............................................d..@............................................text...b........................... ..`.rdata..B...........................@..@.data........P.......P..............@....rsrc........@......................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Roaming\wininet\cv099.dll

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\VqBVE8dJEA.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):679936
                                                                                        Entropy (8bit):6.674616014554414
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:dHxL34kbwAQR5+ERTJGZfnpyvhZFjtJbPbwQjtX5ooVyPMDFdqvGHjucsEUNwm/7:dzbwAQR57RJGoxjP7/2+HINwwb
                                                                                        MD5:2A8B33FEE2F84490D52A3A7C75254971
                                                                                        SHA1:16CE2B1632A17949B92CE32A6211296FEE431DCA
                                                                                        SHA-256:FAFF6A0745E1720413A028F77583FFF013C3F4682756DC717A0549F1BE3FEFC2
                                                                                        SHA-512:8DAF104582547D6B3A6D8698836E279D88AD9A870E9FDD66C319ECADA3757A3997F411976461ED30A5D24436BAA7504355B49D4ACEC2F7CDFE10E1E392E0F7FB
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                        Reputation:low
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.IO.q'..q'..q'...Y..q'.:.J..q'.:.Z..q'.:.\..q'..q&..q'.:.I.#q'.:.]..q'.:.[..q'.:._..q'.Rich.q'.........PE..L.....YM...........!.........p..........................................................................................a+......P.......,.......................T9..P...................................@...............,............................text............................... ..`.rdata..............................@..@.data...........0..................@....rsrc...,...........................@..@.reloc...:.......@... ..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Roaming\wininet\cxcore099.dll

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\VqBVE8dJEA.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):929792
                                                                                        Entropy (8bit):6.883111719944197
                                                                                        Encrypted:false
                                                                                        SSDEEP:24576:dNoLaQGpXDCfZCgs1ruSteHz3+AzEOyIrbnYyw:7msgUeTGIrbM
                                                                                        MD5:286284D4AE1C67D0D5666B1417DCD575
                                                                                        SHA1:8B8A32577051823B003C78C86054874491E9ECFA
                                                                                        SHA-256:37D9A8057D58B043AD037E9905797C215CD0832D48A29731C1687B23447CE298
                                                                                        SHA-512:2EFC47A8E104BAA13E19BEE3B3B3364DA09CEA80601BC87492DE348F1C8D61008002540BA8F0DF99B2D20E333D09EA8E097A87C97E91910D7D592D11A953917A
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                        Reputation:low
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................&......&......&............&......&......&......&.....Rich...........PE..L...w.YM...........!......... .......................................................d..................................b(......d....@..4....................P...e......................................@...............H............................text............................... ..`.rdata..b/.......0..................@..@.data........@...p...@..............@....rsrc...4....@......................@..@.reloc...g...P...p..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Roaming\wininet\cximagecrt.dll

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\VqBVE8dJEA.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):498760
                                                                                        Entropy (8bit):6.672489397026984
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:8JpqPgrHZx0Cxn0P5ASCH8aH6IAC+tHTCQ8n:8nqPgr5x0Cxn0P5ASCH8aaIACsT78n
                                                                                        MD5:63B77696B70B89EC3DD9F5FC76A9F0B0
                                                                                        SHA1:D7C9ED29DE337FE5FDD4AE7B0B2B2CBE7343EBF7
                                                                                        SHA-256:CBC02A855E37E9F410DC80476AAF2BA694F9AFF833DB777E9B891A87616561D9
                                                                                        SHA-512:46843259D71BEE8AE46FCB3D7951EB0CBC7EBE0E5A92E430357B7C34EC3482EEB06DCBBE9192BCF0B9EEDB71BFF319CBFD76B0E08F21EC9E14CB5C80ACDE4C01
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                        Reputation:low
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B2/..SA[.SA[.SA[..?[.SA[!.<[.SA[!.:[.SA[.S@[.SA[!.,[ISA[!./["SA[!.;[.SA[!.9[.SA[Rich.SA[................PE..L......M...........!.........`......]........ ......................................a!..................................#U..t...x....@..................H....P... ..p"..............................@...@............ ..X............................text............................... ..`.rdata....... ....... ..............@..@.data...<....0.......0..............@....rsrc........@.......@..............@..@.reloc..n!...P...0...P..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Roaming\wininet\dbghelp.dll

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\VqBVE8dJEA.exe
                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):489984
                                                                                        Entropy (8bit):6.620591640062086
                                                                                        Encrypted:false
                                                                                        SSDEEP:6144:p3KP8f7yHkluOutwm5ZNetC5IlhhMUyFWgQK7x5Iz4JxRRAuUzT/9cl84S683WbX:psX5ZNG2y1ycw5IGxRwVc6683WbXn
                                                                                        MD5:E458D88C71990F545EF941CD16080BAD
                                                                                        SHA1:CD24CCEC2493B64904CF3C139CD8D58D28D5993B
                                                                                        SHA-256:5EC121730240548A85B7EF1F7E30D5FDBEE153BB20DD92C2D44BF37395294EC0
                                                                                        SHA-512:B1755E3DB10B1D12D6EAFFD1D91F5CA5E0F9F8AE1350675BC44AE7A4AF4A48090A9828A8ACBBC69C5813EAC23E02576478113821CB2E04B6288E422F923B446F
                                                                                        Malicious:false
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                        Reputation:low
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$..`..`..`.....I.....b..`........k......g.....p.....a......a.....w.....a..Rich`..........PE..L.....m=...........!................5l............Qm................................................................0.......$...x....P.......................`...K..@................................................................................text............................... ..`.data...,@.......*..................@....rsrc........P......................@..@.reloc...e...`...f..................@..B..m=8...(.m=C...(.m=P.......Z...(.m=f...).m=s...........msvcrt.dll.KERNEL32.dll.NTDLL.DLL.VERSION.dll.ADVAPI32.dll.RPCRT4.dll...................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Roaming\wininet\highgui099.dll

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\VqBVE8dJEA.exe
                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                        Category:dropped
                                                                                        Size (bytes):397312
                                                                                        Entropy (8bit):6.672405371278951
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:J+7gXTkVRt1dixRtVq2EjMS2E7ETstO/:JlTeRt1dSzd4MSUTsO/
                                                                                        MD5:A354C42FCB37A50ECAD8DDE250F6119E
                                                                                        SHA1:0EB4AD5E90D28A4A8553D82CEC53072279AF1961
                                                                                        SHA-256:89DB6973F4EC5859792BCD8A50CD10DB6B847613F2CEA5ADEF740EEC141673B2
                                                                                        SHA-512:981C82F6334961C54C80009B14A0C2CD48067BAF6D502560D508BE86F5185374A422609C7FDC9A2CDE9B98A7061EFAB7FD9B1F4F421436A9112833122BC35059
                                                                                        Malicious:true
                                                                                        Antivirus:
                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                        • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                        Reputation:low
                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r|..6...6...6......4......;......5....;..n......#...6..........."......7......7......7...Rich6...........PE..L.....YM...........!.........@......y........................................ .......r.............................. K..F....9..........d........................#..`...................................................D............................text............................... ..`.rdata..f...........................@..@.data...0r...`...p...`..............@....rsrc...d...........................@..@.reloc...$.......0..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                        C:\Users\user\AppData\Roaming\wininet\selftorture.torrent

                                                                                        Download File
                                                                                        Process:C:\Users\user\Desktop\VqBVE8dJEA.exe
                                                                                        File Type:PNG image data, 423 x 597, 8-bit/color RGB, non-interlaced
                                                                                        Category:dropped
                                                                                        Size (bytes):782083
                                                                                        Entropy (8bit):7.943800447588178
                                                                                        Encrypted:false
                                                                                        SSDEEP:12288:V5URtsexnwWhtPi03eGLl1Fi3pZiFBlHfW0TjZo63NBSJ87+1EHENJ4vGCgFqHU4:sRtjxnta0jqZiFBZeQZoEN6G+WkNJ6/p
                                                                                        MD5:C47489322277418647389EDA3E92B3D0
                                                                                        SHA1:39B37BA531A63B389EDC79A9AA9E656CADEF4613
                                                                                        SHA-256:00F59B11DDF0C1057DE4D8E1C3601353FFEC35FA3A5E02E65C293A81D75FDAD3
                                                                                        SHA-512:2A0059CB5C4473F6E4C6BE003FDB874545D3598384F87E8AAA087F39305DD0BCB42D2BCB6935B3BE7716CCAE2EE6576795F4BE39A9F691FBB5AA268AED1F1634
                                                                                        Malicious:false
                                                                                        Reputation:low
                                                                                        Preview:.PNG........IHDR.......U......?.@....pHYs..........+.... .IDATx..w.[.u.q.{....`.p..a.;.nInrb;..8qrs.......%.7.K.k.-.d..6...p..8..A....?.4...%.$MK.}...8.........Z...F@..5j|n.~...Q.F..Jm.Q....W.F.......j|^`.....P.O.H.....z5j..|Q........=...Q._..._ ..s)..^..5>_.V..5j|...z5j..|Q[.j.......Q..Em.Q....W.F....U.F.../j.^..5>_.V..5j|..E..x...~.#.....wQXm.W.H.#....v.@o....4..d........q..pE..I$....Fi$.u2.2.....D.%..I.a"a....o!./.....(.0A%...|8...S4....K...&.._.R^#...x..t.._!...:<....F.%.Th._..o......;4....V...1..'.~O'Um.W...}>..jM..s.....ju..E......OG...NW..VQ...r\.oey.c.h$z...'.D..;..w....`.......R....4...vIer.9.........tZ.R.....\...x...N...Q.F;?.@&;.m.V...]..lt:.....>q..qG..%*..V....;..o._z1.yK.......I..7........._....?ov...;9.W.......CC......<0....|.....O.\X...H$..^.^..XYY9s...C..{...T.f.S..D*..<.....J.b2...Z^Y6...d*.B...y.k_[..'.&..{..]..h.&..g..<4p."..g2..D..<..p.l.:33s..}..\..J.SD"...wmm..a...A...sS(...r.<......}..~^.\....D..]wP.....@..

                                                                                        Static File Info

                                                                                        General

                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Entropy (8bit):6.6566240223028865
                                                                                        TrID:
                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                        File name:VqBVE8dJEA.exe
                                                                                        File size:3'742'080 bytes
                                                                                        MD5:297dc90d62648d3f034db5ebb2e583f7
                                                                                        SHA1:d9a23ea738c61cfd87b04d2ac1bc44eb1d27be2f
                                                                                        SHA256:bdd8f37906415bcb5b8b541376358b07517afea5cefd379b279f75155a4cdb1a
                                                                                        SHA512:18581019dd1555c777f79abb203cfced2a5c3b007e0debdd1949de75120c726ce034f47ba97dc26b52484a4fa3e0d0fe5e273f222a5b25bf0a126e4b26eaa494
                                                                                        SSDEEP:49152:z8yrd6DUAUw45Id0f1uN1SMOiHxcGbNqpxDKbLT6x7HvGRZx:QyYUAUw45INZHxHkdKeG9
                                                                                        TLSH:D2068D12B68548A2D7D501B1CC6AE73A5739BB1C07F249F3B2982DE93D311E33B36646
                                                                                        File Content Preview:MZ......................@...................................0...........!..L.!This program cannot be run in DOS mode....$.......j.O#..!p..!p..!p.."q3.!p..$q..!p|.%q;.!p|."q4.!p|.$qI.!p..!p..!p..%qn.!px.%q5.!p.."q-.!p...p,.!p..%q..!p..'q/.!p.. q1.!p.. p+.!

                                                                                        File Icon

                                                                                        Icon Hash:a6aea2aebaa6aeb2

                                                                                        Static PE Info

                                                                                        General

                                                                                        Entrypoint:0x4a9daf
                                                                                        Entrypoint Section:.text
                                                                                        Digitally signed:true
                                                                                        Imagebase:0x400000
                                                                                        Subsystem:windows gui
                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                        Time Stamp:0x619D6959 [Tue Nov 23 22:21:13 2021 UTC]
                                                                                        TLS Callbacks:0x4a9db9, 0x4a9e49, 0x4d2a40
                                                                                        CLR (.Net) Version:
                                                                                        OS Version Major:6
                                                                                        OS Version Minor:1
                                                                                        File Version Major:6
                                                                                        File Version Minor:1
                                                                                        Subsystem Version Major:6
                                                                                        Subsystem Version Minor:1
                                                                                        Import Hash:b94eccd5d977b94e2c3f084d2f0a688e

                                                                                        Authenticode Signature

                                                                                        Signature Valid:false
                                                                                        Signature Issuer:CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE
                                                                                        Signature Validation Error:The digital signature of the object did not verify
                                                                                        Error Number:-2146869232
                                                                                        Not Before, Not After
                                                                                        • 1/14/2021 5:44:18 PM 1/15/2024 5:44:18 PM
                                                                                        Subject Chain
                                                                                        • CN=TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED, O=TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED, STREET=9622 Chemainus Rd, L=Chemainus, S=British Columbia, C=CA, OID.1.3.6.1.4.1.311.60.2.1.2=British Columbia, OID.1.3.6.1.4.1.311.60.2.1.3=CA, SERIALNUMBER=0831950, OID.2.5.4.15=Private Organization
                                                                                        Version:3
                                                                                        Thumbprint MD5:3DEC1575AB79027EC2E540CDBA7C9504
                                                                                        Thumbprint SHA-1:8DDA7D281E7FAE6627A6304165A485024DABAC7F
                                                                                        Thumbprint SHA-256:DFBE76E10EF28910AEB34A5037F178A17332632DFE87038D56A9DB5504B85012
                                                                                        Serial:462B7A9B55452A7AD49BEB73

                                                                                        Entrypoint Preview

                                                                                        Instruction
                                                                                        call 00007FEBB058323Dh
                                                                                        jmp 00007FEBB058245Fh
                                                                                        push ebp
                                                                                        mov ebp, esp
                                                                                        push FFFFFFFFh
                                                                                        push 0067D970h
                                                                                        mov eax, dword ptr fs:[00000000h]
                                                                                        push eax
                                                                                        push ebx
                                                                                        push esi
                                                                                        push edi
                                                                                        mov eax, dword ptr [0076A698h]
                                                                                        xor eax, ebp
                                                                                        push eax
                                                                                        lea eax, dword ptr [ebp-0Ch]
                                                                                        mov dword ptr fs:[00000000h], eax
                                                                                        cmp dword ptr [ebp+0Ch], 02h
                                                                                        jne 00007FEBB0582624h
                                                                                        mov ecx, dword ptr [00771C48h]
                                                                                        mov eax, dword ptr fs:[0000002Ch]
                                                                                        mov eax, dword ptr [eax+ecx*4]
                                                                                        cmp byte ptr [eax+00000010h], 00000001h
                                                                                        je 00007FEBB058260Ch
                                                                                        mov byte ptr [eax+00000010h], 00000001h
                                                                                        mov esi, 0068D910h
                                                                                        mov ebx, 0068D918h
                                                                                        jmp 00007FEBB05825F5h
                                                                                        mov edi, dword ptr [esi]
                                                                                        test edi, edi
                                                                                        je 00007FEBB05825ECh
                                                                                        mov ecx, edi
                                                                                        call dword ptr [0068D6C8h]
                                                                                        call edi
                                                                                        add esi, 04h
                                                                                        cmp esi, ebx
                                                                                        jne 00007FEBB05825CBh
                                                                                        mov ecx, dword ptr [ebp-0Ch]
                                                                                        mov dword ptr fs:[00000000h], ecx
                                                                                        pop ecx
                                                                                        pop edi
                                                                                        pop esi
                                                                                        pop ebx
                                                                                        leave
                                                                                        retn 000Ch
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        int3
                                                                                        push 00000000h
                                                                                        push 00000002h
                                                                                        push 00000000h
                                                                                        call 00007FEBB0582556h
                                                                                        ret
                                                                                        push ebp
                                                                                        mov ebp, esp
                                                                                        push ecx
                                                                                        push ecx
                                                                                        cmp dword ptr [ebp+0Ch], 03h
                                                                                        je 00007FEBB05825E8h
                                                                                        cmp dword ptr [ebp+0Ch], 00000000h
                                                                                        jne 00007FEBB058264Ah
                                                                                        mov ecx, dword ptr [00771C48h]
                                                                                        mov eax, dword ptr fs:[0000002Ch]
                                                                                        push ebx
                                                                                        push esi
                                                                                        mov ebx, dword ptr [eax+ecx*4]
                                                                                        mov dword ptr [ebp-08h], ebx
                                                                                        mov esi, dword ptr [ebx+00000018h]
                                                                                        test esi, esi

                                                                                        Data Directories

                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3672340x118.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x3e00000x6090.rsrc
                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x38e4000x3580.data
                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x3e70000x191e8.reloc
                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x3532400x54.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x3533800x18.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x3532980x40.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x28d0000x6c8.rdata
                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                        Sections

                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                        .text0x10000x28b5fc0x28b600unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                        .rdata0x28d0000xdc7460xdc800False0.35031134849773243data5.680095263766367IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                        .data0x36a0000x756900x6e00False0.2666903409090909data3.9570831144729834IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                        .rsrc0x3e00000x60900x6200False0.15306122448979592data4.948236833700885IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                        .reloc0x3e70000x191e80x19200False0.5213872046019901data6.565975516505037IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                        Resources

                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                        XML0x3e47a00xf7cXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.2580726538849647
                                                                                        RT_ICON0x3e03200x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.07603734439834024
                                                                                        RT_ICON0x3e28c80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.10037523452157598
                                                                                        RT_ICON0x3e39700x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.1680327868852459
                                                                                        RT_ICON0x3e42f80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.26063829787234044
                                                                                        RT_DIALOG0x3e57200x112dataEnglishUnited States0.6824817518248175
                                                                                        RT_DIALOG0x3e58380xb2dataEnglishUnited States0.6629213483146067
                                                                                        RT_STRING0x3e5de00x2edataEnglishUnited States0.5434782608695652
                                                                                        RT_ACCELERATOR0x3e58f00x70dataEnglishUnited States0.6785714285714286
                                                                                        RT_GROUP_ICON0x3e47600x3edataEnglishUnited States0.8064516129032258
                                                                                        RT_VERSION0x3e59600x47cdataEnglishUnited States0.4076655052264808
                                                                                        RT_MANIFEST0x3e5e100x280XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.553125

                                                                                        Imports

                                                                                        DLLImport
                                                                                        KERNEL32.dlllstrcmpA, WriteConsoleW, AttachConsole, FreeConsole, MultiByteToWideChar, SystemTimeToFileTime, lstrlenW, SetThreadPriority, lstrcpyA, IsBadReadPtr, lstrcmpiW, LocalFree, LoadLibraryExW, GetProcAddress, GetModuleHandleW, IsBadWritePtr, GlobalSize, SetFilePointer, DuplicateHandle, SetCriticalSectionSpinCount, EnumSystemLocalesEx, LocaleNameToLCID, TryAcquireSRWLockShared, TryAcquireSRWLockExclusive, AcquireSRWLockShared, ReleaseSRWLockShared, CreateFileMappingW, MoveFileW, GetOverlappedResult, GetModuleFileNameW, FreeLibrary, GetSystemTime, CloseHandle, GetStdHandle, InitializeCriticalSectionEx, GetLastError, RaiseException, DecodePointer, GetUserDefaultLangID, GetLocaleInfoW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindResourceW, VirtualAlloc, VirtualFree, InitializeCriticalSection, GetModuleHandleA, FormatMessageA, FormatMessageW, WideCharToMultiByte, ReleaseMutex, WaitForSingleObject, CreateMutexA, GetCurrentProcessId, GetSystemInfo, MapViewOfFile, UnmapViewOfFile, CreateFileMappingA, GetNumberFormatW, GetCurrentProcess, GetVersionExA, VirtualQuery, CreateDirectoryW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, SizeofResource, RemoveDirectoryW, GetTempPathW, CreateMutexW, GetCurrentThread, GetSystemTimeAsFileTime, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, CompareStringW, QueryPerformanceCounter, lstrlenA, MulDiv, SetLastError, GetTickCount, FileTimeToDosDateTime, GetComputerNameExW, ExpandEnvironmentStringsW, SetFileAttributesW, Sleep, CopyFileExW, GetDiskFreeSpaceExW, GetFileTime, GetTempFileNameW, SetFileTime, CopyFileW, MoveFileExW, FileTimeToLocalFileTime, DosDateTimeToFileTime, LoadLibraryW, TryEnterCriticalSection, SetEvent, ResetEvent, CreateEventW, WaitForMultipleObjects, GlobalReAlloc, FindResourceExW, lstrcmpW, CompareFileTime, CreateFileW, GetFileSizeEx, ReadFile, SetEndOfFile, WriteFile, IsDebuggerPresent, OutputDebugStringW, EncodePointer, InitializeSListHead, InterlockedPopEntrySList, InterlockedPushEntrySList, FlushInstructionCache, IsProcessorFeaturePresent, LoadLibraryExA, GetStringTypeW, WaitForSingleObjectEx, InitializeSRWLock, ReleaseSRWLockExclusive, AcquireSRWLockExclusive, InitializeConditionVariable, WakeConditionVariable, WakeAllConditionVariable, SleepConditionVariableCS, SleepConditionVariableSRW, GetCPInfo, QueryPerformanceFrequency, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, GetStartupInfoW, RtlUnwind, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, CreateThread, ExitThread, FreeLibraryAndExitThread, GetModuleHandleExW, VirtualProtect, ExitProcess, GetFileType, LCMapStringW, SetFilePointerEx, FindFirstFileExW, IsValidCodePage, GetACP, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableW, SetStdHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, ReadConsoleW, LockResource, LoadResource, FreeResource, GetCurrentThreadId, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, LeaveCriticalSection, EnterCriticalSection, GetProcessHeap, HeapSize, HeapFree, HeapReAlloc, HeapAlloc, GetFileAttributesW, HeapDestroy
                                                                                        USER32.dllEmptyClipboard, SetClipboardData, CloseClipboard, OpenClipboard, wsprintfW, PeekMessageW, GetMessageW, InsertMenuW, GetSubMenu, UnregisterClassW, DefWindowProcW, DestroyWindow, CharNextW, DestroyMenu, CreatePopupMenu, LoadMenuW, MessageBoxW, FillRect, SetCursor, GetSystemMetrics, IsWindowEnabled, ScreenToClient, ClientToScreen, TrackPopupMenu, RedrawWindow, InvalidateRect, LoadCursorW, BeginPaint, ReleaseDC, GetWindowDC, GetDC, TrackPopupMenuEx, SetFocus, LoadImageW, wsprintfA, DialogBoxParamW, SetWindowLongW, GetDesktopWindow, IsWindow, EndDialog, IsWindowVisible, MoveWindow, ShowWindow, CreateWindowExW, GetClassInfoExW, RegisterClassExW, CallWindowProcW, PostMessageW, GetMonitorInfoW, MonitorFromWindow, GetWindow, GetParent, GetWindowLongW, MapWindowPoints, GetWindowRect, GetClientRect, SetWindowTextW, GetSysColorBrush, GetSysColor, SetMenuDefaultItem, GetDlgCtrlID, EnableWindow, SetForegroundWindow, MonitorFromPoint, DrawIconEx, DestroyIcon, CheckMenuRadioItem, GetClassLongW, OffsetRect, IsClipboardFormatAvailable, RegisterClipboardFormatW, GetClipboardData, CharLowerBuffA, InflateRect, EndPaint, GetDlgItem, SetWindowPos, SendMessageW, CopyRect, GetActiveWindow, IntersectRect, PostThreadMessageW
                                                                                        ADVAPI32.dllRegEnumValueW, LsaLookupNames2, RegSetValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegCloseKey, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, OpenProcessToken, OpenThreadToken, GetSidIdentifierAuthority, GetSidSubAuthority, GetTokenInformation, RegQueryValueExW, RegDeleteTreeW, RegSetValueExA, GetLengthSid, LsaFreeMemory, LsaClose, LsaOpenPolicy
                                                                                        SHELL32.dllSHGetFolderPathW, SHBrowseForFolderW, SHGetPathFromIDListW, SHFileOperationW, SHGetFileInfoW, CommandLineToArgvW
                                                                                        ole32.dllCoTaskMemFree, CoInitialize, CoSetProxyBlanket, CoInitializeEx, IIDFromString, CreateStreamOnHGlobal, CoGetApartmentType, CoCreateGuid, CoInitializeSecurity, OleRun, CLSIDFromProgID, GetHGlobalFromStream, CoUninitialize, CoCreateInstance, CoTaskMemAlloc, StringFromGUID2, CoTaskMemRealloc
                                                                                        OLEAUT32.dllSafeArrayUnaccessData, GetErrorInfo, VarDecCmp, VarDecFromStr, VarDateFromStr, VarR8FromStr, VarI4FromStr, SysStringByteLen, SysAllocStringLen, SysAllocStringByteLen, LoadRegTypeLib, LoadTypeLib, VariantChangeType, VariantCopy, VariantClear, VariantInit, SysStringLen, SafeArrayAccessData, VarUI4FromStr, SysFreeString, VariantCopyInd, SysAllocString
                                                                                        SHLWAPI.dllPathIsURLW, SHDeleteKeyW, StrToIntW, StrRChrW, StrStrIW, PathCanonicalizeW, StrFormatByteSizeW
                                                                                        COMCTL32.dll_TrackMouseEvent, ImageList_LoadImageW, InitCommonControlsEx
                                                                                        UxTheme.dllGetThemeInt, OpenThemeData, SetWindowTheme, DrawThemeParentBackground, CloseThemeData, IsThemeActive, DrawThemeBackground
                                                                                        RPCRT4.dllUuidFromStringW
                                                                                        WININET.dllInternetAttemptConnect, InternetSetCookieW, HttpEndRequestW, HttpSendRequestExW, HttpAddRequestHeadersW, FtpOpenFileW, InternetSetStatusCallbackW, InternetQueryOptionW, InternetQueryDataAvailable, InternetWriteFile, FtpRemoveDirectoryW, FtpCreateDirectoryW, FtpRenameFileW, FtpDeleteFileW, FtpPutFileW, FtpFindFirstFileW, InternetFindNextFileW, InternetCrackUrlW, HttpQueryInfoW, HttpSendRequestW, HttpOpenRequestW, InternetGetLastResponseInfoW, InternetCloseHandle, InternetConnectW, InternetOpenW, InternetSetOptionW, InternetReadFile
                                                                                        GDI32.dllGetMetaFileBitsEx, RealizePalette, SelectPalette, SetDIBitsToDevice, GetDeviceCaps, StretchDIBits, GetEnhMetaFileBits, GetDIBits, CreateRectRgnIndirect, BitBlt, CreatePalette, StretchBlt, Polygon, CreatePen, CreateCompatibleDC, CreateCompatibleBitmap, GetTextMetricsW, SelectObject, GetStockObject, ExcludeClipRect, DeleteObject, DeleteDC, CombineRgn, ExtTextOutW, SetBkColor, CopyEnhMetaFileW, SetStretchBltMode, SetWinMetaFileBits, GetEnhMetaFileHeader, SetEnhMetaFileBits, DeleteEnhMetaFile, GdiFlush, LPtoDP, DPtoLP, GetObjectW, CreateDIBSection, PlayEnhMetaFile
                                                                                        COMDLG32.dllCommDlgExtendedError, GetSaveFileNameW, GetOpenFileNameW

                                                                                        Possible Origin

                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                        EnglishUnited States

                                                                                        Network Behavior

                                                                                        Network Port Distribution

                                                                                        TCP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Sep 15, 2023 05:49:50.381211042 CEST49710443192.168.2.4104.18.6.142
                                                                                        Sep 15, 2023 05:49:50.381268024 CEST44349710104.18.6.142192.168.2.4
                                                                                        Sep 15, 2023 05:49:50.381340027 CEST49710443192.168.2.4104.18.6.142
                                                                                        Sep 15, 2023 05:49:50.389348984 CEST49710443192.168.2.4104.18.6.142
                                                                                        Sep 15, 2023 05:49:50.389372110 CEST44349710104.18.6.142192.168.2.4
                                                                                        Sep 15, 2023 05:49:50.599061966 CEST44349710104.18.6.142192.168.2.4
                                                                                        Sep 15, 2023 05:49:50.599505901 CEST49710443192.168.2.4104.18.6.142
                                                                                        Sep 15, 2023 05:49:50.602502108 CEST49710443192.168.2.4104.18.6.142
                                                                                        Sep 15, 2023 05:49:50.602521896 CEST44349710104.18.6.142192.168.2.4
                                                                                        Sep 15, 2023 05:49:50.602788925 CEST44349710104.18.6.142192.168.2.4
                                                                                        Sep 15, 2023 05:49:50.657562017 CEST49710443192.168.2.4104.18.6.142
                                                                                        Sep 15, 2023 05:49:50.897326946 CEST49710443192.168.2.4104.18.6.142
                                                                                        Sep 15, 2023 05:49:50.940690041 CEST44349710104.18.6.142192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.118750095 CEST44349710104.18.6.142192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.118814945 CEST44349710104.18.6.142192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.118887901 CEST49710443192.168.2.4104.18.6.142
                                                                                        Sep 15, 2023 05:49:51.155716896 CEST49710443192.168.2.4104.18.6.142
                                                                                        Sep 15, 2023 05:49:51.155754089 CEST44349710104.18.6.142192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.155772924 CEST49710443192.168.2.4104.18.6.142
                                                                                        Sep 15, 2023 05:49:51.155781031 CEST44349710104.18.6.142192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.271941900 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.271975994 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.272048950 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.272725105 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.272738934 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.469806910 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.469944954 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.471494913 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.471503019 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.471882105 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.473812103 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.520641088 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.756169081 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.757163048 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.757222891 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.757245064 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.757441998 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.757493973 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.757502079 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.758124113 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.758172989 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.758179903 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.758330107 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.758393049 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.758399010 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.758481026 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.758523941 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.758533955 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.758687019 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.758733988 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.758740902 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.758833885 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.758898020 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.758904934 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.758980036 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.759023905 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.759030104 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.759216070 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.759262085 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.759267092 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.759485960 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.759530067 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.759536982 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.759874105 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.759922981 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.759932041 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.760032892 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.760077000 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.760082960 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.760215044 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.760258913 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.760267973 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.760700941 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.760751009 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.760759115 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.760910988 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.760958910 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.760965109 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.761128902 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.761173964 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.761181116 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.764708996 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.764755011 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.764761925 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.764863968 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.764909983 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.764916897 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.764991999 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.765033960 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.765039921 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.765510082 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.765554905 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.765561104 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.765762091 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.765813112 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.765820026 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.765868902 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.766284943 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.766345978 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.849181890 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.849291086 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.849438906 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.849510908 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.849765062 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.849845886 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.849855900 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.849901915 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.850188017 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.850249052 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.850495100 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.850552082 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.850760937 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.850825071 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.850836992 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.850888968 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.850917101 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.851016045 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.851022959 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.851047039 CEST49711443192.168.2.4104.18.6.94
                                                                                        Sep 15, 2023 05:49:51.851058960 CEST44349711104.18.6.94192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.963932991 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:51.963973999 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.964394093 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:51.964394093 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:51.964421988 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.278706074 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.278825045 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.280177116 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.280186892 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.280446053 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.281470060 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.324661016 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.390459061 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.390508890 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.390588999 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.390650034 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.390676975 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.390705109 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.393402100 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.393454075 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.393471956 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.395577908 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.395621061 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.395627975 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.399194956 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.399241924 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.399256945 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.402112007 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.402158022 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.402170897 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.425220013 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.425239086 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.425298929 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.425322056 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.425399065 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.495768070 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.495795012 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.495892048 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.495929003 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.495975018 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.512330055 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.512346983 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.512451887 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.512466908 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.512510061 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.525017977 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.525033951 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.525095940 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.525106907 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.525156021 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.535402060 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.535418034 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.535484076 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.535492897 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.535537958 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.590128899 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.590179920 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.590223074 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.590234995 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.590270042 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.590306044 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.600414991 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.600460052 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.600498915 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.600506067 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.600533962 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.600564003 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.608808994 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.608854055 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.608891964 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.608899117 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.608927011 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.608942986 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.615880013 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.615925074 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.615964890 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.615971088 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.615997076 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.616025925 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.622826099 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.622842073 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.622906923 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.622912884 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.622951984 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.628742933 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.628757000 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.628814936 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.628822088 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.628861904 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.635085106 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.635103941 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.635165930 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.635174036 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.635215998 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.641237020 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.641252995 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.641320944 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.641326904 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.641371012 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.680494070 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.680540085 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.680599928 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.680685043 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.680732012 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.680753946 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.686228037 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.686270952 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.686403036 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.686403036 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.686419964 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.686475039 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.691163063 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.691206932 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.691248894 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.691261053 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.691297054 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.691317081 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.696283102 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.696345091 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.696373940 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.696386099 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.696413040 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.696429968 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.700730085 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.700772047 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.700813055 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.700824976 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.700858116 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.700886011 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.704655886 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.704703093 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.704731941 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.704744101 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.704775095 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.704794884 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.709531069 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.709573030 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.709620953 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.709631920 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.709657907 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.709695101 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.712966919 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.713011026 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.713049889 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.713066101 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.713088036 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.713110924 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.716691017 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.716737032 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.716766119 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.716775894 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.716808081 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.716825008 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.721204042 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.721223116 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.721287012 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.721298933 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.721354008 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.722846031 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.722920895 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.722933054 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.726376057 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.726387978 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.726473093 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.726490021 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.726519108 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.729795933 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.729808092 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.729876995 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.729892015 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.729918957 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.732765913 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.732779980 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.732846022 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.732863903 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.732892990 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.736159086 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.736171961 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.736249924 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.736272097 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.736296892 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.738974094 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.738986969 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.739058018 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.739077091 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.739101887 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.741779089 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.741792917 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.741857052 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.741872072 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.741911888 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.777060986 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.777107954 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.777156115 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.777169943 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.777199030 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.779431105 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.779472113 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.779500961 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.779506922 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.779562950 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.781851053 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.781893015 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.781939030 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.781941891 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.781966925 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.784393072 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.784440994 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.784451962 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.784471035 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.784549952 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.787245035 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.787285089 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.787327051 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.787331104 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.787363052 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.789798975 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.789844990 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.789864063 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.789869070 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.789910078 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.792871952 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.792912006 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.792952061 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.792956114 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.792987108 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.792987108 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.794661999 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.794708967 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.794756889 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.794760942 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.794790030 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.794790983 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.796732903 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.796772003 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.796792984 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.796797991 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.796834946 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.798352003 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.799484968 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.799532890 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.799565077 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.799568892 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.799679041 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.801315069 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.801361084 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.801373005 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.801387072 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.801467896 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.803421021 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.803463936 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.803486109 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.803491116 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.803524017 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.805963993 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.806009054 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.806019068 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.806030035 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.806060076 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.806837082 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.808054924 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.808094978 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.808129072 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.808132887 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.808156967 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.809892893 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.809941053 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.809957027 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.809966087 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.810009003 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.811671972 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.811712980 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.811737061 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.811742067 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.811779976 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.813676119 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.813719034 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.813723087 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.813750982 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.813755989 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.813787937 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.815977097 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.816020966 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.816035032 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.816045046 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.816088915 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.817236900 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.817285061 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.817295074 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.817323923 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.817327976 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.817349911 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.819494963 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.819542885 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.819562912 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.819566965 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.819628000 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.820950985 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.820990086 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.821012020 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.821017027 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.821042061 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.821058035 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.822979927 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.822993994 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.823040009 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.823043108 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.823074102 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.824714899 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.824731112 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.824769974 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.824774981 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.824800014 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.826153994 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.826165915 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.826209068 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.826212883 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.826236010 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.827903986 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.827920914 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.827950001 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.827955008 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.827980995 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.829576015 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.829587936 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.829643965 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.829648972 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.829670906 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.831188917 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.831206083 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.831239939 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.831243992 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.831269026 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.832637072 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.832649946 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.832690001 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.832695961 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.832722902 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.834011078 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.834027052 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.834069014 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.834074020 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.834109068 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.835608006 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.835625887 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.835669041 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.835674047 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.835704088 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.837246895 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.837265968 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.837291956 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.837296963 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.837331057 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.838471889 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.838486910 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.838546991 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.838552952 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.838584900 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.840462923 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.840483904 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.840517044 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.840522051 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.840559006 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.842664957 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.859442949 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.859527111 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.859528065 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.859549999 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.859581947 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.874399900 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.874449015 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.874464035 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.874470949 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.874502897 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.878174067 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.878213882 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.878233910 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.878238916 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.878309965 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.879967928 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.880007029 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.880029917 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.880045891 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.880069017 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.880846977 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.880892992 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.880912066 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.880917072 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.880959034 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.882739067 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.882777929 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.882781029 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.882802963 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.882814884 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.882841110 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.884239912 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.884285927 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.884314060 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.884319067 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.884355068 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.885806084 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.885845900 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.885874987 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.885946989 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.886013985 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.887125015 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.887164116 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.887182951 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.887187004 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.887218952 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.888583899 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.888643026 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.888648987 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.888672113 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.888705969 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.890008926 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.890048981 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.890063047 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.890073061 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.890096903 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.890114069 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.891266108 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.891305923 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.891333103 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.891336918 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.891366005 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.891808987 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.891869068 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.891872883 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.893187046 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.893234015 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.893239975 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.893254995 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.893290997 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.894277096 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.894324064 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.894344091 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.894347906 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.894380093 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.895601034 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.895647049 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.895652056 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.895687103 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.895724058 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.897712946 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.897752047 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.897773027 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.897777081 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.897804022 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.899348021 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.899374008 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.899394989 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.899399042 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.899422884 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.900861979 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.900875092 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.900904894 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.900911093 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.900933981 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.902169943 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.902188063 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.902219057 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.902224064 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.902251959 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.903827906 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.903840065 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.903878927 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.903882027 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.903908968 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.905107975 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.905124903 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.905157089 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.905162096 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.905186892 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.907069921 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.907083035 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.907124996 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.907130003 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.907155037 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.908245087 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.908260107 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.908288002 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.908291101 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.908314943 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.910121918 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.910135984 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.910166979 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.910171986 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.910196066 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.911529064 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.911545038 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.911571980 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.911576986 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.911601067 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.913362980 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.913386106 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.913412094 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.913417101 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.913439989 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.915005922 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.915021896 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.915055037 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.915059090 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.915082932 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.915929079 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.915941954 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.915980101 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.915985107 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.916007996 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.917129993 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.917150974 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.917185068 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.917190075 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.917212963 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.918385029 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.918396950 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.918437958 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.918442965 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.918467045 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.919703007 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.919722080 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.919749975 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.919753075 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.919775963 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.921355963 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.921402931 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:52.921410084 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:52.921448946 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.104697943 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.104769945 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.104820013 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.104868889 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.104887962 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.104914904 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.104938984 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.104959965 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.104959011 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.104980946 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.104994059 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105011940 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105022907 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105026960 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105045080 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105065107 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105084896 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105097055 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105127096 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105139017 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105139017 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105154991 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105175018 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105192900 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105205059 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105246067 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105284929 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105298996 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105310917 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105340004 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105353117 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105369091 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105391026 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105397940 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105397940 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105411053 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105433941 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105453014 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105453014 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105489969 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105539083 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105546951 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105547905 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105547905 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105550051 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105576038 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105587959 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105598927 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105647087 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105648041 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105662107 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105704069 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105705976 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105720997 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105737925 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105750084 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105750084 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105772018 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105777025 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105784893 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105798006 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105809927 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105834961 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105835915 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105844975 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105871916 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105880976 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105900049 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105906963 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105918884 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105946064 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105963945 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105983019 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.105989933 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.105989933 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106005907 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106040955 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106051922 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106051922 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106051922 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106086016 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106093884 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106101036 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106108904 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106120110 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106142044 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106144905 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106153011 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106178999 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106182098 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106199026 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106204033 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106214046 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106230974 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106236935 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106256008 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106277943 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106288910 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106303930 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106319904 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106345892 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106355906 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106383085 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106384993 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106395006 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106401920 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106421947 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106431007 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106447935 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106453896 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106460094 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106472015 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106481075 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106503010 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106513023 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106513977 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106513977 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106534958 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106543064 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106560946 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106580973 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106597900 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.106623888 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106623888 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.106652975 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.312742949 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.360675097 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.572664022 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.572751045 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.581909895 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.581923962 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.582068920 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.583993912 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.584000111 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584038019 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584079027 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584111929 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584145069 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584182024 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.584182024 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.584182024 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.584189892 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584239006 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584263086 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584292889 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584340096 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584399939 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584424973 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.584424973 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.584424973 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.584424973 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.584424973 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.584433079 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584455013 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584517956 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584557056 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584575891 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584605932 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584685087 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584739923 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.584739923 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.584739923 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.584739923 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.584739923 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.584739923 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.584739923 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.584749937 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584801912 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584834099 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.584834099 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.584861040 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.584880114 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584937096 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584969044 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.584992886 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.585057020 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.585064888 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.585110903 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.585146904 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.585191011 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.647891998 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.647934914 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.648183107 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.650281906 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.650289059 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.650326967 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.650346041 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.650368929 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.650501966 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.650501966 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.650537968 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.650558949 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.650574923 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.650594950 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.650599957 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.650613070 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.650623083 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.650625944 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.650635004 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.650667906 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.650677919 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.650690079 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.650721073 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.650728941 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.650747061 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.650769949 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.650816917 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.650872946 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.741787910 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.741832972 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.741961956 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.746723890 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.746735096 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.746808052 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.746840954 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.746891022 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.746917009 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.746954918 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.746968031 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.747060061 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.747072935 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.747123003 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.747175932 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.747189045 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.747236013 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.747258902 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.747268915 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.747313976 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.747324944 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.747358084 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.747395039 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.747448921 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.834347963 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.834388018 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.834794044 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.841540098 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.841551065 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.841583014 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.841682911 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.841718912 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.841768026 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.841809988 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.841809988 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.841830969 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.841878891 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.841892958 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:53.841954947 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.842005014 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.954230070 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:53.962447882 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:54.054963112 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:54.055047989 CEST44349712146.75.28.193192.168.2.4
                                                                                        Sep 15, 2023 05:49:54.055088043 CEST49712443192.168.2.4146.75.28.193
                                                                                        Sep 15, 2023 05:49:54.055107117 CEST44349712146.75.28.193192.168.2.4

                                                                                        UDP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Sep 15, 2023 05:49:50.251422882 CEST5139153192.168.2.48.8.8.8
                                                                                        Sep 15, 2023 05:49:50.353744030 CEST53513918.8.8.8192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.168292999 CEST4978553192.168.2.48.8.8.8
                                                                                        Sep 15, 2023 05:49:51.270812988 CEST53497858.8.8.8192.168.2.4
                                                                                        Sep 15, 2023 05:49:51.866619110 CEST6387253192.168.2.48.8.8.8
                                                                                        Sep 15, 2023 05:49:51.962924004 CEST53638728.8.8.8192.168.2.4

                                                                                        DNS Queries

                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                        Sep 15, 2023 05:49:50.251422882 CEST192.168.2.48.8.8.80x1f25Standard query (0)wwf.orgA (IP address)IN (0x0001)false
                                                                                        Sep 15, 2023 05:49:51.168292999 CEST192.168.2.48.8.8.80xd6b6Standard query (0)www.worldwildlife.orgA (IP address)IN (0x0001)false
                                                                                        Sep 15, 2023 05:49:51.866619110 CEST192.168.2.48.8.8.80x8957Standard query (0)i.imgur.comA (IP address)IN (0x0001)false

                                                                                        DNS Answers

                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                        Sep 15, 2023 05:49:50.353744030 CEST8.8.8.8192.168.2.40x1f25No error (0)wwf.org104.18.6.142A (IP address)IN (0x0001)false
                                                                                        Sep 15, 2023 05:49:50.353744030 CEST8.8.8.8192.168.2.40x1f25No error (0)wwf.org104.18.7.142A (IP address)IN (0x0001)false
                                                                                        Sep 15, 2023 05:49:51.270812988 CEST8.8.8.8192.168.2.40xd6b6No error (0)www.worldwildlife.org104.18.6.94A (IP address)IN (0x0001)false
                                                                                        Sep 15, 2023 05:49:51.270812988 CEST8.8.8.8192.168.2.40xd6b6No error (0)www.worldwildlife.org104.18.7.94A (IP address)IN (0x0001)false
                                                                                        Sep 15, 2023 05:49:51.962924004 CEST8.8.8.8192.168.2.40x8957No error (0)i.imgur.comipv4.imgur.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                        Sep 15, 2023 05:49:51.962924004 CEST8.8.8.8192.168.2.40x8957No error (0)ipv4.imgur.map.fastly.net146.75.28.193A (IP address)IN (0x0001)false

                                                                                        HTTP Request Dependency Graph

                                                                                        • wwf.org
                                                                                        • www.worldwildlife.org
                                                                                        • i.imgur.com

                                                                                        HTTPS Proxied Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                        0192.168.2.449710104.18.6.142443C:\Users\user\Desktop\VqBVE8dJEA.exe
                                                                                        TimestampkBytes transferredDirectionData
                                                                                        2023-09-15 03:49:50 UTC0OUTGET / HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Host: wwf.org
                                                                                        2023-09-15 03:49:51 UTC0INHTTP/1.1 302 Found
                                                                                        Date: Fri, 15 Sep 2023 03:49:51 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0
                                                                                        Strict-Transport-Security: max-age=15552000
                                                                                        Location: https://www.worldwildlife.org?utm_campaign=301-redirects&utm_source=wwf.org&utm_medium=referral&utm_content=wwf.org
                                                                                        Expires: Fri, 15 Sep 2023 03:49:51 GMT
                                                                                        X-Content-Type-Options: nosniff
                                                                                        Set-Cookie: X-Mapping-ekdchbfg=411FE24A7244FFAC40C1CA64CC9E9474; path=/
                                                                                        X-UA-Compatible: IE=edge
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 806de6f1589d17a1-EWR
                                                                                        2023-09-15 03:49:51 UTC0INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                        1192.168.2.449711104.18.6.94443C:\Users\user\Desktop\VqBVE8dJEA.exe
                                                                                        TimestampkBytes transferredDirectionData
                                                                                        2023-09-15 03:49:51 UTC0OUTGET /?utm_campaign=301-redirects&utm_source=wwf.org&utm_medium=referral&utm_content=wwf.org HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Host: www.worldwildlife.org
                                                                                        2023-09-15 03:49:51 UTC0INHTTP/1.1 200 OK
                                                                                        Date: Fri, 15 Sep 2023 03:49:51 GMT
                                                                                        Content-Type: text/html; charset=utf-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Cache-Control: max-age=0, private, must-revalidate
                                                                                        Strict-Transport-Security: max-age=63072000
                                                                                        Referrer-Policy: strict-origin-when-cross-origin
                                                                                        X-Permitted-Cross-Domain-Policies: none
                                                                                        X-XSS-Protection: 1; mode=block
                                                                                        X-XSS-Protection: 1; mode=block
                                                                                        X-Request-Id: 8c8217af-d54f-4b76-92cc-4f0ffadfb977
                                                                                        X-Download-Options: noopen
                                                                                        X-Frame-Options: SAMEORIGIN, SAMEORIGIN
                                                                                        X-Runtime: 0.014039
                                                                                        X-Content-Type-Options: nosniff
                                                                                        X-Content-Type-Options: nosniff
                                                                                        X-Powered-By: Phusion Passenger(R) Enterprise
                                                                                        Set-Cookie: auth_token=IlpyeXA3N0ZZMCtnODZoOWdQdHdkS1JldHRscGhXd3ZFSUNoL1lYcmRMTE1Vajh6ckNXTisyRC9mbUYwMGFkL3A2T0xDVjg3dnlQdVlRQkp1LytXYVRnPT0i--231ee9b9d2628865f6ea769624ee3395fb79ec51; path=/; secure
                                                                                        Status: 200 OK
                                                                                        Vary: Accept-Encoding
                                                                                        CF-Cache-Status: DYNAMIC
                                                                                        Set-Cookie: _wwf_session=BeyZ9GPVgYGajmfez2VOMEE3xPSJSv84lNbbRv7A%2BCho%2BejGwTs5y10wqH3kj1J6%2F410itSnngPNCoJ%2BFf%2B%2FJUF%2BNe6np%2F4V%2FhQ40vMWakuKH0P9Bd4YpENRvi7g5n1rQAj95Vv3KVJisbO0vOY%3D--kXisfbVFKO4pPs46--SNgzEiP%2BuxAfJNmJtch3vg%3D%3D; path=/; secure; HttpOnly
                                                                                        Set-Cookie: __cflb=02DiuGARDpWcJsBwRUA2iTBXTMvkpmmBMcWPBVwYLDUhz; SameSite=None; Secure; path=/; expires=Sat, 16-Sep-23 02:49:51 GMT; HttpOnly
                                                                                        Server: cloudflare
                                                                                        2023-09-15 03:49:51 UTC2INData Raw: 43 46 2d 52 41 59 3a 20 38 30 36 64 65 36 66 35 61 38 36 30 34 32 37 63 2d 45 57 52 0d 0a 61 6c 74 2d 73 76 63 3a 20 68 33 3d 22 3a 34 34 33 22 3b 20 6d 61 3d 38 36 34 30 30 0d 0a 0d 0a
                                                                                        Data Ascii: CF-RAY: 806de6f5a860427c-EWRalt-svc: h3=":443"; ma=86400
                                                                                        2023-09-15 03:49:51 UTC2INData Raw: 37 66 66 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 57 57 46 20 2d 20 45 6e 64 61 6e 67 65 72 65 64 20 53 70 65 63 69 65 73 20 43 6f 6e 73 65 72 76 61 74 69 6f 6e 20 7c 20 57 6f 72 6c 64 20 57 69 6c 64 6c 69 66 65 20 46 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 61 6c 6c 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d
                                                                                        Data Ascii: 7ffa<!DOCTYPE html><html class="js" lang="en"><head><title>WWF - Endangered Species Conservation | World Wildlife Fund</title><meta charset="utf-8"><meta name="robots" content="all"><meta name="viewport" content="width=device-width, initial-scale=
                                                                                        2023-09-15 03:49:51 UTC3INData Raw: 6e 64 20 2d 20 54 68 65 20 6c 65 61 64 69 6e 67 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 20 69 6e 20 77 69 6c 64 6c 69 66 65 20 63 6f 6e 73 65 72 76 61 74 69 6f 6e 20 61 6e 64 20 65 6e 64 61 6e 67 65 72 65 64 20 73 70 65 63 69 65 73 2e 20 4c 65 61 72 6e 20 68 6f 77 20 79 6f 75 20 63 61 6e 20 68 65 6c 70 20 57 57 46 20 6d 61 6b 65 20 61 20 64 69 66 66 65 72 65 6e 63 65 2e 20 22 3e 0a 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 57 6f 72 6c 64 20 57 69 6c 64 6c 69 66 65 20 46 75 6e 64 20 2d 20 54 68 65 20 6c 65 61 64 69 6e 67 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 20 69 6e 20 77 69 6c 64 6c 69 66 65 20 63 6f 6e 73 65 72 76 61 74 69 6f 6e 20 61 6e 64 20 65 6e 64 61 6e 67 65 72 65 64
                                                                                        Data Ascii: nd - The leading organization in wildlife conservation and endangered species. Learn how you can help WWF make a difference. "><meta property="og:description" content="World Wildlife Fund - The leading organization in wildlife conservation and endangered
                                                                                        2023-09-15 03:49:51 UTC4INData Raw: 66 2d 77 65 62 66 6f 6e 74 2d 66 63 64 37 35 32 36 39 64 61 37 38 34 31 37 31 61 36 30 38 37 38 32 37 35 33 30 64 37 66 37 34 35 37 33 62 36 63 31 35 30 65 37 64 65 30 62 31 62 32 37 64 62 37 32 63 37 33 65 38 62 30 34 61 2e 77 6f 66 66 32 22 20 61 73 3d 22 66 6f 6e 74 22 20 74 79 70 65 3d 22 66 6f 6e 74 2f 77 6f 66 66 32 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 0a 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 39 62 34 66 30 37 61 30 64 63 31 35 33 65 39 35 66 30 30 64 61 30 33 35 2d 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 28 66 75 6e 63 74 69 6f 6e 28 77 2c 64 2c 73 2c 6c 2c 69 29 7b 77 5b 6c 5d 3d 77 5b 6c 5d 7c 7c 5b 5d 3b 77 5b 6c 5d 2e 70 75 73 68 28 7b 27 67 74 6d 2e 73 74 61 72 74 27 3a 0a 20 20 20 20 6e 65 77 20 44 61 74 65 28 29 2e 67
                                                                                        Data Ascii: f-webfont-fcd75269da784171a6087827530d7f74573b6c150e7de0b1b27db72c73e8b04a.woff2" as="font" type="font/woff2" crossorigin><script type="9b4f07a0dc153e95f00da035-text/javascript">(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().g
                                                                                        2023-09-15 03:49:51 UTC6INData Raw: 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 23 73 74 61 74 69 73 74 69 63 5f 62 6c 6f 63 6b 5f 62 32 34 37 66 66 20 2e 68 6f 6d 65 70 61 67 65 2d 69 6d 70 61 63 74 5f 5f 73 74 61 74 2d 6e 75 6d 62 65 72 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 20 20 20 20 7d 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 23 69 6d 70 61 63 74 5f 62 6c 6f 63 6b 5f 31 62 63 31 38 62 20 2e 68 6f 6d 65 70 61 67 65 2d 62 75 74 74 6f 6e 5f 5f 31 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 46 46 46 46 46 46 3b 0a 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 33 34 35 37 33 61 3b 0a 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 69 6d 70 61 63 74
                                                                                        Data Ascii: } </style><style> #statistic_block_b247ff .homepage-impact__stat-number { color: #000000; } </style><style> #impact_block_1bc18b .homepage-button__1 { color: #FFFFFF; background-color: #34573a; } #impact
                                                                                        2023-09-15 03:49:51 UTC7INData Raw: 37 33 33 65 38 35 20 2e 68 6f 6d 65 70 61 67 65 2d 6c 67 2d 63 61 6d 70 61 69 67 6e 2d 74 65 78 74 20 7b 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 30 30 30 30 3b 0a 20 20 20 20 20 20 7d 0a 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 3c 2f 73 74 79 6c 65 3e 0a 3c 73 74 79 6c 65 3e 0a 20 20 20 20 23 6c 61 72 67 65 5f 6e 65 77 73 5f 62 6c 6f 63 6b 5f 66 64 38 62 37 65 20 2e 68 6f 6d 65 70 61 67 65 2d 70 6f 73 74 65 72 5f 5f 63 6f 6e 74 65 6e 74 20 61 3a 3a 62 65 66 6f 72 65 20 7b 0a 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 44 35 35 43 31 39 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 23 6c 61 72 67 65 5f 6e 65 77 73 5f 62 6c 6f 63 6b 5f 66 64 38 62 37 65 20 2e 68 6f 6d 65 70 61 67 65 2d 63 61
                                                                                        Data Ascii: 733e85 .homepage-lg-campaign-text { color: #000000; } </style><style> </style><style> #large_news_block_fd8b7e .homepage-poster__content a::before { background-color: #D55C19; } #large_news_block_fd8b7e .homepage-ca
                                                                                        2023-09-15 03:49:51 UTC8INData Raw: 69 64 74 68 3d 22 30 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 76 69 73 69 62 69 6c 69 74 79 3a 68 69 64 64 65 6e 22 3e 3c 2f 69 66 72 61 6d 65 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 0a 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 39 62 34 66 30 37 61 30 64 63 31 35 33 65 39 35 66 30 30 64 61 30 33 35 2d 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 09 09 0a 09 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 66 62 2d 72 6f 6f 74 22 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6c 6f 67 6f 2d 68 65 61 64 65 72 22 3e 0a 3c 61 20 69 64 3d 22 68 65 61 64 65 72 2d 73 6b 69 70 2d 6e 61 76 69
                                                                                        Data Ascii: idth="0" style="display:none;visibility:hidden"></iframe></noscript><script type="9b4f07a0dc153e95f00da035-text/javascript"></script><div id="fb-root"></div><div id="header"><div class="wrapper"><div class="logo-header"><a id="header-skip-navi
                                                                                        2023-09-15 03:49:51 UTC10INData Raw: 74 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 70 61 67 65 2f 35 32 37 31 37 2f 64 6f 6e 61 74 65 2f 31 3f 65 6e 5f 6f 67 5f 73 6f 75 72 63 65 3d 57 65 62 5f 44 6f 6e 61 74 69 6f 6e 26 61 6d 70 3b 65 61 2e 74 72 61 63 6b 69 6e 67 2e 69 64 3d 57 65 62 5f 54 6f 70 6e 61 76 26 61 6d 70 3b 73 75 70 70 6f 72 74 65 72 2e 61 70 70 65 61 6c 43 6f 64 65 3d 41 57 45 32 34 30 32 4f 51 31 38 32 39 39 41 30 31 31 37 39 52 58 22 3e 0a 44 6f 6e 61 74 65 0a 3c 2f 61 3e 20 3c 2f 6c 69 3e 0a 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 61 63 74 69 6f 6e 20 61 63 74 69 6f 6e 2d 6c 69 6e 6b 20 61 63 74 69 6f 6e 2d 73 65 63 6f 6e 64 61 72 79 22 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65
                                                                                        Data Ascii: t.worldwildlife.org/page/52717/donate/1?en_og_source=Web_Donation&amp;ea.tracking.id=Web_Topnav&amp;supporter.appealCode=AWE2402OQ18299A01179RX">Donate</a> </li><li class="nav-item"><a class="action action-link action-secondary" data-track-event="Home
                                                                                        2023-09-15 03:49:51 UTC11INData Raw: 6e 61 6d 65 3d 22 63 78 22 20 76 61 6c 75 65 3d 22 30 30 33 34 34 33 33 37 34 33 39 36 33 36 39 32 37 37 36 32 34 3a 76 33 6e 72 61 71 68 6d 65 79 6b 22 20 2f 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 68 69 64 64 65 6e 22 20 6e 61 6d 65 3d 22 69 65 22 20 76 61 6c 75 65 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6c 61 62 65 6c 20 66 6f 72 3d 22 6d 6f 62 69 6c 65 2d 71 22 3e 53 65 61 72 63 68 3c 2f 6c 61 62 65 6c 3e 0a 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 6e 61 6d 65 3d 22 78 22 20 69 64 3d 22 6d 6f 62 69 6c 65 2d 71 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 54 79 70 65 20 74 6f 20 73 65 61 72 63 68 2e 2e 2e 22 20 2f 3e 0a 3c 62 75 74 74 6f 6e 20 6e 61 6d 65 3d 22 73 61 22 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 3e 3c 73 70 61 6e 20
                                                                                        Data Ascii: name="cx" value="003443374396369277624:v3nraqhmeyk" /><input type="hidden" name="ie" value="UTF-8" /><label for="mobile-q">Search</label><input type="text" name="x" id="mobile-q" placeholder="Type to search..." /><button name="sa" type="submit"><span
                                                                                        2023-09-15 03:49:51 UTC12INData Raw: 6c 69 63 6b 7c 54 6f 67 67 6c 65 20 44 6f 6e 61 74 65 20 44 72 6f 70 64 6f 77 6e 20 4c 69 6e 6b 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 63 72 65 65 6e 2d 72 65 61 64 65 72 22 3e 54 6f 67 67 6c 65 20 44 6f 6e 61 74 65 20 62 75 74 74 6f 6e 20 3c 2f 73 70 61 6e 3e 0a 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 73 76 67 2d 69 63 6f 6e 20 2d 6f 70 65 6e 22 3e 0a 3c 70 61 74 68 20 64 3d 22 4d 31 32 20 32 63 2d 2e 35 20 30 2d 2e 39 2e 34 2d 2e 39 2e 39 76 38 2e 31 37 48 32 2e 39 33 61 2e 39 33 2e 39 33
                                                                                        Data Ascii: lick|Toggle Donate Dropdown Links"><span class="screen-reader">Toggle Donate button </span><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" aria-hidden="true" class="svg-icon -open"><path d="M12 2c-.5 0-.9.4-.9.9v8.17H2.93a.93.93
                                                                                        2023-09-15 03:49:51 UTC14INData Raw: 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b 7c 44 6f 6e 61 74 65 20 2d 20 52 65 6e 65 77 20 79 6f 75 72 20 4d 65 6d 62 65 72 73 68 69 70 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 72 6f 74 65 63 74 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 70 61 67 65 2f 35 33 30 38 32 2f 64 6f 6e 61 74 65 2f 31 3f 65 6e 5f 6f 67 5f 73 6f 75 72 63 65 3d 57 65 62 5f 44 6f 6e 61 74 69 6f 6e 26 61 6d 70 3b 65 61 2e 74 72 61 63 6b 69 6e 67 2e 69 64 3d 57 65 62 5f 54 6f 70 6e 61 76 26 61 6d 70 3b 73 75 70 70 6f 72 74 65 72 2e 61 70 70 65 61 6c 43 6f 64 65 3d 41 57 45 32 34 30 32 4f 51 31 38 33 33 36 41 30 31 35 37 31 52 58 22 3e 0a 3c 73 70 61 6e 3e 52 65 6e 65 77 20 79 6f 75 72 20 4d 65 6d 62
                                                                                        Data Ascii: ent="Homepages Show|Upper Nav Click|Donate - Renew your Membership" href="https://protect.worldwildlife.org/page/53082/donate/1?en_og_source=Web_Donation&amp;ea.tracking.id=Web_Topnav&amp;supporter.appealCode=AWE2402OQ18336A01571RX"><span>Renew your Memb
                                                                                        2023-09-15 03:49:51 UTC15INData Raw: 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b 7c 54 6f 67 67 6c 65 20 41 64 6f 70 74 20 44 72 6f 70 64 6f 77 6e 20 4c 69 6e 6b 73 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 63 72 65 65 6e 2d 72 65 61 64 65 72 22 3e 54 6f 67 67 6c 65 20 41 64 6f 70 74 20 62 75 74 74 6f 6e 20 3c 2f 73 70 61 6e 3e 0a 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 73 76 67 2d 69 63 6f 6e 20 2d 6f 70 65 6e 22 3e 0a 3c 70 61 74 68 20 64 3d 22 4d 31 32 20 32 63 2d
                                                                                        Data Ascii: event="Homepages Show|Upper Nav Click|Toggle Adopt Dropdown Links"><span class="screen-reader">Toggle Adopt button </span><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" aria-hidden="true" class="svg-icon -open"><path d="M12 2c-
                                                                                        2023-09-15 03:49:51 UTC16INData Raw: 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 67 69 66 74 2d 63 65 6e 74 65 72 2f 67 69 66 74 73 2f 47 69 66 74 73 2d 61 6e 64 2d 41 63 63 65 73 73 6f 72 69 65 73 2e 61 73 70 78 3f 73 63 3d 41 57 59 32 32 30 39 4f 51 31 38 33 33 35 41 30 32 30 37 33 52 58 26 61 6d 70 3b 73 5f 73 75 62 73 72 63 3d 74 6f 70 6e 61 76 22 3e 0a 3c 73 70 61 6e 3e 4d 6f 72 65 20 47 69 66 74 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 20 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 73 22 3e 0a 3c 75 6c 20 63 6c 61 73 73 3d 22 6e 61 76 20 70 72 69 6d 61 72 79 2d 6e 61 76 22 3e 0a 3c 6c 69 20 63 6c 61 73 73
                                                                                        Data Ascii: .worldwildlife.org/gift-center/gifts/Gifts-and-Accessories.aspx?sc=AWY2209OQ18335A02073RX&amp;s_subsrc=topnav"><span>More Gifts</span></a> </li></ul></div></div></div></li></ul></div><div class="nav-items"><ul class="nav primary-nav"><li class
                                                                                        2023-09-15 03:49:51 UTC18INData Raw: 61 76 20 43 6c 69 63 6b 7c 4f 75 72 20 57 6f 72 6b 20 2d 20 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f 75 74 20 6f 75 72 20 69 6d 70 61 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 69 6e 69 74 69 61 74 69 76 65 73 22 3e 0a 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f 75 74 20 6f 75 72 20 69 6d 70 61 63 74 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 73 76 67 2d 69 63 6f 6e 20 22 3e 0a 3c 70 61 74 68 20 64 3d 22 4d 38 2e 33 39 20 35 2e 34 35
                                                                                        Data Ascii: av Click|Our Work - Learn more about our impact" href="https://www.worldwildlife.org/initiatives">Learn more about our impact<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" aria-hidden="true" class="svg-icon "><path d="M8.39 5.45
                                                                                        2023-09-15 03:49:51 UTC19INData Raw: 20 2d 20 53 75 73 74 61 69 6e 61 62 69 6c 69 74 79 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 74 6f 70 69 63 73 2f 73 75 73 74 61 69 6e 61 62 69 6c 69 74 79 22 3e 53 75 73 74 61 69 6e 61 62 69 6c 69 74 79 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 67 72 6f 75 70 20 70 72 69 6d 61 72 79 22 3e 0a 3c 75 6c 3e 0a 3c 6c 69 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 6e 61 76 2d 68 65 61 64 65 72 22 3e 48 6f 77 20 77 65 20 77 6f 72 6b 3c 2f 73 70 61 6e 3e 0a 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67
                                                                                        Data Ascii: - Sustainability" href="https://www.worldwildlife.org/topics/sustainability">Sustainability</a></li></ul></div><div class="nav-group primary"><ul><li><span class="nav-header">How we work</span></li><li><a class="nav-link" data-track-event="Homepag
                                                                                        2023-09-15 03:49:51 UTC20INData Raw: 6e 20 6d 6f 72 65 20 61 62 6f 75 74 20 6f 75 72 20 69 6d 70 61 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 69 6e 69 74 69 61 74 69 76 65 73 22 3e 0a 4c 65 61 72 6e 20 6d 6f 72 65 20 61 62 6f 75 74 20 6f 75 72 20 69 6d 70 61 63 74 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 73 76 67 2d 69 63 6f 6e 20 22 3e 0a 3c 70 61 74 68 20 64 3d 22 4d 31 35 2e 36 37 20 31 31 2e 32 34 4c 39 2e 38 20 35 2e 33 34 41 2e 39 38 2e 39 38 20 30 20 30 30 39
                                                                                        Data Ascii: n more about our impact" href="https://www.worldwildlife.org/initiatives">Learn more about our impact<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" aria-hidden="true" class="svg-icon "><path d="M15.67 11.24L9.8 5.34A.98.98 0 009
                                                                                        2023-09-15 03:49:51 UTC22INData Raw: 73 76 67 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 2d 61 63 63 6f 72 64 69 6f 6e 2d 70 61 6e 65 6c 22 20 69 64 3d 22 70 72 69 6d 61 72 79 2d 6e 61 76 2d 70 61 6e 65 6c 2d 31 36 35 22 20 72 6f 6c 65 3d 22 72 65 67 69 6f 6e 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 47 65 74 20 69 6e 76 6f 6c 76 65 64 22 20 68 69 64 64 65 6e 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 2d 61 63 63 6f 72 64 69 6f 6e 2d 69 6e 6e 65 72 20 6e 61 76 2d 69 74 65 6d 2d 64 72 6f 70 64 6f 77 6e 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 76 69 65 77 2d 61 6c 6c 22 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20
                                                                                        Data Ascii: svg></div></button><div class="nav-item-accordion-panel" id="primary-nav-panel-165" role="region" aria-label="Get involved" hidden><div class="nav-item-accordion-inner nav-item-dropdown"><a class="nav-view-all" data-track-event="Homepages Show|Upper
                                                                                        2023-09-15 03:49:51 UTC23INData Raw: 67 2f 70 61 67 65 73 2f 77 61 79 73 2d 74 6f 2d 73 75 70 70 6f 72 74 2d 77 77 66 22 3e 47 69 76 65 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b 7c 47 65 74 20 69 6e 76 6f 6c 76 65 64 20 2d 20 53 65 6e 64 20 65 63 61 72 64 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 70 61 67 65 73 2f 73 65 6e 64 2d 66 72 65 65 2d 65 63 61 72 64 73 2d 74 6f 2d 79 6f 75 72 2d 66 72 69 65 6e 64 73 2d 61 6e 64 2d 66 61 6d 69 6c 79 22 3e 53 65 6e 64 20 65 63 61 72 64 73 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69
                                                                                        Data Ascii: g/pages/ways-to-support-wwf">Give</a></li><li><a class="nav-link" data-track-event="Homepages Show|Upper Nav Click|Get involved - Send ecards" href="https://www.worldwildlife.org/pages/send-free-ecards-to-your-friends-and-family">Send ecards</a></li><li
                                                                                        2023-09-15 03:49:51 UTC24INData Raw: 61 64 65 72 2d 6e 61 76 2d 73 6f 63 69 61 6c 22 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 73 70 61 63 65 2d 61 72 6f 75 6e 64 3b 22 3e 0a 3c 64 69 76 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 2f 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 66 75 6e 64 22 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 53 6f 63 69 61 6c 20 4f 75 74 62 6f 75 6e 64 20 43 6c 69 63 6b 20 2d 20 46 6f 6f 74 65 72 7c 46 61 63 65 62 6f 6f 6b 22 20 64 61 74 61 2d 73 6f 63 69 61 6c 2d 63 6f 6f 6b 69 65 3d 22 66 61 63 65 62 6f 6f 6b 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 63 72 65 65 6e 2d
                                                                                        Data Ascii: ader-nav-social" style="display: flex;justify-content: space-around;"><div><a href="https://www.facebook.com/worldwildlifefund" data-track-event="Homepages Show|Social Outbound Click - Footer|Facebook" data-social-cookie="facebook"><span class="screen-
                                                                                        2023-09-15 03:49:51 UTC26INData Raw: 2d 32 2e 31 20 33 2e 32 32 2d 33 2e 34 33 7a 22 20 66 69 6c 6c 3d 22 23 31 44 41 31 46 32 22 3e 3c 2f 70 61 74 68 3e 0a 3c 2f 73 76 67 3e 0a 3c 2f 61 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 69 6e 73 74 61 67 72 61 6d 2e 63 6f 6d 2f 57 6f 72 6c 64 5f 57 69 6c 64 6c 69 66 65 22 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 53 6f 63 69 61 6c 20 4f 75 74 62 6f 75 6e 64 20 43 6c 69 63 6b 20 2d 20 46 6f 6f 74 65 72 7c 49 6e 73 74 61 67 72 61 6d 22 20 64 61 74 61 2d 73 6f 63 69 61 6c 2d 63 6f 6f 6b 69 65 3d 22 69 6e 73 74 61 67 72 61 6d 22 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 63 72 65 65 6e 2d 72 65 61 64 65 72 22 3e 49 6e 73 74 61 67 72 61
                                                                                        Data Ascii: -2.1 3.22-3.43z" fill="#1DA1F2"></path></svg></a></div><div><a href="https://instagram.com/World_Wildlife" data-track-event="Homepages Show|Social Outbound Click - Footer|Instagram" data-social-cookie="instagram"><span class="screen-reader">Instagra
                                                                                        2023-09-15 03:49:51 UTC27INData Raw: 39 2e 39 36 20 30 20 30 31 2d 2e 36 32 2d 33 2e 33 35 63 2d 2e 30 39 2d 31 2e 39 2d 2e 31 2d 32 2e 34 36 2d 2e 31 2d 37 2e 32 37 20 30 2d 34 2e 38 2e 30 31 2d 35 2e 33 38 2e 31 2d 37 2e 32 37 2e 30 38 2d 31 2e 37 36 2e 33 37 2d 32 2e 37 31 2e 36 32 2d 33 2e 33 35 2e 33 32 2d 2e 38 34 2e 37 31 2d 31 2e 34 34 20 31 2e 33 34 2d 32 2e 30 37 61 35 2e 35 38 20 35 2e 35 38 20 30 20 30 31 32 2e 30 37 2d 31 2e 33 34 20 39 2e 39 36 20 39 2e 39 36 20 30 20 30 31 33 2e 33 35 2d 2e 36 32 63 31 2e 39 2d 2e 30 39 20 32 2e 34 36 2d 2e 31 20 37 2e 32 37 2d 2e 31 7a 6d 30 20 35 2e 35 32 61 39 2e 32 34 20 39 2e 32 34 20 30 20 31 30 30 20 31 38 2e 34 38 20 39 2e 32 34 20 39 2e 32 34 20 30 20 30 30 30 2d 31 38 2e 34 38 7a 4d 31 38 20 32 34 61 36 20 36 20 30 20 31 31 30 2d 31
                                                                                        Data Ascii: 9.96 0 01-.62-3.35c-.09-1.9-.1-2.46-.1-7.27 0-4.8.01-5.38.1-7.27.08-1.76.37-2.71.62-3.35.32-.84.71-1.44 1.34-2.07a5.58 5.58 0 012.07-1.34 9.96 9.96 0 013.35-.62c1.9-.09 2.46-.1 7.27-.1zm0 5.52a9.24 9.24 0 100 18.48 9.24 9.24 0 000-18.48zM18 24a6 6 0 110-1
                                                                                        2023-09-15 03:49:51 UTC28INData Raw: 2e 31 2d 32 2e 34 36 2d 2e 31 2d 37 2e 32 37 20 30 2d 34 2e 38 2e 30 31 2d 35 2e 33 38 2e 31 2d 37 2e 32 37 2e 30 38 2d 31 2e 37 36 2e 33 37 2d 32 2e 37 31 2e 36 32 2d 33 2e 33 35 2e 33 32 2d 2e 38 34 2e 37 31 2d 31 2e 34 34 20 31 2e 33 34 2d 32 2e 30 37 61 35 2e 35 38 20 35 2e 35 38 20 30 20 30 31 32 2e 30 37 2d 31 2e 33 34 20 39 2e 39 36 20 39 2e 39 36 20 30 20 30 31 33 2e 33 35 2d 2e 36 32 63 31 2e 39 2d 2e 30 39 20 32 2e 34 36 2d 2e 31 20 37 2e 32 37 2d 2e 31 7a 6d 30 20 35 2e 35 32 61 39 2e 32 34 20 39 2e 32 34 20 30 20 31 30 30 20 31 38 2e 34 38 20 39 2e 32 34 20 39 2e 32 34 20 30 20 30 30 30 2d 31 38 2e 34 38 7a 4d 31 38 20 32 34 61 36 20 36 20 30 20 31 31 30 2d 31 32 20 36 20 36 20 30 20 30 31 30 20 31 32 7a 4d 32 39 2e 37 37 20 38 2e 34 61 32 2e
                                                                                        Data Ascii: .1-2.46-.1-7.27 0-4.8.01-5.38.1-7.27.08-1.76.37-2.71.62-3.35.32-.84.71-1.44 1.34-2.07a5.58 5.58 0 012.07-1.34 9.96 9.96 0 013.35-.62c1.9-.09 2.46-.1 7.27-.1zm0 5.52a9.24 9.24 0 100 18.48 9.24 9.24 0 000-18.48zM18 24a6 6 0 110-12 6 6 0 010 12zM29.77 8.4a2.
                                                                                        2023-09-15 03:49:51 UTC30INData Raw: 32 37 20 30 2d 34 2e 38 2e 30 31 2d 35 2e 33 38 2e 31 2d 37 2e 32 37 2e 30 38 2d 31 2e 37 36 2e 33 37 2d 32 2e 37 31 2e 36 32 2d 33 2e 33 35 2e 33 32 2d 2e 38 34 2e 37 31 2d 31 2e 34 34 20 31 2e 33 34 2d 32 2e 30 37 61 35 2e 35 38 20 35 2e 35 38 20 30 20 30 31 32 2e 30 37 2d 31 2e 33 34 20 39 2e 39 36 20 39 2e 39 36 20 30 20 30 31 33 2e 33 35 2d 2e 36 32 63 31 2e 39 2d 2e 30 39 20 32 2e 34 36 2d 2e 31 20 37 2e 32 37 2d 2e 31 7a 6d 30 20 35 2e 35 32 61 39 2e 32 34 20 39 2e 32 34 20 30 20 31 30 30 20 31 38 2e 34 38 20 39 2e 32 34 20 39 2e 32 34 20 30 20 30 30 30 2d 31 38 2e 34 38 7a 4d 31 38 20 32 34 61 36 20 36 20 30 20 31 31 30 2d 31 32 20 36 20 36 20 30 20 30 31 30 20 31 32 7a 4d 32 39 2e 37 37 20 38 2e 34 61 32 2e 31 36 20 32 2e 31 36 20 30 20 31 31 2d
                                                                                        Data Ascii: 27 0-4.8.01-5.38.1-7.27.08-1.76.37-2.71.62-3.35.32-.84.71-1.44 1.34-2.07a5.58 5.58 0 012.07-1.34 9.96 9.96 0 013.35-.62c1.9-.09 2.46-.1 7.27-.1zm0 5.52a9.24 9.24 0 100 18.48 9.24 9.24 0 000-18.48zM18 24a6 6 0 110-12 6 6 0 010 12zM29.77 8.4a2.16 2.16 0 11-
                                                                                        2023-09-15 03:49:51 UTC31INData Raw: 61 74 68 20 66 69 6c 6c 3d 22 23 66 66 66 22 20 64 3d 22 4d 34 2e 35 20 31 30 2e 35 68 32 37 76 31 35 68 2d 32 37 7a 22 3e 3c 2f 70 61 74 68 3e 0a 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 63 6c 69 70 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 33 32 2e 30 35 20 36 2e 37 36 61 34 2e 35 36 20 34 2e 35 36 20 30 20 30 31 33 2e 32 20 33 2e 32 63 2e 37 35 20 32 2e 38 33 2e 37 35 20 38 2e 37 32 2e 37 35 20 38 2e 37 32 73 30 20 35 2e 39 2d 2e 37 34 20 38 2e 37 32 61 34 2e 35 32 20 34 2e 35 32 20 30 20 30 31 2d 33 2e 31 39 20 33 2e 32 63 2d 32 2e 38 32 2e 37 36 2d 31 34 2e 30 37 2e 37 36 2d 31 34 2e 30 37 2e 37 36 73 2d 31 31 2e 32 35 20 30 2d 31 34 2e 30 35 2d 2e 37 35 61 34 2e 35 36 20 34 2e 35 36 20 30 20 30
                                                                                        Data Ascii: ath fill="#fff" d="M4.5 10.5h27v15h-27z"></path><path fill-rule="evenodd" clip-rule="evenodd" d="M32.05 6.76a4.56 4.56 0 013.2 3.2c.75 2.83.75 8.72.75 8.72s0 5.9-.74 8.72a4.52 4.52 0 01-3.19 3.2c-2.82.76-14.07.76-14.07.76s-11.25 0-14.05-.75a4.56 4.56 0 0
                                                                                        2023-09-15 03:49:51 UTC32INData Raw: 67 6c 65 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 3e 41 62 6f 75 74 20 75 73 3c 2f 73 70 61 6e 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 73 63 72 65 65 6e 2d 72 65 61 64 65 72 22 3e 44 72 6f 70 64 6f 77 6e 20 4c 69 6e 6b 73 3c 2f 73 70 61 6e 3e 0a 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 34 20 32 34 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 22 74 72 75 65 22 20 63 6c 61 73 73 3d 22 73 76 67 2d 69 63 6f 6e 20 2d 6f 70 65 6e 22 3e 0a 3c 70 61 74 68 20 64 3d 22 4d 31 32 20 32 63 2d 2e 35 20 30 2d 2e 39 2e 34 2d 2e 39 2e 39 76 38 2e 31 37 48 32 2e 39 33 61 2e 39 33 2e 39 33 20 30 20
                                                                                        Data Ascii: gle</span><span>About us</span><span class="screen-reader">Dropdown Links</span></div><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" aria-hidden="true" class="svg-icon -open"><path d="M12 2c-.5 0-.9.4-.9.9v8.17H2.93a.93.93 0
                                                                                        2023-09-15 03:49:51 UTC34INData Raw: 32 30 38 63 0d 0a 67 3e 0a 3c 2f 61 3e 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 67 72 6f 75 70 2d 77 72 61 70 70 65 72 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 67 72 6f 75 70 20 70 72 69 6d 61 72 79 22 3e 0a 3c 75 6c 3e 0a 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b 7c 41 62 6f 75 74 20 75 73 20 2d 20 4d 69 73 73 69 6f 6e 20 61 6e 64 20 76 61 6c 75 65 73 20 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 70 61 67 65 73 2f 6f 75 72 2d 76 61 6c 75 65 73 22 3e 4d 69 73 73 69 6f 6e 20 61 6e 64 20 76
                                                                                        Data Ascii: 208cg></a> <div class="nav-group-wrapper"><div class="nav-group primary"><ul><li><a class="nav-link" data-track-event="Homepages Show|Upper Nav Click|About us - Mission and values " href="https://www.worldwildlife.org/pages/our-values">Mission and v
                                                                                        2023-09-15 03:49:51 UTC35INData Raw: 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b 7c 41 62 6f 75 74 20 75 73 20 2d 20 4e 65 77 73 72 6f 6f 6d 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 61 62 6f 75 74 2f 6e 65 77 73 2d 70 72 65 73 73 22 3e 4e 65 77 73 72 6f 6f 6d 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b 7c 41 62 6f 75 74 20 75 73 20 2d 20 46 69 6e 61 6e 63 69 61 6c 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f
                                                                                        Data Ascii: ="Homepages Show|Upper Nav Click|About us - Newsroom" href="https://www.worldwildlife.org/about/news-press">Newsroom</a></li><li><a class="nav-link" data-track-event="Homepages Show|Upper Nav Click|About us - Financials" href="https://www.worldwildlife.o
                                                                                        2023-09-15 03:49:51 UTC36INData Raw: 34 2d 2e 38 37 2e 38 2d 31 2e 37 38 2e 38 2d 32 2e 37 32 20 30 2d 31 2e 34 2d 2e 35 2d 32 2e 35 39 2d 31 2e 35 2d 33 2e 35 36 41 34 2e 38 37 20 34 2e 38 37 20 30 20 30 30 31 31 2e 31 32 20 36 63 2d 31 2e 34 32 20 30 2d 32 2e 36 34 2e 35 2d 33 2e 36 34 20 31 2e 34 39 41 34 2e 38 32 20 34 2e 38 32 20 30 20 30 30 36 20 31 31 2e 30 35 61 35 2e 30 33 20 35 2e 30 33 20 30 20 30 30 35 2e 31 32 20 35 2e 30 33 63 2e 39 33 20 30 20 31 2e 37 39 2d 2e 32 34 20 32 2e 35 37 2d 2e 37 32 6c 32 2e 35 20 32 2e 34 36 63 2e 32 33 2e 32 34 2e 35 2e 32 34 2e 37 37 20 30 6c 2e 38 36 2d 2e 38 37 63 2e 31 32 2d 2e 31 2e 31 38 2d 2e 32 33 2e 31 38 2d 2e 33 39 61 2e 34 38 2e 34 38 20 30 20 30 30 2d 2e 31 38 2d 2e 33 38 7a 6d 2d 39 2e 31 34 2d 32 2e 37 32 61 33 2e 32 36 20 33 2e 32
                                                                                        Data Ascii: 4-.87.8-1.78.8-2.72 0-1.4-.5-2.59-1.5-3.56A4.87 4.87 0 0011.12 6c-1.42 0-2.64.5-3.64 1.49A4.82 4.82 0 006 11.05a5.03 5.03 0 005.12 5.03c.93 0 1.79-.24 2.57-.72l2.5 2.46c.23.24.5.24.77 0l.86-.87c.12-.1.18-.23.18-.39a.48.48 0 00-.18-.38zm-9.14-2.72a3.26 3.2
                                                                                        2023-09-15 03:49:51 UTC38INData Raw: 37 39 2d 2e 32 34 20 32 2e 35 37 2d 2e 37 32 6c 32 2e 35 20 32 2e 34 36 63 2e 32 33 2e 32 34 2e 35 2e 32 34 2e 37 37 20 30 6c 2e 38 36 2d 2e 38 37 63 2e 31 32 2d 2e 31 2e 31 38 2d 2e 32 33 2e 31 38 2d 2e 33 39 61 2e 34 38 2e 34 38 20 30 20 30 30 2d 2e 31 38 2d 2e 33 38 7a 6d 2d 39 2e 31 34 2d 32 2e 37 32 61 33 2e 32 36 20 33 2e 32 36 20 30 20 30 31 2d 31 2e 30 32 2d 32 2e 34 63 30 2d 2e 39 35 2e 33 34 2d 31 2e 37 35 20 31 2e 30 32 2d 32 2e 34 32 2e 36 37 2d 2e 36 37 20 31 2e 34 38 2d 31 20 32 2e 34 34 2d 31 20 2e 39 35 20 30 20 31 2e 37 35 2e 33 33 20 32 2e 34 31 20 31 61 33 2e 32 36 20 33 2e 32 36 20 30 20 30 31 31 2e 30 32 20 32 2e 34 31 63 30 20 2e 39 34 2d 2e 33 34 20 31 2e 37 34 2d 31 2e 30 32 20 32 2e 34 31 61 33 2e 33 20 33 2e 33 20 30 20 30 31 2d
                                                                                        Data Ascii: 79-.24 2.57-.72l2.5 2.46c.23.24.5.24.77 0l.86-.87c.12-.1.18-.23.18-.39a.48.48 0 00-.18-.38zm-9.14-2.72a3.26 3.26 0 01-1.02-2.4c0-.95.34-1.75 1.02-2.42.67-.67 1.48-1 2.44-1 .95 0 1.75.33 2.41 1a3.26 3.26 0 011.02 2.41c0 .94-.34 1.74-1.02 2.41a3.3 3.3 0 01-
                                                                                        2023-09-15 03:49:51 UTC39INData Raw: 6e 61 76 2d 69 74 65 6d 2d 61 63 63 6f 72 64 69 6f 6e 2d 70 61 6e 65 6c 22 20 69 64 3d 22 61 63 74 69 6f 6e 2d 6e 61 76 2d 32 2d 70 61 6e 65 6c 2d 37 30 22 20 72 6f 6c 65 3d 22 72 65 67 69 6f 6e 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 44 6f 6e 61 74 65 22 20 68 69 64 64 65 6e 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 2d 61 63 63 6f 72 64 69 6f 6e 2d 69 6e 6e 65 72 20 6e 61 76 2d 69 74 65 6d 2d 64 72 6f 70 64 6f 77 6e 22 3e 0a 3c 75 6c 3e 0a 3c 6c 69 3e 0a 3c 61 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b 7c 44 6f 6e 61 74 65 20 2d 20 4d 61 6b 65 20 61 20 44 6f 6e 61 74 69 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70
                                                                                        Data Ascii: nav-item-accordion-panel" id="action-nav-2-panel-70" role="region" aria-label="Donate" hidden><div class="nav-item-accordion-inner nav-item-dropdown"><ul><li><a data-track-event="Homepages Show|Upper Nav Click|Donate - Make a Donation" href="https://p
                                                                                        2023-09-15 03:49:51 UTC40INData Raw: 20 41 64 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 70 72 6f 74 65 63 74 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 70 61 67 65 2f 35 33 30 35 37 2f 64 6f 6e 61 74 65 2f 31 3f 65 6e 5f 6f 67 5f 73 6f 75 72 63 65 3d 57 65 62 5f 44 52 54 56 5f 54 69 67 65 72 26 61 6d 70 3b 65 61 2e 74 72 61 63 6b 69 6e 67 2e 69 64 3d 57 65 62 5f 54 6f 70 6e 61 76 26 61 6d 70 3b 73 75 70 70 6f 72 74 65 72 2e 61 70 70 65 61 6c 43 6f 64 65 3d 41 57 53 32 34 30 32 52 51 31 38 33 33 36 41 30 36 39 34 34 52 58 22 3e 0a 3c 73 70 61 6e 3e 52 65 73 70 6f 6e 64 20 74 6f 20 6f 75 72 20 54 56 20 41 64 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 20 3c 2f 6c 69 3e 0a 3c 6c 69 3e 0a 3c 61 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53
                                                                                        Data Ascii: Ad" href="https://protect.worldwildlife.org/page/53057/donate/1?en_og_source=Web_DRTV_Tiger&amp;ea.tracking.id=Web_Topnav&amp;supporter.appealCode=AWS2402RQ18336A06944RX"><span>Respond to our TV Ad</span></a> </li><li><a data-track-event="Homepages S
                                                                                        2023-09-15 03:49:51 UTC42INData Raw: 3e 0a 3c 2f 73 76 67 3e 0a 3c 2f 62 75 74 74 6f 6e 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 2d 61 63 63 6f 72 64 69 6f 6e 2d 70 61 6e 65 6c 22 20 69 64 3d 22 61 63 74 69 6f 6e 2d 6e 61 76 2d 32 2d 70 61 6e 65 6c 2d 37 31 22 20 72 6f 6c 65 3d 22 72 65 67 69 6f 6e 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 41 64 6f 70 74 22 20 68 69 64 64 65 6e 3e 0d 0a
                                                                                        Data Ascii: ></svg></button><div class="nav-item-accordion-panel" id="action-nav-2-panel-71" role="region" aria-label="Adopt" hidden>
                                                                                        2023-09-15 03:49:51 UTC42INData Raw: 37 66 66 61 0d 0a 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 2d 61 63 63 6f 72 64 69 6f 6e 2d 69 6e 6e 65 72 20 6e 61 76 2d 69 74 65 6d 2d 64 72 6f 70 64 6f 77 6e 22 3e 0a 3c 75 6c 3e 0a 3c 6c 69 3e 0a 3c 61 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 55 70 70 65 72 20 4e 61 76 20 43 6c 69 63 6b 7c 41 64 6f 70 74 20 2d 20 41 64 6f 70 74 69 6f 6e 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 69 66 74 73 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 67 69 66 74 2d 63 65 6e 74 65 72 2f 67 69 66 74 73 2f 53 70 65 63 69 65 73 2d 41 64 6f 70 74 69 6f 6e 73 2e 61 73 70 78 3f 73 63 3d 41 57 59 32 32 30 39 4f 51 31 38 33 33 35 41 30 32 30 37 31 52 58 26 61 6d 70 3b 73
                                                                                        Data Ascii: 7ffa<div class="nav-item-accordion-inner nav-item-dropdown"><ul><li><a data-track-event="Homepages Show|Upper Nav Click|Adopt - Adoptions" href="https://gifts.worldwildlife.org/gift-center/gifts/Species-Adoptions.aspx?sc=AWY2209OQ18335A02071RX&amp;s
                                                                                        2023-09-15 03:49:51 UTC43INData Raw: 65 64 69 61 3d 22 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31 32 30 30 70 78 29 22 3e 0a 3c 73 6f 75 72 63 65 20 73 72 63 73 65 74 3d 22 68 74 74 70 73 3a 2f 2f 66 69 6c 65 73 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 77 77 66 63 6d 73 70 72 6f 64 2f 69 6d 61 67 65 73 2f 42 65 68 61 74 69 5f 77 69 74 68 5f 52 68 69 6e 6f 73 2f 35 36 30 78 33 37 33 5f 68 61 73 68 2f 31 68 63 69 62 64 71 70 75 6e 5f 42 65 68 61 69 74 5f 77 69 74 68 5f 77 68 69 74 65 5f 72 68 69 6e 6f 5f 69 6e 5f 62 61 63 6b 67 72 6f 75 6e 64 2e 6a 70 67 22 20 6d 65 64 69 61 3d 22 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31 30 30 30 70 78 29 22 3e 0a 3c 73 6f 75 72 63 65 20 73 72 63 73 65 74 3d 22 68 74 74 70 73 3a 2f 2f 66 69 6c 65 73 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72
                                                                                        Data Ascii: edia="(min-width: 1200px)"><source srcset="https://files.worldwildlife.org/wwfcmsprod/images/Behati_with_Rhinos/560x373_hash/1hcibdqpun_Behait_with_white_rhino_in_background.jpg" media="(min-width: 1000px)"><source srcset="https://files.worldwildlife.or
                                                                                        2023-09-15 03:49:51 UTC44INData Raw: 2d 6e 61 6d 69 62 69 61 2d 73 2d 62 6c 61 63 6b 2d 72 68 69 6e 6f 73 2d 61 6e 64 2d 77 68 61 74 2d 77 65 2d 63 61 6e 2d 64 6f 2d 74 6f 2d 73 61 76 65 2d 74 68 65 6d 22 3e 52 65 61 64 20 68 65 72 20 73 74 6f 72 79 3c 2f 61 3e 0a 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 20 67 75 74 74 65 72 2d 68 6f 72 69 7a 2d 69 6e 20 77 79 73 69 77 79 67 20 6c 65 61 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 61 6e 31 32 22 3e 0a 3c 73 74 79 6c 65 3e 0a 23 66 65 61 74 75 72 65 64 2d 73 74 6f 72 79 2d 6f 6e 6c 79 2d 6e 65 77 73 20 2b 20 23 77 6f 72 6b 2d 69 6e 2d 61 63 74 69 6f 6e 3e 2e 68 6f 6d 65 70 61 67 65 2d 6c
                                                                                        Data Ascii: -namibia-s-black-rhinos-and-what-we-can-do-to-save-them">Read her story</a></p></div></div></div><div class="wrapper"><div class="row gutter-horiz-in wysiwyg lead"><div class="span12"><style>#featured-story-only-news + #work-in-action>.homepage-l
                                                                                        2023-09-15 03:49:51 UTC46INData Raw: 73 66 6f 72 6d 3a 6e 6f 6e 65 3b 0a 7d 0a 2e 77 77 66 2e 68 6f 6d 65 70 61 67 65 5f 5f 68 65 61 64 69 6e 67 2e 2d 6c 61 72 67 65 2c 20 2e 77 77 66 2e 68 6f 6d 65 70 61 67 65 5f 5f 68 65 61 64 69 6e 67 2c 20 2e 68 6f 6d 65 70 61 67 65 2d 69 6d 70 61 63 74 5f 5f 68 65 61 64 69 6e 67 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 63 6c 61 6d 70 28 32 34 70 78 2c 32 2e 35 76 77 2c 33 30 70 78 29 3b 0a 7d 0a 68 32 2e 77 77 66 2e 68 6f 6d 65 70 61 67 65 2d 69 6d 70 61 63 74 5f 5f 68 65 61 64 69 6e 67 3a 62 65 66 6f 72 65 2c 20 68 32 2e 77 77 66 2e 68 6f 6d 65 70 61 67 65 2d 67 6f 61 6c 73 5f 5f 68 65 61 64 69 6e 67 3a 62 65 66 6f 72 65 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 64 35 35 63 31 39 3b 0a 20 20 20 20 63 6f
                                                                                        Data Ascii: sform:none;}.wwf.homepage__heading.-large, .wwf.homepage__heading, .homepage-impact__heading { font-size: clamp(24px,2.5vw,30px);}h2.wwf.homepage-impact__heading:before, h2.wwf.homepage-goals__heading:before { background-color: #d55c19; co
                                                                                        2023-09-15 03:49:51 UTC47INData Raw: 65 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 20 67 75 74 74 65 72 2d 68 6f 72 69 7a 2d 69 6e 20 77 79 73 69 77 79 67 20 6c 65 61 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 61 6e 31 32 22 3e 0a 3c 73 74 79 6c 65 3e 0a 2e 68 6f 6d 65 70 61 67 65 2d 6e 65 77 73 5f 5f 73 65 63 6f 6e 64 61 72 79 5f 5f 73 74 6f 72 79 3a 6e 74 68 2d 63 68 69 6c 64 28 31 29 20 2e 68 6f 6d 65 70 61 67 65 2d 6e 65 77 73 5f 5f 73 65 63 6f 6e 64 61 72 79 5f 5f 63 6f 6e 74 65 6e 74 3a 62 65 66 6f 72 65 20 7b 0a 20 20 20 20 63 6f 6e 74 65 6e 74 3a 20 22 6e 65 77 73 22 3b 0a 7d 0a 2e 68 6f 6d 65 70 61 67 65 2d 6e 65 77 73 5f 5f 73 65 63 6f
                                                                                        Data Ascii: e></div></div></div><div class="wrapper"><div class="row gutter-horiz-in wysiwyg lead"><div class="span12"><style>.homepage-news__secondary__story:nth-child(1) .homepage-news__secondary__content:before { content: "news";}.homepage-news__seco
                                                                                        2023-09-15 03:49:51 UTC49INData Raw: 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 69 6d 70 61 63 74 20 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 69 6d 70 61 63 74 5f 5f 69 6e 6e 65 72 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 69 6d 70 61 63 74 5f 5f 63 6f 6e 74 65 6e 74 22 3e 0a 3c 68 32 20 63 6c 61 73 73 3d 22 77 77 66 20 68 6f 6d 65 70 61 67 65 2d 69 6d 70 61 63 74 5f 5f 68 65 61 64 69 6e 67 22 3e 0a 4f 75 72 20 69 6d 70 61 63 74 0a 3c 2f 68 32 3e 0a 3c 70 3e 0a 57 65 20 63 6f 6c 6c 61 62 6f 72 61 74 65 20 77 69 74 68 20 6c 6f 63 61 6c 20 63 6f 6d 6d 75 6e 69 74 69 65 73 20 74 6f 20 63 6f 6e 73 65 72 76 65 20 74 68 65 20 6e 61 74 75 72 61 6c 20 72 65 73 6f 75 72 63 65 73 20 77 65 20 61 6c 6c 20 64 65 70 65
                                                                                        Data Ascii: ><div class="homepage-impact "><div class="homepage-impact__inner"><div class="homepage-impact__content"><h2 class="wwf homepage-impact__heading">Our impact</h2><p>We collaborate with local communities to conserve the natural resources we all depe
                                                                                        2023-09-15 03:49:51 UTC50INData Raw: 73 74 61 74 5f 5f 64 65 74 61 69 6c 22 3e 0a 3c 70 3e 0a 57 57 46 20 6c 61 75 6e 63 68 65 64 20 61 6e 20 69 6e 74 65 72 6e 61 74 69 6f 6e 61 6c 20 65 66 66 6f 72 74 20 74 6f 20 73 61 76 65 20 77 69 6c 64 6c 69 66 65 20 69 6e 20 31 39 36 31 2c 20 72 65 73 63 75 69 6e 67 20 62 6c 61 63 6b 20 72 68 69 6e 6f 73 e2 80 94 61 6d 6f 6e 67 20 6d 61 6e 79 20 6f 74 68 65 72 20 73 70 65 63 69 65 73 e2 80 94 66 72 6f 6d 20 74 68 65 20 62 72 69 6e 6b 20 6f 66 20 65 78 74 69 6e 63 74 69 6f 6e 2e 0a 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 62 75 74 74 6f 6e 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 52 65 76 65 61 6c 20 73 74 61 74 69 73 74 69 63 20 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 69 6d 70 61 63 74 5f
                                                                                        Data Ascii: stat__detail"><p>WWF launched an international effort to save wildlife in 1961, rescuing black rhinosamong many other speciesfrom the brink of extinction.</p></div></div><button aria-label="Reveal statistic description" class="homepage-impact_
                                                                                        2023-09-15 03:49:51 UTC51INData Raw: 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 32 30 20 32 30 22 20 66 69 6c 6c 3d 22 6e 6f 6e 65 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 3e 0a 3c 70 61 74 68 20 66 69 6c 6c 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 63 6c 69 70 2d 72 75 6c 65 3d 22 65 76 65 6e 6f 64 64 22 20 64 3d 22 4d 39 20 35 48 31 31 56 37 48 39 56 35 5a 4d 39 20 39 48 31 31 56 31 35 48 39 56 39 5a 4d 31 30 20 30 43 34 2e 34 38 20 30 20 30 20 34 2e 34 38 20 30 20 31 30 43 30 20 31 35 2e 35 32 20 34 2e 34 38 20 32 30 20 31 30 20 32 30 43 31 35 2e 35 32 20 32 30 20 32 30 20 31 35 2e 35 32 20 32 30 20 31 30 43 32 30 20 34 2e 34 38 20 31 35 2e 35 32 20 30 20 31 30 20 30 5a 4d 31 30 20 31 38 43 35 2e 35 39 20 31 38 20
                                                                                        Data Ascii: " viewBox="0 0 20 20" fill="none" xmlns="http://www.w3.org/2000/svg"><path fill-rule="evenodd" clip-rule="evenodd" d="M9 5H11V7H9V5ZM9 9H11V15H9V9ZM10 0C4.48 0 0 4.48 0 10C0 15.52 4.48 20 10 20C15.52 20 20 15.52 20 10C20 4.48 15.52 0 10 0ZM10 18C5.59 18
                                                                                        2023-09-15 03:49:51 UTC53INData Raw: 6f 6e 3e 0a 3c 64 69 76 20 69 64 3d 22 72 68 69 6e 6f 2d 70 72 6f 6d 6f 22 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 63 74 61 73 5f 5f 77 72 61 70 70 65 72 22 3e 0a 3c 64 69 76 20 69 64 3d 22 6c 61 72 67 65 5f 69 6d 61 67 65 5f 62 6c 6f 63 6b 5f 38 32 30 63 66 37 22 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 63 74 61 20 63 74 61 2d 76 61 72 69 61 6e 74 2d 2d 69 6d 61 67 65 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 63 74 61 5f 5f 69 6d 61 67 65 22 3e 0a 3c 69 6d 67 20 61 6c 74 3d 22 42 6c 61 63 6b 20 72 68 69 6e 6f 20 6d 6f 74 68 65 72 20 61 6e 64 20 63 61 6c 66 20 61 6d 6f 6e 67 73 74 20 64 65 73 65 72 74 20 67 72 65 65 6e 65 72 79 20 61 74 20 73 75 6e 73 65 74 22 20 6c 6f 61 64 69 6e 67 3d 22 6c 61 7a 79 22
                                                                                        Data Ascii: on><div id="rhino-promo" class="homepage-ctas__wrapper"><div id="large_image_block_820cf7" class="homepage-cta cta-variant--image"><div class="homepage-cta__image"><img alt="Black rhino mother and calf amongst desert greenery at sunset" loading="lazy"
                                                                                        2023-09-15 03:49:51 UTC57INData Raw: 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 6e 65 77 73 5f 5f 73 65 63 6f 6e 64 61 72 79 5f 5f 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 73 74 6f 72 69 65 73 2f 61 2d 63 6c 69 6d 61 74 65 2d 68 69 67 68 2d 61 2d 63 6c 69 6d 61 74 65 2d 6c 6f 77 2d 61 6e 64 2d 6f 75 72 2d 63 6c 69 6d 61 74 65 2d 66 75 74 75 72 65 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 6e 65 77 73 5f 5f 73 65 63 6f 6e 64 61 72 79 5f 5f 69 6d 61 67 65 22 3e 0a 3c 70 69 63 74 75 72 65 3e 0a 3c 73 6f 75 72 63 65 20 73 72 63 73 65 74 3d 22 68 74 74 70 73 3a 2f 2f 66 69 6c 65 73 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 77 77 66 63 6d 73 70 72
                                                                                        Data Ascii: "><a class="homepage-news__secondary__link" href="https://www.worldwildlife.org/stories/a-climate-high-a-climate-low-and-our-climate-future"><div class="homepage-news__secondary__image"><picture><source srcset="https://files.worldwildlife.org/wwfcmspr
                                                                                        2023-09-15 03:49:51 UTC61INData Raw: 66 36 61 39 34 30 64 66 32 65 35 32 39 66 63 32 65 66 31 62 65 35 35 61 66 62 66 38 2e 73 76 67 22 20 2f 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 67 6f 61 6c 73 5f 5f 74 69 74 6c 65 22 3e 43 72 65 61 74 65 20 61 20 63 6c 69 6d 61 74 65 2d 72 65 73 69 6c 69 65 6e 74 20 61 6e 64 20 7a 65 72 6f 2d 63 61 72 62 6f 6e 20 77 6f 72 6c 64 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 20 69 64 3d 22 67 6f 61 6c 5f 62 6c 6f 63 6b 5f 64 30 64 62 64 36 22 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 67 6f 61 6c 73 5f 5f 69 74 65 6d 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 67 6f 61 6c 73 5f 5f 6c 69 6e 6b 22 20 68 72 65 66 3d 22 2f 69 6e 69 74 69 61 74 69 76 65 73 2f 66 6f 6f 64 22 3e 0a 3c
                                                                                        Data Ascii: f6a940df2e529fc2ef1be55afbf8.svg" /><span class="homepage-goals__title">Create a climate-resilient and zero-carbon world</span></a></li><li id="goal_block_d0dbd6" class="homepage-goals__item"><a class="homepage-goals__link" href="/initiatives/food"><
                                                                                        2023-09-15 03:49:51 UTC65INData Raw: 20 73 74 65 77 61 72 64 73 20 6f 66 20 74 68 65 69 72 20 6f 77 6e 20 6c 61 6e 64 73 2e 0a 3c 2f 73 70 61 6e 3e 0a 3c 2f 61 3e 20 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 72 61 70 70 65 72 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 20 67 75 74 74 65 72 2d 68 6f 72 69 7a 2d 69 6e 20 77 79 73 69 77 79 67 20 6c 65 61 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 61 6e 31 32 22 3e 0a 3c 70 3e 26 6e 62 73 70 3b 3c 2f 70 3e 3c 70 3e 26 6e 62 73 70 3b 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 20 77 79 73 69 77 79 67 20 6c 65 61 64 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 70 61 6e 31 32
                                                                                        Data Ascii: stewards of their own lands.</span></a> </p></div></div><div class="wrapper"><div class="row gutter-horiz-in wysiwyg lead"><div class="span12"><p>&nbsp;</p><p>&nbsp;</p></div></div></div><div><div class="row wysiwyg lead"><div class="span12
                                                                                        2023-09-15 03:49:51 UTC69INData Raw: 2f 6c 69 3e 0a 3c 6c 69 20 69 64 3d 22 73 75 70 70 6c 65 6d 65 6e 74 61 6c 5f 6c 69 6e 6b 5f 62 6c 6f 63 6b 5f 66 61 65 61 38 30 22 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 73 75 70 70 6c 65 6d 65 6e 74 61 6c 2d 6c 69 6e 6b 73 5f 5f 69 74 65 6d 22 3e 0a 3c 61 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 73 75 70 70 6c 65 6d 65 6e 74 61 6c 2d 6c 69 6e 6b 73 5f 5f 6c 69 6e 6b 22 20 68 72 65 66 3d 22 2f 64 65 73 63 75 62 72 65 2d 77 77 66 22 3e 0a 3c 68 33 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 73 75 70 70 6c 65 6d 65 6e 74 61 6c 2d 6c 69 6e 6b 73 5f 5f 74 69 74 6c 65 22 3e 0a 44 65 73 63 75 62 72 65 20 57 57 46 0a 3c 2f 68 33 3e 0a 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 6f 6d 65 70 61 67 65 2d 73 75 70 70 6c 65 6d 65 6e 74 61
                                                                                        Data Ascii: /li><li id="supplemental_link_block_faea80" class="homepage-supplemental-links__item"><a class="homepage-supplemental-links__link" href="/descubre-wwf"><h3 class="homepage-supplemental-links__title">Descubre WWF</h3><span class="homepage-supplementa
                                                                                        2023-09-15 03:49:51 UTC73INData Raw: 22 3e 47 65 74 20 69 6e 76 6f 6c 76 65 64 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 46 6f 6f 74 65 72 20 43 6c 69 63 6b 7c 43 61 72 65 65 72 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 61 62 6f 75 74 2f 63 61 72 65 65 72 73 22 3e 43 61 72 65 65 72 73 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 3e 3c 61 20 64 61 74 61 2d 74 72 61 63 6b 2d 65 76 65 6e 74 3d 22 48 6f 6d 65 70 61 67 65 73 20 53 68 6f 77 7c 46 6f 6f 74 65 72 20 43 6c 69 63 6b 7c 43 6f 6e 74 61 63 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 6f 72 6c 64 77 69 6c 64 6c 69 66 65 2e 6f 72 67 2f 61 62 6f
                                                                                        Data Ascii: ">Get involved</a></li><li><a data-track-event="Homepages Show|Footer Click|Careers" href="https://www.worldwildlife.org/about/careers">Careers</a></li><li><a data-track-event="Homepages Show|Footer Click|Contact" href="https://www.worldwildlife.org/abo
                                                                                        2023-09-15 03:49:51 UTC74INData Raw: 33 32 64 63 0d 0a 2f 6d 65 64 69 61 2f 65 6e 2f 67 75 69 2f 35 39 30 34 31 2f 69 6e 64 65 78 2e 68 74 6d 6c 22 3e 45 74 68 69 63 73 20 72 65 70 6f 72 74 69 6e 67 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6d 61 69 6c 2d 73 69 67 6e 75 70 2d 66 6f 6f 74 65 72 22 3e 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 2d 6c 69 67 68 74 20 67 75 74 74 65 72 2d 68 6f 72 69 7a 2d 69 6e 22 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 2d 77 72 61 70 70 65 72 20 66 6f 6f 74 65 72 2d 66 6c 65 78 2d 63 6f 6e 74 61 69 6e 65 72 20 66 6f 6f 74 65 72 2d 66 6c 65 78 2d 63 6f 6e 74 61 69 6e 65 72 5f 5f 61 6c 69 67 6e 2d 63 65 6e
                                                                                        Data Ascii: 32dc/media/en/gui/59041/index.html">Ethics reporting</a></li></ul></div><div class="email-signup-footer"></div></div></div><div class="footer-light gutter-horiz-in"><div class="footer-wrapper footer-flex-container footer-flex-container__align-cen
                                                                                        2023-09-15 03:49:51 UTC78INData Raw: 39 63 2d 31 2d 31 2d 32 2d 31 2e 36 32 2d 33 2e 31 39 2d 32 2e 30 37 41 31 33 2e 32 31 20 31 33 2e 32 31 20 30 20 30 30 32 35 2e 34 32 2e 31 43 32 33 2e 35 2e 30 32 20 32 32 2e 39 20 30 20 31 38 20 30 7a 6d 30 20 33 2e 32 34 63 34 2e 38 20 30 20 35 2e 33 38 2e 30 32 20 37 2e 32 37 2e 31 20 31 2e 37 36 2e 30 39 20 32 2e 37 31 2e 33 38 20 33 2e 33 35 2e 36 33 2e 38 34 2e 33 32 20 31 2e 34 34 2e 37 31 20 32 2e 30 37 20 31 2e 33 34 61 35 2e 35 38 20 35 2e 35 38 20 30 20 30 31 31 2e 33 34 20 32 2e 30 37 63 2e 32 35 2e 36 34 2e 35 34 20 31 2e 36 2e 36 32 20 33 2e 33 35 2e 30 39 20 31 2e 39 2e 31 20 32 2e 34 36 2e 31 20 37 2e 32 37 20 30 20 34 2e 38 2d 2e 30 31 20 35 2e 33 38 2d 2e 31 20 37 2e 32 37 61 39 2e 39 36 20 39 2e 39 36 20 30 20 30 31 2d 2e 36 32 20 33
                                                                                        Data Ascii: 9c-1-1-2-1.62-3.19-2.07A13.21 13.21 0 0025.42.1C23.5.02 22.9 0 18 0zm0 3.24c4.8 0 5.38.02 7.27.1 1.76.09 2.71.38 3.35.63.84.32 1.44.71 2.07 1.34a5.58 5.58 0 011.34 2.07c.25.64.54 1.6.62 3.35.09 1.9.1 2.46.1 7.27 0 4.8-.01 5.38-.1 7.27a9.96 9.96 0 01-.62 3
                                                                                        2023-09-15 03:49:51 UTC82INData Raw: 0a 3c 2f 61 3e 0a 3c 2f 6c 69 3e 0a 3c 2f 75 6c 3e 0a 3c 2f 75 6c 3e 0a 3c 70 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 2d 74 61 78 20 66 6f 6f 74 65 72 2d 62 72 2d 74 6f 70 5f 5f 6d 6f 62 69 6c 65 22 3e 57 6f 72 6c 64 20 57 69 6c 64 6c 69 66 65 20 46 75 6e 64 20 49 6e 63 2e 20 69 73 20 61 20 6e 6f 6e 70 72 6f 66 69 74 2c 20 74 61 78 2d 65 78 65 6d 70 74 20 63 68 61 72 69 74 61 62 6c 65 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 20 28 74 61 78 20 49 44 20 6e 75 6d 62 65 72 20 35 32 2d 31 36 39 33 33 38 37 29 20 75 6e 64 65 72 20 53 65 63 74 69 6f 6e 20 35 30 31 28 63 29 28 33 29 20 6f 66 20 74 68 65 20 49 6e 74 65 72 6e 61 6c 20 52 65 76 65 6e 75 65 20 43 6f 64 65 2e 20 44 6f 6e 61 74 69 6f 6e 73 20 61 72 65 20 74 61 78 2d 64 65 64 75 63 74 69 62 6c 65 20 61
                                                                                        Data Ascii: </a></li></ul></ul><p class="footer-tax footer-br-top__mobile">World Wildlife Fund Inc. is a nonprofit, tax-exempt charitable organization (tax ID number 52-1693387) under Section 501(c)(3) of the Internal Revenue Code. Donations are tax-deductible a
                                                                                        2023-09-15 03:49:51 UTC86INData Raw: 6e 74 2d 73 69 7a 65 3a 20 63 6c 61 6d 70 28 32 36 70 78 2c 33 2e 37 76 77 2c 33 32 70 78 29 3b 0d 0a 7d 0d 0a 2e 68 6f 6d 65 70 61 67 65 2d 6c 67 2d 63 61 6d 70 61 69 67 6e 2d 74 65 78 74 5f 5f 74 69 74 6c 65 3a 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 20 20 77 69 64 74 68 3a 20 30 3b 0d 0a 7d 0d 0a 2e 68 6f 6d 65 70 61 67 65 2d 6c 67 2d 63 61 6d 70 61 69 67 6e 2d 74 65 78 74 20 7b 0d 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 31 30 30 70 78 3b 0d 0a 7d 0d 0a 0d 0a 0d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 63 72 69 70 74 73 2f 37 64 30 66 61 31 30 61 2f 63 6c 6f 75 64 66 6c 61 72 65 2d 73 74 61 74 69 63 2f 72 6f 63 6b 65 74 2d 6c 6f 61 64 65 72 2e 6d 69 6e
                                                                                        Data Ascii: nt-size: clamp(26px,3.7vw,32px);}.homepage-lg-campaign-text__title::before { width: 0;}.homepage-lg-campaign-text { padding-bottom: 100px;}</style></div><script src="/cdn-cgi/scripts/7d0fa10a/cloudflare-static/rocket-loader.min
                                                                                        2023-09-15 03:49:51 UTC87INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                        2192.168.2.449712146.75.28.193443C:\Users\user\Desktop\VqBVE8dJEA.exe
                                                                                        TimestampkBytes transferredDirectionData
                                                                                        2023-09-15 03:49:52 UTC87OUTGET /unqTcwu.png HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Host: i.imgur.com
                                                                                        2023-09-15 03:49:52 UTC87INHTTP/1.1 200 OK
                                                                                        Connection: close
                                                                                        Content-Length: 3973418
                                                                                        Content-Type: image/png
                                                                                        Last-Modified: Thu, 14 Sep 2023 14:02:38 GMT
                                                                                        ETag: "80db1b537cfc984211fd74b7ecfd30ba"
                                                                                        x-amz-server-side-encryption: AES256
                                                                                        X-Amz-Cf-Pop: IAD12-P2
                                                                                        X-Amz-Cf-Id: WZjJ4saRcBb9_3eNI63O6HCgb0qSAD_svV6CyAOpqTmqjNJO29688A==
                                                                                        cache-control: public, max-age=31536000
                                                                                        Accept-Ranges: bytes
                                                                                        Date: Fri, 15 Sep 2023 03:49:52 GMT
                                                                                        Age: 49634
                                                                                        X-Served-By: cache-iad-kiad7000126-IAD
                                                                                        X-Cache: Miss from cloudfront, HIT
                                                                                        X-Cache-Hits: 1
                                                                                        X-Timer: S1694749792.318687,VS0,VE11
                                                                                        Strict-Transport-Security: max-age=300
                                                                                        Access-Control-Allow-Methods: GET, OPTIONS
                                                                                        Access-Control-Allow-Origin: *
                                                                                        Server: cat factory 1.0
                                                                                        X-Content-Type-Options: nosniff
                                                                                        2023-09-15 03:49:52 UTC87INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 a7 00 00 02 55 08 02 00 00 00 f5 3f ad 40 00 00 20 00 49 44 41 54 78 9c ec bd 77 98 5b d7 75 e8 bb 71 d0 7b ef bd 0c 06 c0 60 fa 70 1a c9 61 15 3b a9 6e 49 6e 72 62 3b b6 e5 38 71 72 73 f3 ee 1f f7 e5 e5 f9 25 f1 bd 37 f7 4b 9c 6b c7 89 2d d9 96 64 f5 ce 36 ec e4 b0 cc 70 fa 0c 38 0d d3 80 41 ef bd e3 e0 e0 bc 3f 8e 34 99 90 14 25 db 24 4d 4b f8 7d fc f4 01 38 fb ac bd cf c2 9e ad 8d b5 f6 5a 0b 17 8b 46 40 8d 1a 35 6a 7c 6e 80 7e df 03 a8 51 a3 46 8d fb 4a 6d d5 ab 51 a3 c6 e7 8b da aa 57 a3 46 8d cf 17 84 df f7 00 6a 7c 5e 60 1f 13 fc be 87 50 e3 b3 4f ea 48 f4 13 db d4 f6 7a 35 6a d4 f8 7c 51 db eb d5 b8 af e0 ff e8 f7 3d 82 1a 9f 51 90 5f 01 00 00 5f 20 fc c4 73 29 b5 bd 5e 8d 1a 35 3e 5f d4 56
                                                                                        Data Ascii: PNGIHDRU?@ IDATxw[uq{`pa;nInrb;8qrs%7Kk-d6p8A?4%$MK}8ZF@5j|n~QFJmQWFj|^`POHz5j|Q=Q__ s)^5>_V
                                                                                        2023-09-15 03:49:52 UTC89INData Raw: 13 09 44 0e 9b 73 57 67 cd 27 80 ab 55 0b aa 71 7f c0 b2 8a 7e 72 a6 a9 9b ec 7a 28 5a 2c 16 33 99 cc ec ec 8c 44 22 a1 d3 e9 63 a3 63 9b 3a 37 a9 54 ea 4c 26 73 ed ea d5 7a 93 89 42 26 17 4b 25 97 6b ad a7 a7 77 72 72 52 a3 56 0b 45 a2 44 22 e1 74 3a f0 78 42 22 1e 37 5b cc 6c 36 87 c9 64 02 00 72 b9 dc 95 cb 97 25 12 09 8a a2 00 00 89 44 22 14 89 46 86 87 b7 6c dd ea f7 f9 c4 12 09 82 20 c9 64 72 6d cd 49 c0 13 24 12 89 4c 2e f7 fb 7c 00 80 42 b1 18 89 44 54 4a 25 8f cf cf e7 73 3c 1e 7f 7c 6c 0c a9 22 56 6b e3 dc dc 6c 67 67 57 24 12 99 18 1f df be 63 47 38 1c 8a c7 e2 c9 64 b2 ab bb fb c2 85 f3 6d 6d ed 32 99 2c 1e 8f 91 c9 94 68 34 ca 66 b3 21 08 62 b1 58 1e 8f 1b 45 d1 35 e7 5a df b6 6d 77 d0 80 cf e3 91 2b 14 1e 8f 9b 42 a1 2e da ed 1a ad 76 7e 6e
                                                                                        Data Ascii: DsWg'Uq~rz(Z,3D"cc:7TL&szB&K%kwrrRVED"t:xB"7[l6dr%D"Fl drmI$L.|BDTJ%s<|l"VklggW$cG8dmm2,h4f!bXE5Zmw+B.v~n
                                                                                        2023-09-15 03:49:52 UTC90INData Raw: 93 29 a1 50 68 d7 ae 5d cb cb 4b 0a 85 12 41 aa d9 6c 36 9d 4e b7 b7 b5 a5 d3 19 b7 db 0d 00 98 9b 9d f1 79 bd 28 8a 3e f2 e8 a3 5e 8f 87 cb e5 49 24 12 00 00 82 20 6d 6d 6d 6a b5 c6 d2 60 19 19 1e 66 b1 58 4b 8b 8b 14 0a 59 a7 d3 29 e4 f2 64 22 e9 f5 7a 00 00 85 42 41 2c 16 1b 0c 06 18 86 39 5c ae c9 64 a6 d1 e8 0f 3f fc 88 cf eb 5d 5d 5d 95 c9 64 d8 60 50 14 2d 15 4b d8 90 10 04 d9 be 63 87 cd 66 0b 06 83 c5 62 71 cf de bd 78 3c de ef f7 d3 68 34 14 45 9b 9b 9b 3d 1e 0f 8b cd aa a2 d5 3a 43 1d 0e 87 1b 1e 1e a6 33 e8 81 60 b0 b9 a5 05 86 cb 1d 1d 9b b0 7e 55 2a b5 48 24 0a 06 83 dd dd 3d f9 dc 6f b3 a7 fe 4d a9 ed f5 6a 3c 70 cc cc dc 38 7c e4 48 2e 9b c5 13 08 04 02 01 00 80 54 2a b9 5c 8e 4c 22 f5 6e de d2 d4 d4 34 3b 33 d3 da d6 b6 7d fb 0e b9 42 91
                                                                                        Data Ascii: )Ph]KAl6Ny(>^I$ mmmj`fXKY)d"zBA,9\d?]]]d`P-Kcfbqx<h4E=:C3`~U*H$=oMj<p8|H.T*\L"n4;3}B
                                                                                        2023-09-15 03:49:52 UTC91INData Raw: f6 fb fd 3b 76 ee f4 07 fc 06 83 81 c9 62 1d 3c 74 28 9d 4e 97 8a 25 1e 8f df d5 d5 e5 70 38 9a 9a 9a 2b 15 44 ae 50 00 00 d8 6c b6 d1 68 9c 9e 9e 6e 6c 6c e4 72 79 a1 50 68 e7 ce 9d 1e b7 3b 93 c9 60 f1 03 81 40 60 5b df 87 e7 81 39 6c ce c1 43 87 ed 0b f6 68 2c ea 5a 73 71 38 dc cb 97 07 10 a4 52 28 14 b0 1d c7 d0 e0 35 a1 48 e8 f5 78 1b 9b 9a 38 1c ce d6 be be 52 b1 54 a9 20 b1 58 cc e3 76 03 00 f8 7c 01 87 c3 c5 3c 06 2e b7 1b a9 22 ab ab ab 5a 9d 56 a1 50 02 00 54 6a 15 1e 8f 47 51 94 48 22 25 e2 09 9b 6d 9a 4c 21 6f df b1 7d 62 7c 22 12 f9 f0 f7 57 67 57 57 32 95 cc 64 32 81 40 40 20 10 9a 2d 96 8f 53 08 8a a2 9b 36 75 de b0 4d 0b 84 02 8f db 63 b1 34 30 18 8c ce ae ae f1 b1 f1 f6 f6 8e ff f9 c3 1f 76 6c da 44 a1 50 fc 3e 5f b5 8a 8e 0c 8f 90 c9 94
                                                                                        Data Ascii: ;vb<t(N%p8+DPlhnllryPh;`@`[9lCh,Zsq8R(5Hx8RT Xv|<."ZVPTjGQH"%mL!o}b|"WgWW2d2@@ -S6uMc40vlDP>_
                                                                                        2023-09-15 03:49:52 UTC93INData Raw: e3 85 7c a1 5c 2e 13 89 44 af d7 43 20 10 bf fe 8d 6f 2c da ed 13 13 e3 74 06 63 e6 c6 8d de cd 9b fd 7e ff c9 13 27 e8 74 7a c0 ef 37 99 2d 63 a3 23 54 2a ed ab cf 3e 3b 39 31 e1 74 3a cd 16 cb d0 d0 20 83 c1 a0 d3 e9 5a ad 2e 9f cf 0f 5f bf 2e 10 f0 83 c1 20 95 4a 7d fd b5 57 f5 7a c3 43 7b f6 cc cf cd 6d db be fd d7 2f bf ac d1 68 62 b1 58 32 99 34 5b 4c 14 0a 0d d3 de c9 13 27 0a 85 02 99 42 06 00 cc ce cc da 17 ec 8f 3e fa e8 85 0b e7 59 6c b6 d7 e3 d5 1b f4 01 7f 20 91 88 2b 14 ca a3 1f bc 6f 69 b0 96 4a 25 ab d5 7a d7 27 58 6d af 57 e3 81 c3 60 a8 e3 f3 05 72 b9 bc 58 2c 7a bd 9e 52 b1 84 c7 e3 1f 7f e2 09 8f db 03 00 c8 66 b3 62 89 e4 86 cd 36 74 7d 48 a7 d3 f9 7c be a6 e6 e6 89 f1 71 00 c0 c4 f8 38 9d 4e 4b 26 12 3d bd 9b 21 08 02 00 40 10 f4 f0
                                                                                        Data Ascii: |\.DC o,tc~'tz7-c#T*>;91t: Z._. J}WzC{m/hbX24[L'B>Yl +oiJ%z'XmW`rX,zRfb6t}H|q8NK&=!@
                                                                                        2023-09-15 03:49:52 UTC94INData Raw: 2e b1 58 ac 2f 7e e9 cb 00 80 50 28 e4 f3 79 5f 78 fe e7 06 43 9d cb e5 62 32 99 a9 54 32 9f 2f a8 54 2a 12 89 74 f0 d0 a1 4b 17 2f 50 c8 e4 2b 97 2f 2f 2f 2d d5 19 8d 91 70 44 a9 54 f6 6e de fc f2 4b 2f c5 62 d1 ee 9e 5e 00 40 2e 10 78 e3 f5 d7 f1 78 bc 58 2c de d4 d9 79 ec e8 51 b1 58 8c c3 e1 54 6a 55 b5 8a c6 62 51 ad 56 db d5 d5 7d ec d8 d1 a9 c9 c9 b6 f6 f6 44 3c f1 de bb ef 4a 65 b2 48 24 7c f9 f2 40 63 53 b3 7d c1 be bc b4 f4 f0 23 8f 6e 54 45 b1 58 5c 5a 5c 5c 59 59 39 71 fc d8 53 4f 3d 1d 8e 44 e2 b1 38 00 e0 f4 a9 53 00 a0 23 c3 c3 4c 16 eb 99 67 be 98 48 24 4e 9e 38 4e 26 53 f0 78 fc cc cc 0d 9d 4e bf b5 af 6f 74 74 c4 e9 70 d2 e9 f4 67 bf f6 b5 73 67 cf a6 d3 69 ad 4e 67 5f 98 a7 33 18 6e 97 bb 58 2c 1a eb 8d 0c 06 63 69 71 09 00 f0 9d e7 9e
                                                                                        Data Ascii: .X/~P(y_xCb2T2/T*tK/P+///-pDTnK/b^@.xxX,yQXTjUbQV}D<JeH$|@cS}#nTEX\Z\\YY9qSO=D8S#LgH$N8N&SxNottpgsgiNg_3nX,ciq
                                                                                        2023-09-15 03:49:52 UTC95INData Raw: 85 82 4e a7 33 14 0a c2 ca ca d9 00 00 20 00 49 44 41 54 4d 4d 4e 16 0a 85 8d 69 a0 d6 d6 d6 6e fb 80 9f c8 d2 e2 e2 f4 f4 74 a5 52 b9 6d 96 a7 9b 58 7f cc 4f f4 e4 dc c4 bb ef bc 93 88 c7 03 81 40 3c 1e bf 7a f5 ca c6 4b b7 2a ea 56 92 89 84 cb f5 db 3c 1d 93 c9 bc 6f 71 75 35 6f 46 8d 07 8e 74 3a 03 00 78 fe f9 9f 87 82 c1 bd 7b f7 b9 5c 2e 12 89 34 35 35 a9 50 28 18 0c c6 af 7e f9 4b 2a 95 1a 8f c7 1e 7b fc 09 00 80 dd be 30 39 31 21 95 4a 69 34 9a dd be 90 cf e7 f5 06 c3 ec cc 0c 95 4a 25 10 08 08 82 40 10 44 22 93 9e 7e fa 99 d1 91 61 80 a2 e3 63 63 33 37 6c 7d 7d db 96 96 97 38 6c ce 81 83 07 2f 5e 38 4f a7 d3 5f 7d e5 d7 8f 3f f1 e4 e5 81 81 4d 9d 9b 82 81 c0 a9 53 fd 08 82 7c ff 2f fe 12 82 a0 d7 5f 7f ad 58 28 e2 f1 78 3c 1e aa 37 99 26 27 26 62
                                                                                        Data Ascii: N3 IDATMMNintRmXO@<zK*V<oqu5oFt:x{\.455P(~K*{091!Ji4J%@D"~acc37l}}8l/^8O_}?MS|/_X(x<7&'&b
                                                                                        2023-09-15 03:49:52 UTC97INData Raw: 4c 26 6f 52 0e 96 91 e1 53 b2 51 7b 77 0b fb c2 42 36 9b f5 b8 dd 36 9b ed b6 0e a2 8d 75 d9 01 00 7e bf 3f 18 0c 7e dc 57 7c 17 a9 79 33 6a 3c 70 bc fd d6 5b 8d 8d 8d 97 2f 0f 50 28 54 36 9b 6d 6d 6c 8c c5 62 b1 58 ec 5f 7f f2 93 44 22 be 7b f7 ee b1 b1 d1 60 30 08 97 61 08 82 20 3c b4 e6 5c 93 c9 64 04 02 e1 d4 a9 fe e6 e6 66 85 42 79 ec d8 d1 ad 7d db 1c 8e 55 26 83 19 8d 46 cd 66 b3 cb e5 a2 50 29 54 0a 55 ae 90 c3 65 78 75 75 35 9d 4e 43 10 e4 74 3a f6 ed db 27 11 4b 8e 1d 3b da d9 d9 65 9b 9e a6 d3 e9 d9 6c 36 93 c9 7c f5 d9 67 ab 08 f2 fc f3 cf 1f 3e 72 f8 d8 b1 a3 8b 8b 8b 1c 0e c7 ed 76 15 0a 85 e6 e6 96 50 28 44 a7 d3 27 26 c6 57 56 56 08 04 c2 c1 43 87 b0 42 68 d8 52 3b 3b 33 83 c3 e1 7e fa af ff 5a a9 54 1e 7e e4 e1 77 df 79 67 cf de 7d ef bc
                                                                                        Data Ascii: L&oRSQ{wB66u~?~W|y3j<p[/P(T6mmlbX_D"{`0a <\dfBy}U&FfP)TUexuu5NCt:'K;el6|g>rvP(D'&WVVCBhR;;3~ZT~wyg}
                                                                                        2023-09-15 03:49:52 UTC98INData Raw: d6 da 96 4a a7 b1 2f 05 2e 97 f3 85 02 76 1c 5a 20 10 54 ab d5 b9 b9 39 ec 10 12 8a a2 4e a7 93 42 a1 18 0c 86 9a 37 a3 c6 1f 2a 0f 54 a6 a9 7b 1d b6 f1 bb 70 df bc 19 28 8a c2 30 fc 1b 55 28 bf 15 b8 5c be e7 1e a7 9a 37 a3 c6 67 1e 2c 9e 1f 45 51 ec c5 ad 97 aa d5 ea c6 e2 81 6f be f1 46 32 99 5c bf 0b 45 d1 62 b1 f8 d2 8b 2f 62 2d d7 85 6c 7c bd 30 3f 0f c3 f0 e5 81 01 4c ce c6 36 28 8a 62 3e 0a ec c3 a9 c9 c9 6c 36 8b fd ca be a9 f1 4d 43 fa b8 07 01 00 9c 39 7d 7a 63 33 14 45 87 86 86 b0 d4 06 9f 9e 75 85 54 ab d5 b3 67 cf 02 00 f2 f9 3c 56 83 62 69 71 71 a3 ba 36 aa 62 79 79 39 93 c9 9c 3b 77 ee a6 71 62 8f 43 22 91 50 14 9d 18 1f c7 6a 95 60 3e 87 6a b5 8a dd b5 51 e6 c4 f8 f8 ba 10 4c 32 00 60 65 65 c5 e3 f5 62 6f d7 e5 af eb 79 e3 7f 4f 9f 3a b5
                                                                                        Data Ascii: J/.vZ T9NB7*T{p(0U(\7g,EQoF2\Eb/b-l|0?L6(b>l6MC9}zc3EuTg<Vbiqq6byy9;wqbC"Pj`>jQL2`eeboyO:
                                                                                        2023-09-15 03:49:52 UTC99INData Raw: 24 ac 54 aa c8 64 72 26 93 21 93 c9 0e 87 43 a5 54 72 b8 5c ac e4 36 0e 82 ea ea ea 72 b9 dc 4b 2f be a8 52 ab 4c 26 73 a9 54 aa af af 5f 59 5e 16 8a 44 24 12 89 4c 26 cf cf cf f3 f9 3c 1a 8d ce e7 f3 6d 36 1b 8f c7 25 10 88 d1 68 d4 54 5f 8f f9 34 00 00 10 0e 47 67 30 9c 0e 07 87 cb 8d c7 63 d8 57 b0 bc bc cc 64 32 25 12 49 2c 16 cb e5 b2 89 44 12 cb 45 88 c3 e1 f2 f9 3c 00 20 10 08 68 34 1a 22 91 e8 76 b9 00 00 2a b5 7a 62 7c dc 64 36 db ed f6 96 96 16 ec e7 3c 83 c1 b0 d9 a6 3b 3a 36 39 1c 8e 0a 0c 9b cc e6 6a b5 3a 3e 3e d6 d4 d4 9c cb e5 3e 36 84 a3 e6 cd a8 f1 07 ca a7 5f f5 e0 52 e9 13 0d e4 f7 c3 88 fe 7b e2 77 f7 66 7c d6 94 53 f3 66 d4 f8 cc 83 83 3e 9c 96 95 4a 05 41 90 8d 55 b7 11 04 f9 d0 48 bf b2 8c 65 34 ba 70 e1 3c 66 3e 5f b4 db 73 b9 1c
                                                                                        Data Ascii: $Tdr&!CTr\6rK/RL&sT_Y^D$L&<m6%hT_4Gg0cWd2%I,DE< h4"v*zb|d6<;:69j:>>>6_R{wf|Sf>JAUHe4p<f>_s
                                                                                        2023-09-15 03:49:52 UTC101INData Raw: dd 4e a1 52 19 0c 46 28 14 d4 e9 f4 14 0a 05 2b 6a 51 45 10 ad 4e b7 b6 b6 c6 e7 f1 56 57 57 db da db 21 08 9a 9e 9a 92 48 a5 64 12 89 c1 64 16 8b 45 af d7 c3 62 b2 b0 40 d7 f5 3a 41 2b 2b 2b 2c 16 8b 42 a1 78 bd 1e 85 42 89 54 2a 89 64 12 45 51 bd 5e 5f 28 14 6c 36 5b 5b 5b 9b d7 eb 65 d0 e9 d1 58 54 a9 54 55 60 98 c1 60 78 bc 5e cc 65 1c 8d 46 24 12 e9 f2 f2 52 4b 4b 2b 99 4c 4e c4 e3 04 22 91 42 a1 2c 2c 2c 08 04 82 42 a1 50 45 10 a1 48 84 ed 4f cb e5 b2 df ef 67 b3 58 00 00 0e 97 3b 35 39 a9 d6 68 6e 35 e1 df 64 d7 fb ea 57 bf 4a 21 93 25 52 69 22 1e 2f 96 4a 91 48 04 5b f8 7c 5e 6f 3c 91 d0 68 34 2e 97 4b 2e 93 01 00 66 66 66 70 38 5c 4b 6b 6b 24 12 a9 c0 b0 4e af 5f 5b 5b e3 f1 b8 24 12 b9 5a ad 12 08 84 85 f9 79 95 5a 4d c0 e3 a9 34 5a 2e 97 5b 59
                                                                                        Data Ascii: NRF(+jQENVWW!HddEb@:A+++,BxBT*dEQ^_(l6[[[eXTTU``x^eF$RKK+LN"B,,,BPEHOgX;59hn5dWJ!%Ri"/JH[|^o<h4.K.fffp8\Kkk$N_[[$ZyZM4Z.[Y
                                                                                        2023-09-15 03:49:52 UTC102INData Raw: 8f c7 d3 68 34 2c 43 14 95 42 25 53 28 74 3a 3d 93 4e 03 00 18 4c e6 0d 9b cd 58 5f cf 60 30 dc 6e 57 b9 0c f3 79 bc b5 b5 b5 e6 96 16 08 82 9e 7f fe e7 7b f7 ee 95 c9 e4 b3 b3 b3 0d 0d 0d 37 6c b6 3a a3 71 75 65 45 ab d5 02 00 e0 4a 25 1c 0e 1b eb ea ca 30 1c 0e 87 01 00 6c 36 0b cb fe 76 df d8 68 d7 fb db bf fd db c3 87 0e d5 9b 4c a9 64 12 07 41 34 2a 95 c5 66 a7 d3 69 80 a2 14 2a 75 6e 76 d6 da d8 48 26 93 a7 a7 a7 95 4a 25 8a a2 99 4c 86 cf e7 63 aa 40 aa 55 3e 9f 1f 08 04 90 4a 85 c9 62 31 18 0c 3c 1e 9f 4c 24 00 00 64 0a 05 82 a0 42 3e 9f 4a a7 61 18 16 8b c5 af bd fa 8a 56 ab eb ec ec 04 00 50 a8 d4 6a b5 ba b4 b4 a4 52 29 21 1c 54 2c 95 18 0c 46 b1 58 64 b3 58 65 18 5e b4 db 1b 9b 9a 88 44 62 24 12 61 30 18 95 4a 05 a9 54 28 54 2a 0c c3 10 04 61
                                                                                        Data Ascii: h4,CB%S(t:=NLX_`0nWy{7l:queEJ%0l6vhLdA4*fi*unvH&J%Lc@U>Jb1<L$dB>JaVPjR)!T,FXdXe^Db$a0JT(T*a
                                                                                        2023-09-15 03:49:52 UTC103INData Raw: 28 8a fe 8f 1f fe 70 bd 97 db 3e e0 c2 c2 3c 96 df e1 5e 50 f3 66 d4 78 e0 c8 e5 72 30 0c cf ce ce 94 4a a5 72 a9 84 9d ad 4b a6 92 91 70 b8 a9 b9 39 9d 4e f7 9f 3c a9 d3 e9 2f 5c b8 80 20 48 a5 02 cf cc cc 08 04 02 12 89 dc dc dc 7c e5 f2 65 2e 97 37 3c 3c ec f1 b8 05 02 61 22 91 30 9b cd bd 9b 37 ff f2 97 bf 08 06 02 14 0a 75 21 95 5c 5d 59 dd da d7 d7 df df 3f 39 31 61 b1 5a bd 1e cf b5 6b d7 4c 66 f3 e8 c8 30 9b c5 36 d6 d7 2f 2d 2d ad ae ae 76 77 77 0f 0d 0d b1 58 ac af 3e fb ec ab af fc 9a c7 e3 13 49 a4 58 34 ea 72 b9 24 12 09 96 48 8a 42 a1 62 81 22 26 b3 39 14 0c 04 83 c1 bd fb f6 2d da ed 2b cb cb d1 68 e4 e0 a1 c3 6c 36 fb c6 8d 1b 27 4e 1c c7 e1 70 df fd d3 ef 15 0a 85 fe 93 27 d5 1a cd c5 8b 17 b1 c2 92 28 8a fe 5f ff ed bf dd 61 5b f4 77 ff
                                                                                        Data Ascii: (p><^Pfxr0JrKp9N</\ H|e.7<<a"07u!\]Y?91aZkLf06/--vwwX>IX4r$HBb"&9-+hl6'Np'(_a[w
                                                                                        2023-09-15 03:49:52 UTC119INData Raw: 0b 54 d0 cd f8 e2 13 fd b9 56 56 b8 c9 67 9e f8 f0 6f fb 52 70 90 53 eb 5d 6b fb c8 7d 6e ab b6 bd 68 93 b8 30 0a d7 33 f0 9b 77 31 bf 62 53 f6 bd 36 4c e6 e6 e4 51 35 fc 5b 20 75 55 5d d3 ff 3c fb d6 b0 bd 6c da b9 e1 6d 40 b8 3e 6d b3 b9 3e 97 28 43 34 12 f7 a8 c8 63 fb ea bd 63 98 48 54 6d d9 d9 fc 1a ff 47 c8 87 44 a8 42 7a 5b 99 9d 6b e3 83 4e ff 66 b2 55 5c d3 bb 54 cd 93 bb f4 8f 39 ad f1 8f 11 83 7e cf 33 cc b7 88 d2 b9 e9 ad 17 35 fb 6e 28 f8 7b e6 66 50 ce 4b 7a ac fb 22 73 ab 03 0d 00 b8 a8 a8 df d8 b1 a9 3f 51 e8 cf 09 f8 ff 6f f3 9c bf 87 43 1e 69 90 ec 38 80 6e 53 b3 56 6d 01 bc bc d7 fb ef bd 6d d0 b8 36 1a fb 8b 66 56 4e b8 79 1a 14 ba b5 84 3a ee bd 7c 73 b8 f5 6f fb 3e 5d 47 98 fd bd 1f 03 30 42 da 0f d8 a7 e7 0f 88 7d 6d d3 35 f0 bb fb
                                                                                        Data Ascii: TVVgoRpS]k}nh03w1bS6LQ5[ uU]<lm@>m>(C4ccHTmGDBz[kNfU\T9~35n({fPKz"s?QoCi8nSVmm6fVNy:|so>]G0B}m5
                                                                                        2023-09-15 03:49:52 UTC135INData Raw: b4 2f 12 b4 bc 9d 1f 33 b3 6c 5e a8 ed 3e 52 08 a9 e2 47 b9 bc e4 c3 c9 ab 67 fb 85 3a 8f 3d 8c 36 57 28 b8 ea 9b 6e a2 36 a7 fb 11 9f 12 41 b2 ed e4 15 e8 94 87 49 b9 cd 71 f8 ae 36 2a ef 3b b3 a5 ec 78 bc e3 d7 b9 55 46 d3 f0 ed 64 86 ea 95 63 62 a4 d2 ee 0b eb e8 8f 01 30 64 5c e5 28 a1 e4 6e b0 1f 77 13 33 72 e6 66 44 55 95 7f 3c 42 90 63 b8 fb 07 6b 8d 9e 6e 3b 48 55 0d 33 a8 d7 6f 3e b4 30 c7 56 b4 ed 2f 3e 97 2d 69 43 6b bf 25 be 6a ac 63 c2 a9 1f 07 42 80 55 69 8a 38 b8 6f 0c ed 30 c3 37 44 fd 80 ec 47 05 6b 03 38 db 33 32 a8 ae 05 ec d0 03 ff 14 dc 1c 6e 23 f1 bd 3f 90 54 a1 ce 9b b8 2b 6e 11 8b 78 e6 96 b8 be 4f 11 c8 86 3f 9e fd 49 0b b0 89 6c 6e 98 0d b1 4f 12 f8 e0 22 ff b8 34 1a cb 31 c0 8b 98 3d bf 7f 13 b9 36 2f e7 ef ea 07 32 69 bf e2 5e
                                                                                        Data Ascii: /3l^>RGg:=6W(n6AIq6*;xUFdcb0d\(nw3rfDU<Bckn;HU3o>0V/>-iCk%jcBUi8o07DGk832n#?T+nxO?IlnO"41=6/2i^
                                                                                        2023-09-15 03:49:52 UTC151INData Raw: ea 4c 11 19 b7 e4 3d be ef 66 f7 34 0d 62 48 1a 91 87 0f ad 1d 7f 4a e9 91 52 f2 b9 bd 39 66 e0 b4 87 3c 98 bc bf 10 fb 18 60 66 80 aa 05 1e 30 b2 6e 14 58 bc 4b 4d bf 6c 60 22 b2 8d 60 4c d2 fd d7 13 4d 7c 04 43 39 bf 03 71 d1 2d 36 33 96 cd 31 23 be ea 90 26 19 b9 bc 11 33 45 4e 13 85 af 07 13 38 cd c8 13 ee b5 90 06 80 7c 6d d4 53 a1 e2 2f 06 4d 8f c3 38 fc cc 11 f9 ad ec d5 b8 ad 54 e4 ca 51 e4 d5 e7 2d 31 d0 51 e6 3f 1a 51 00 ef 0c b8 71 90 36 2c 9f 6e 11 eb 3d e5 4f 9c b5 99 d0 ba ed 46 53 cc 99 38 7b 30 b3 ff 4b c6 bd 93 ec 8f d7 63 45 50 88 e6 e3 f4 4b ac 83 8a ea 87 dc 49 b0 6f 98 7f e2 84 00 50 83 62 02 ec bc 39 fb 01 ef 6e d5 e6 e6 e4 83 b7 4d 6b 8f 48 b9 90 36 10 ed 6f 17 83 b0 be 40 cd bf 9c d0 51 ff a0 13 f5 ed 0b ec 8d 6d 78 13 98 30 2b 37
                                                                                        Data Ascii: L=f4bHJR9f<`f0nXKMl`"`LM|C9q-631#&3EN8|mS/M8TQ-1Q?Qq6,n=OFS8{0KcEPKIoPb9nMkH6o@Qmx0+7
                                                                                        2023-09-15 03:49:52 UTC167INData Raw: dd 47 73 b8 9b 0f 13 80 dd 6f 57 ed dd 6f 43 d8 bd 0f 73 b8 cf 0f 13 38 e8 0f 13 88 dd 55 9f 58 bd b7 73 d9 27 3a f3 b8 71 8f 13 06 dd 6f bd d8 bd cf 46 d8 bd e1 73 b8 c7 0f 13 d6 dd 6f 4d ed dd 6f 55 d8 bd 5b 73 b8 9b 0f 13 a0 e8 0f 13 b0 dd 6f ef 58 bb 81 73 b8 59 3a 73 b8 6b 0f 13 70 dd 6f af d8 bd db be d8 bd c7 f2 b8 5d 79 b1 d8 bd f9 73 b8 eb eb 73 b8 bc 6f f3 d8 34 99 73 b8 b5 ba 73 f6 a1 0f 13 88 dd 6f 57 d8 bd 6e 13 12 7d 8b 9f 18 5d 4d a7 d8 bd a7 73 b8 97 b7 73 b8 57 0f 13 36 d9 4a 08 b8 bd 22 7a d6 d4 2b 66 d5 cd 4f 44 ca d4 1b 76 b9 bc 6f 77 b8 df 08 7b dd d1 1f 3d dc bd 03 7f b8 d7 6f 5a d6 c9 6f 76 ca d3 0a 67 fb d1 00 13 cb d8 27 72 d6 d9 03 76 b8 bd 37 13 f0 c9 1b 63 e9 bd 1a 76 ca c4 26 7d de d2 7f 52 b8 bd 35 31 ba ee 0a 7d b8 d9 3d 76
                                                                                        Data Ascii: GsoWoCs8UXs':qoFsoMoU[soXsY:skpo]ysso4ssoWn}]MssW6J"z+fODvow{=oZovg'rv7cv&}R51}=v
                                                                                        2023-09-15 03:49:52 UTC183INData Raw: 3f 69 19 88 3f 6b e1 b8 1d 6c 11 b9 bf 6d 03 ea bd 6f f6 12 98 39 ef a2 3b ef fe 2e 74 bb 58 8b 7a e3 5f 98 8d ee d9 89 b6 2d bc bc bb 6f 00 ba e8 3c 22 af 8d 7a b2 b9 be 65 00 b6 eb ef 63 eb 3d 1f 13 94 9d 26 7d db 93 5e 0c fc 8d 72 12 be b6 7c 05 bd bb 4f 13 ec cf 1a 60 cc 9d 21 76 b8 c9 18 7c ca d6 5e 29 88 bf 57 10 b0 8c 47 70 91 9d 5d 03 88 8d 59 33 33 ad 4f 3e 98 bd 29 7c ca 9d 0e 66 cc d5 6f 7c ca d4 15 76 dc 9d 1a 13 cb d8 4f 7c d6 d1 16 22 30 f8 5f 50 79 b3 6c 00 84 bb 78 13 fb d1 0e 60 cb 9d 5c 33 b8 ed 1a 71 d4 d4 0c 33 e8 bd 1d 7a d5 dc 1d 6a 98 fe 6f 76 ca c9 06 75 d1 de 0e 53 cc d4 00 7d 98 fc ac 01 cc bf 16 d3 ae fa 5a 23 a6 aa 62 93 89 8d 5f 21 88 85 5f 11 b8 b5 35 04 b5 3d 4e 21 88 8a 5d 13 8b 88 56 26 81 e7 5f 92 a6 09 50 28 3b a0 4e 62
                                                                                        Data Ascii: ?i?klmo9;.tXz_-o<"zec=&}^r|O`!v|^)WGp]Y33O>)|fo|vO|"0_Pylx`\3q3zjovuS}Z#b_!_5=N!]V&_P(;Nb
                                                                                        2023-09-15 03:49:52 UTC199INData Raw: f8 97 98 b4 f0 8f 15 60 bf b8 ff b7 31 21 0a b9 6a 2a 07 39 ca 6f 70 33 e8 63 13 35 b1 3e 98 ed ad e6 5e 38 b5 e2 27 ee b2 ea 17 76 d0 33 6e cc 71 02 ec d3 6f 04 29 78 f0 ae 7f 50 bf 6a 7f 3e d1 72 d2 a7 37 03 d2 ec 52 6d dd d4 47 a0 7f 73 69 03 15 bd 9b 03 b4 be d1 0e 98 c5 a1 b6 11 56 3a 06 9e f3 b5 e4 4e 98 bd 6c ec 3b 4e 6d c2 52 be 8f ec 35 a1 f2 ef b8 f3 af 7e f8 84 6f 17 61 fc 97 98 fd 9d b6 13 e5 61 b6 52 44 64 32 fb b8 64 6e ca a4 3b b6 56 50 bd b6 4d bc 64 2a cf 61 e1 6f 20 bc c8 6c ca ee b1 ec 43 79 b1 6c e4 79 d6 a3 d3 d3 60 45 cb ef d1 22 5c d4 2c 2a 7f 2e b2 0b 96 be f3 03 d8 ca f7 03 d1 d3 b1 6a da d3 a1 ed 7a a0 36 a8 1c 17 bd 2a 33 91 f8 63 98 72 b2 ff bc 77 3c 96 12 8d b2 e3 52 e5 3d d7 33 b4 bd 6f fb 1b 5c 67 13 4c 3e a9 0c 3b 5b 8f 20
                                                                                        Data Ascii: `1!j*9op3c5>^8'v3nqo)xPj>r7RmGsiV:Nl;NmR5~oaaRDd2dn;VPMd*ao lCyly`E"\,*.jz6*3crw<R=3o\gL>;[
                                                                                        2023-09-15 03:49:52 UTC215INData Raw: ed 3c 7b b8 bd 7f 13 b8 ec 87 00 23 b8 4f 1d 7c cc 6c 77 50 88 77 1b 6a bd 7f 15 35 1f 4e 1d bd 4d 7e 60 b6 bd c7 e7 b0 ad 07 b7 5d b4 4f 03 d2 42 86 a5 e8 32 ec ed b0 b8 1a 2d 69 ba 1a 0a 19 59 6a 81 bf 55 fb 14 53 39 e4 06 00 1c df 13 53 b6 ce db 3a bc a3 21 b3 f8 8f 1b d8 5d 6e 27 cc b5 8f 1b 3d bb 1e b0 96 7c 46 57 8b 7d 3f 42 f8 ed 05 12 ea eb 3a 33 a6 d1 64 03 bf dd 6d 6f 88 bd 3f 9a 3c 99 6d 97 49 a4 2b 37 d0 55 6f 10 98 bc 6f fb 21 aa de 1a c5 d4 4b 7b a9 ed 6d fa db 8c 6b 47 9c bd 0b 98 fa b9 e4 dd 3b 5c 6f 14 bb 74 d0 43 02 bd 6f 17 6b 52 6f 10 88 3e 88 10 33 bd a0 98 46 7c 90 10 3b 5a 7d 2c a8 fc bc f4 58 bb 03 98 48 bd 60 bc 49 b2 c0 ea bb 43 23 10 c2 8c 66 43 98 c8 67 63 98 8d ee 73 be fd e4 61 ac 96 9c 53 08 f8 ff 09 ec 8c 4f 12 53 e6 bf 3e
                                                                                        Data Ascii: <{#O|lwPwj5NM~`]OB2-iYjUS9S:!]n'=|FW}?B:3dmo?<mI+7Uoo!K{mkG;\otCokRo>3F|;Z},XH`IC#fCgcsaSOS>
                                                                                        2023-09-15 03:49:52 UTC231INData Raw: bd ec ee bd c8 d6 28 7d c8 6d a6 78 94 47 d2 47 be ae eb b8 be ec f4 87 3e 8f 2c 3b bd a8 12 3b 7d 6e 28 40 c8 6d 88 f8 bb 5f 9e f0 42 ec ea a8 bb 60 94 80 fc c6 c3 39 5f 6e 93 b9 3d 16 16 f2 3e a5 ed a8 ff 60 97 9b fd 6c 79 bd ed cf 79 b9 55 b7 ad 39 aa 63 13 8b b5 7f fb b6 3d 75 96 78 c0 74 57 d0 1a a9 3b 10 49 67 d0 90 d7 d7 ec 51 e7 ee 68 f8 ab 6c 1d 27 bb 61 0b ac 55 ba d3 ba bd 61 14 d0 15 5e 13 b6 56 aa 98 f8 fa 2f 4c a8 d7 6d 13 f8 bd 6d 42 ea 55 c8 b7 bc bd 6f 12 ee 41 ec db 47 b6 67 c3 01 b5 af 57 35 c9 4b 4b 9c 4e ca 53 b2 e9 3e 13 b9 f1 3d ba 78 b6 53 43 f8 aa 53 52 ba e9 2e 11 b8 e9 3e 41 e8 36 a4 fb a3 bd d7 13 b8 8e af 28 50 34 ef 50 a4 34 2c 33 cd 9a 2f 18 b8 a5 ec ea bb c8 7f d4 fb ad 73 93 50 bd af 13 98 bd 91 13 b8 ad 84 34 3b 44 6a 66
                                                                                        Data Ascii: (}mxGG>,;;}n(@m_B`9_n=>`lyyU9c=uxtW;IgQhl'aUa^V/LmmBUoAGgW5KKNS>=xSCSR.>A6(P4P4,3/sP4;Djf
                                                                                        2023-09-15 03:49:52 UTC247INData Raw: f1 ee 90 18 b0 eb 97 f9 7c 66 13 33 6d ee f1 da 9c 95 4e db 9c 01 b2 ba 5d 3f f0 99 dd cf 12 9d 14 ad 32 fe a9 8f 32 5f 48 4e 63 9b aa c5 57 98 aa 7d 50 b9 f5 2f 12 bf fe 6e c3 a8 bd 1a 1b f8 ae 7f b3 b9 5c 78 03 a8 3e 8f 14 99 d8 ec f3 b9 ac af 13 f4 c9 77 12 91 36 79 42 b8 be ac 43 33 ff 7b 40 33 b5 a1 ec 68 9d 6d 5f 53 97 56 81 36 7f fd 96 17 7d fd 2a 26 fc fd 0b b7 38 cc 52 2c 3d 75 10 61 84 fe f1 29 b2 ea 82 98 bf ea d3 3c a0 35 5b f8 8c 77 b2 f4 fd 71 27 38 da 23 13 cc e7 e4 5d d4 8e af 10 b0 74 17 08 5a c6 e4 5d 90 7a 4b 17 39 2f 41 5d d4 fd 47 10 71 3d 54 d2 c6 57 44 45 d4 7d 6c 93 a4 36 ad 20 6a 86 ae 53 b1 bd 5b 9a ee 8d e6 45 94 c0 0f 1e 33 6c 44 c3 38 bd 7f 16 8c f9 5c c1 c8 f7 e6 45 e8 3f 19 55 88 f9 e6 55 f8 0e 63 52 94 a1 1b 03 a0 be 31 7f
                                                                                        Data Ascii: |f3mN]?22_HNcW}P/n\x>w6yBC3{@3hm_SV6}*&8R,=ua)<5[wq'8#]tZ]zK9/A]Gq=TWDE}l6 jS[E3lD8\E?UUcR1
                                                                                        2023-09-15 03:49:52 UTC263INData Raw: 3c 88 b1 ba 42 cc 11 94 1c 6d 19 c1 1c 6d 31 49 bc 15 0b 3b 42 2f 12 cc b7 ec 69 ac cd 5a 03 19 ac 6e 42 a0 3e 95 02 b9 c4 7e 12 1e 43 cf d0 d0 03 ec ea 88 bc 85 22 b9 b7 a1 28 b9 6b 5f 12 8b 4d 98 d5 a9 ec 15 1c 3d 75 7e 11 f5 b1 e4 6f cd ad 3f 11 08 8b ee 11 c8 8b df 11 7e 3d 6e 28 76 c9 45 7b 17 bd af 3a 7b a6 5f 1f f8 bd 07 55 06 f3 6a 16 ac 2f 34 52 70 fd 6f 90 58 ba 3c d3 20 8d 52 1f c7 1c 58 1f 58 ca 6f 13 33 f8 7b 98 f0 a9 e2 57 b4 b2 90 93 b6 ae af 9e ec b7 90 37 33 41 bc 0a cd 95 af 0a f5 99 32 23 69 9d 5f 13 18 8b de c2 ed 0d 5b 56 a8 b1 05 12 ea 9c bd fb 28 2f e6 b3 be 54 6b f1 9e 9a 07 a4 7e b5 18 61 36 7c 67 b3 07 79 8f 12 21 b5 2c a2 3d 7d af 98 cd a9 e2 a8 19 bd 1f 96 3a ad 0f ac e8 a9 54 45 ac bd 15 13 f8 a5 54 55 a0 c9 42 44 b4 55 10 93
                                                                                        Data Ascii: <Bmm1I;B/iZnB>~C"(k_M=u~o?~=n(vE{:{_Uj/4RpoX< RXXo3{W73A2#i_[V(/Tk~a6|gy!,=}:TETUBDU
                                                                                        2023-09-15 03:49:52 UTC279INData Raw: d9 6c 18 0f dc 6c 3b 6f dd 6c 13 6e be d8 3f 1a 7f 77 b2 7a 9d 63 4a 5a 0b 5f ca 18 0b fe 00 a6 5e ad 0f 9d 2d f2 73 c9 ae 22 0b 2a db 2a 1b 18 bc 7f 12 e8 b9 cf 1b 8c 4d fe 0c db a9 3e 93 b5 c0 bf c7 29 c5 60 97 df 04 7e a4 ed b1 7b a4 0c ac 7f 00 9c 6f 7e 32 58 d0 5d 98 e5 a5 5d 36 6a 3e ff d0 44 34 1b 73 16 35 06 82 d7 bd 2a 03 35 c3 63 38 48 30 2b 40 bc 9d 8f 9e f0 b9 5a a8 cc ee 4f 78 09 93 28 e7 66 af 57 73 b7 85 38 e5 0b 3d 6d 73 b2 a5 cd 1c 80 1d 60 5b 59 1d 60 5b 61 b9 61 d5 17 9c 7c 86 bb fa 4d 00 09 be 0c b1 cc 99 43 65 bb e1 4c 63 bb 4d c7 d0 93 4e 4f 00 ac ce 7d 1a da 87 6b 90 e9 af 54 67 9c 4d 7b ca e1 41 5f 12 18 89 3f bd 2a ae 57 0a 61 fa 9a ae 17 b4 cf 51 9c 95 a2 c3 ba 95 89 16 9a 6d b6 14 e7 b4 36 1a 55 2e ab 67 28 79 0a 10 e8 dd 6c 23
                                                                                        Data Ascii: ll;oln?wzcJZ_^-s"**M>)`~{o~2X]]6j>D4s5*5c8H0+@ZOx(fWs8=ms`[Y`[aa|MCeLcMNO}kTgM{A_?*WaQm6U.g(yl#
                                                                                        2023-09-15 03:49:52 UTC295INData Raw: 92 44 d2 b7 b9 c0 d1 b8 bc 33 d2 59 b7 6c 33 79 b2 d9 1f 92 7d 6f 03 b7 3d d9 07 8a 96 be 1c 17 3d 6d 12 c9 bc be 38 68 b2 c0 c0 bd 3f 6f a3 b4 7c 8f 19 bb 6d 6f 1e 38 c5 ae e9 ac 35 7b 23 89 22 6f d6 b9 86 98 6f 13 54 28 12 08 bb e2 63 b9 30 3a 12 83 ad 9d 1c 3b b3 fe 14 ec 99 0b 13 35 e4 6e 90 7a bc 54 c9 b0 b2 ec ef 88 b7 54 d6 ca b6 6f 96 78 c0 6b 20 78 56 6c 57 35 f8 ee 1b dc 86 a5 33 b9 74 ea 33 b9 74 4f 12 f2 42 54 e6 58 bd 65 e5 58 bd 99 f3 b8 c8 90 28 62 b9 1c 15 a8 b2 7f f8 ad 38 b4 1f c5 b7 5e 89 b9 a9 84 14 3b 7f 75 ec 78 ad 7f e3 aa 9c 60 1c 17 4a 2d 98 68 b7 ba 9e b4 ad be 1c 35 39 73 05 f9 b1 6c 4f 9c e5 2f 12 b9 8d 6d 4b bb 7f 6c c5 bb 78 5f 10 6d 8e 82 42 a9 3c 34 38 69 fd e4 e3 93 64 44 e2 e8 b9 4b 52 68 2d 7f f8 b6 56 67 f7 16 2d 64 93
                                                                                        Data Ascii: D3Yl3y}o==m8h?o|mo85{#"ooT(c0:;5nzTToxk xVlW53t3tOBTXeX(b8^;ux`J-h59slO/mKlx_mB<48idDKRh-Vg-d
                                                                                        2023-09-15 03:49:52 UTC311INData Raw: 41 9b a3 ad ec d9 5f b8 0f 5f 77 8d 9d e6 67 b8 99 77 46 33 42 5c fe 81 de df 31 19 9b 60 9d 00 0c 60 63 16 36 27 17 10 be 0f 16 8b 4b 3f 13 94 3d e2 68 44 8e bd 96 47 5d 6d d3 f4 c1 21 90 7f b9 af 32 58 9f 77 9e ac 00 9b dc 08 31 06 ef b7 bd d9 3f 90 b2 d9 0f bb be df ce 33 d4 6b d2 b8 3d 6f 3a ca bd 6d fd 48 9f ec fc b9 30 5b 38 ec c8 bb 33 b0 ed ff 3b ac bd 14 03 bb 4c 6b 73 26 a9 e4 2f 29 b2 d9 b7 84 ba cf 62 bb 4a af 8c 48 cc 6e be a8 b1 23 92 7f 6d df 07 68 0d 7b c2 08 ad e5 47 9c 8d df 1a 84 35 7b 33 90 3e aa 12 83 88 64 9f f4 6a fe 0d b9 af 5f de b9 fd 64 12 b8 80 cf 3a 98 a1 6e 1c 3d 9c cf 12 e5 e2 1e 80 ad a5 ad 3f 2b a8 90 07 48 a9 38 08 f9 9b 9d 07 48 4e 7b 72 65 91 be f9 ad ec 7a cd 88 a8 5f 13 af 81 be fd ac 38 90 83 b1 8d db 06 a0 b2 e1 11
                                                                                        Data Ascii: A__wgwF3B\1``c6'K?=hDG]m!2Xw1?3k=o:mH0[83;Lks&/)bJHn#mh{G5{3>dj_d:n=?+H8HN{rez_8
                                                                                        2023-09-15 03:49:52 UTC327INData Raw: b9 ec a3 20 bc 6c ce a0 3e a8 43 09 b8 7f 14 80 c1 ff c6 48 de 5f 73 ad fd df 11 e4 fc 60 33 b2 5d 73 10 d4 99 37 03 b5 6d 62 02 e2 e5 60 9f ac ad 0a e3 b9 91 be 15 90 b9 3d 40 59 a3 5f 98 76 55 12 1a ba 82 7f 4d 58 bd 63 96 78 e2 bf 4e e3 c9 68 13 98 05 df 0e 09 8c 6f 42 50 6e e8 16 b8 3c ab f1 58 3d 67 d0 d0 51 79 04 1a d3 7e 04 e0 ed 87 f1 b8 bf 1d 7d 03 3f 6f 07 bc 56 db e8 d5 eb e4 e2 50 25 6f c4 45 42 5c d3 31 3b af 82 d8 b9 e6 95 00 dc f8 15 fc fd 74 43 33 7b 31 d0 48 bc e2 91 b9 ed 4b fb d5 ad 6b 98 36 5c 6e 42 50 8f 34 c1 bc b5 a8 c1 ba bc 6f 98 76 b5 31 fa 38 cd 6b 79 47 d5 c7 33 5c b5 7f 77 19 fc 6e 43 e9 2d 39 b2 e8 b5 3f 3f 7c ed 5f 2d bc b1 0b e2 a1 bd e4 e2 31 c9 33 37 b0 ae 69 b7 bd ad 73 0b 19 bc 87 81 b2 95 69 eb 3e 9f 69 98 76 fa 69 2f
                                                                                        Data Ascii: l>CH_s`3]s7mb`=@Y_vUMXcxNhoBPn<X=gQy~}?oVP%oEB\1;tC3{1HKk6\nBP4ov18kyG3\wnC-9??|_-137isi>ivi/
                                                                                        2023-09-15 03:49:52 UTC343INData Raw: fd 97 90 78 bd 7f ca f8 51 ec d1 98 3e 6f fe b9 65 a0 cd 79 65 2f 13 48 64 35 cb 61 fd 9f cb 1c fd 83 b3 b3 e7 b3 52 b9 73 ee 12 b8 fd 9b ca e2 5d b6 53 4c 86 4f 17 b9 be 8b 52 b9 bd 6c 13 bd 45 b6 c7 e2 55 6d 10 40 bc 6c ff 18 b7 6e 10 b9 5d 6e ef 61 e7 9f ca f8 41 de 17 bb 49 1a 9c f8 ac 8e 81 c8 fc e1 11 42 3d 49 2b c5 96 e2 57 01 8f 6b f2 a8 7a 6e 33 bd dd 0f 28 42 fc ac 03 44 64 33 ed 40 3b 68 4f 68 43 93 6f 61 9d 4f 77 f9 9f 0e 8d a1 bd 22 10 70 5d f5 72 d0 dd 60 9f 8a 76 af 68 51 d6 8f 3f 58 be 7b 38 38 6d ec e9 bc b2 e3 85 d9 a2 4d 47 f8 bb 13 37 ac 7c ef 90 7f ff 92 53 92 c9 eb 43 61 9d 2c 10 24 77 b6 f3 97 5d 62 32 9d 99 0f 92 b9 31 b6 05 38 94 8f 10 fc 64 6e b3 bb 96 eb 11 77 be 27 c8 bb f1 ae 10 83 7a ee 07 bc b2 e3 6a 47 42 90 d2 87 95 60 9e
                                                                                        Data Ascii: xQ>oeye/Hd5aRs]SLORlEUm@ln]naAIB=I+Wkzn3(BDd3@;hOhCoaOw"p]r`vhQ?X{88mMG7|SCa,$w]b218dnw'zjGB`
                                                                                        2023-09-15 03:49:52 UTC359INData Raw: 2d af 93 95 9f ff 9f 7a b7 cf 11 48 3c ff 36 35 43 26 52 35 5c 64 d3 b8 fc 60 d3 b8 9c 7c d3 b8 1e 6e 18 58 32 a5 ca 71 3d 76 47 50 32 d5 2b 5e 32 5f 53 36 1c 64 51 36 95 ef 12 03 3c 65 f5 37 85 2f 42 9a d4 4f 45 e8 9f 39 69 80 9d 3f 87 9b ed 0e 13 ca 96 de 60 52 bd 6e 90 79 40 54 c2 b7 3e c5 83 5b 80 5f 83 bb e1 ff 10 e4 ec 27 9b c4 99 33 b3 bb 8d 5c c1 eb f5 75 b7 49 be fb 71 b8 ed 54 38 42 3e ef fc b9 86 97 1c 3b eb fc 10 12 95 79 56 c4 ad 2a c1 38 be 47 23 bb b3 ab 20 bb dc 6f 25 bb 44 60 90 9a ea 5c 10 e9 f5 fe 97 e0 cd 65 4b ec f5 f3 3c ea e5 1f 19 d9 bd d6 5b 56 49 56 1c 36 29 a5 17 d8 ab 13 83 ed e8 4f d7 b6 57 0b 53 bc d9 bf 35 dc 7b 61 22 e4 fd 6b bc 8a df 2f 17 2a c6 9b 1e d8 7d 6d 73 09 bd 6a 33 f4 dd 2f 29 63 63 8d 9e bc cb 2f 51 82 cc 0f 2a
                                                                                        Data Ascii: -zH<65C&R5\d`|nX2q=vGP2+^2_S6dQ6<e7/BOE9i?`Rny@T>[_'3\uIqT8B>;yV*8G# o%D`\eK<[VIV6)OWS5{a"k/*}msj3/)cc/Q*
                                                                                        2023-09-15 03:49:52 UTC375INData Raw: 97 13 f3 cc 42 ce 34 78 0b bf 4b 97 c8 12 37 cd dc 7f 51 2a be 7f 17 61 be da 2d bf 42 ff 22 18 bc 90 4b 7c bb 0b 67 58 bb 00 67 d2 c9 b7 e8 c5 cf 3f 11 49 86 68 cc b2 7d ae 76 4b bb 53 e3 be 96 b8 5c cb ad 68 6f 69 fc 65 1c 17 47 2f 60 c4 aa 68 5c cb be 20 60 f4 ce 3f 99 ec 99 3f 9b 88 a9 58 90 7f 1f 5a 63 8d c0 77 18 98 b8 1f 62 29 ed 5a 20 78 e2 31 13 e3 36 8a 4e 7a 95 6f 90 b8 46 6c 67 ae 60 b4 ab 22 75 90 ec 47 ec 6b ce 60 1b 6e 9f 29 fb 8c 43 19 89 70 90 7e bf 3f 29 e0 3e df 51 1a e6 9d 9a 0c 99 bf b2 98 17 9c b1 b8 65 ce 13 4f 1f 6f 97 18 bd e9 ad 68 dc 5e 11 cc 99 47 ad e9 1b b6 b1 b8 8d d1 b1 99 1c 6f 33 28 00 ed 13 92 e1 9a 17 4b 2d 6c cf fb b9 9c 9e ac b9 60 b3 b9 f5 0f 2c ec 30 2b 27 b3 bc 0c 10 4b f9 0c 43 b9 89 e2 b3 fc ac 6d 38 67 2d 6f 3f
                                                                                        Data Ascii: B4xK7Q*a-B"K|gXg?Ih}vKS\hoieG/`h\ `??XZcwb)Z x16NzoFlg`"uGk`n)Cp~?)>QeOoh^Go3(K-l`,0+'KCm8g-o?
                                                                                        2023-09-15 03:49:52 UTC391INData Raw: b6 ce 30 0d bc 5d d2 59 c2 4b 76 46 5d b7 1e 98 5c 6d da b7 b9 eb a2 db ac 60 86 7a 3d 85 d3 b9 9e bf 41 33 e8 ef 32 38 3c 3e 92 b8 a1 3c 44 19 b4 5f 31 9c 42 21 c2 79 b5 2d 48 d9 b4 86 0d 7a b5 73 52 7a b5 1b 7d 3b 80 77 92 a0 c9 69 76 58 ba 0c 24 45 3e a9 17 ee 64 9f 62 90 eb 3c 17 aa b8 47 b5 bc 6d 27 49 1f dc 6b c4 e9 c8 df 7d 85 0c 63 1c 9c 30 61 d2 f1 d0 7f 23 bb e8 3f a3 ef e8 90 06 e9 b8 1e 14 4e 0c 06 49 13 bc 6c b5 b9 be ff 3d ee 1c 65 42 b1 2d 6f 0f eb 5f 6a 42 33 f7 7f 13 e9 37 a7 98 6f 55 67 fe fb 3d 73 22 ae 38 99 67 8c 7c 2a 57 bd 7c 79 16 78 ab 1a 17 3d 7d 13 81 f3 cd 41 66 bf 4f 69 6e 87 2c 4d 93 d2 bd 3a 41 50 52 95 32 91 f5 63 fa 35 dd 6e 20 71 6e 67 8e f1 ec 79 30 72 bc 59 f8 9e f8 6e 8f a9 f5 6e 02 8b 7d dd 00 78 3e 87 eb b9 9e ad 92
                                                                                        Data Ascii: 0]YKvF]\m`z=A328<><D_1B!y-HzsRz};wivX$E>db<Gm'Ik}c0a#?NIl=eB-o_jB37oUg=s"8g|*W|yx=}AfOin,M:APR2c5n qngy0rYnn}x>
                                                                                        2023-09-15 03:49:52 UTC407INData Raw: 19 8e 88 cc 99 1b 16 f8 b1 23 f1 a8 64 81 ce e4 99 6d 73 1d 21 1a 17 33 85 84 3d 39 df 60 5a 8c 38 a6 98 b8 dd 60 11 f9 dc 60 42 a8 30 53 d1 53 7f 7b 92 89 a9 3f fb 1e fd 5f b3 b0 bf 13 72 a8 45 b4 14 62 9e b2 1b 2c 99 c7 d3 bf 66 28 17 62 a9 0c 17 38 bc e7 93 b9 61 a7 ca 38 7c b1 d9 66 7c 87 a3 d8 8c 6f ca 50 63 9e ce 24 99 ff 12 58 bf 84 16 35 f4 6f ce 60 8d ec d5 b0 86 2f 1b b8 98 1b 61 b8 ae e2 5f 9c d5 05 12 e9 b5 87 7e 24 bb 64 28 4f c9 23 37 63 fb 8e 1a 64 31 ec 18 be 67 e9 30 f8 bc 2e 18 66 54 b6 f2 f8 bc 6a b2 b1 60 cf aa 60 64 b0 f3 4e bd ab 16 c2 17 b2 47 9c dd 7f 9a 0c 99 cf f3 ba 64 f3 37 f6 19 af 13 b9 a6 ce da 53 2d cf 0e a0 b5 6f 67 f1 1d 4d 27 83 e9 4b 1b 84 cf 62 53 9d 95 3f fb a1 2c 4f 1d 3b 79 6b 53 a6 89 e6 92 89 35 5b 98 34 5f 68 9a
                                                                                        Data Ascii: #dms!3=9`Z8``B0SS{?_rEb,f(b8a8|f|oPc$X5o`/a_~$d(O#7cd1g0.fTj``dNGd7S-ogM'KbS?,O;ykS5[4_h
                                                                                        2023-09-15 03:49:52 UTC423INData Raw: b5 60 9e e3 7d 6b 4c e6 e0 ee 15 7c 2c 53 ee 5e eb 38 79 a4 55 7b c4 fa cd 3c e3 09 1e 5c ec 3b ff ab e3 bb c2 6a ab b2 4c 74 55 38 b5 e2 17 38 30 63 96 e8 3e 7f 13 e9 55 df 73 ba 34 29 17 e8 34 69 9a 80 ed 6d 9a 08 ba 11 13 a8 34 11 07 31 c3 77 4c ec 36 a9 17 66 ea 6f 18 b0 8d 88 96 b8 7d 1b 05 ee 30 26 13 33 bd 5f 40 03 bd 3f fb f6 ff 6c 13 3b 79 6f 17 3d 4b e4 d5 cd 52 31 1b ef 55 51 10 c0 e2 ac df 74 bd a3 98 fc 99 6b 98 f8 ad 38 12 90 bf 6f 10 84 a9 68 2f f4 bd 53 12 b8 38 af 67 b1 36 3f 17 31 3d 7e 90 78 b5 ac 20 78 bb 55 02 b0 83 67 98 a8 ad 53 df 8b 7d 5d 2a b8 ec 60 86 bd a9 6e 4c 8b 74 6f 9a f0 ad e6 5b ac 34 27 03 b4 34 27 0b b1 90 a3 df ee bd e4 67 9c b5 ec 55 b4 bc 6f 98 fe a5 ea d3 33 f3 63 13 cc 9d ec 6b bc bd 1b 02 78 36 27 17 7f bc 6f 13
                                                                                        Data Ascii: `}kL|,S^8yU{<\;jLtU880c>Us4)4im41wL6fo}0&3_@?l;yo=KR1UQtk8oh/S8g6?1=~x xUgS}]*`nLto[4'4'gUo3ckx6'o
                                                                                        2023-09-15 03:49:52 UTC439INData Raw: fd 6f e7 61 e5 9b 66 58 86 a0 33 c5 b3 b4 17 36 2c 67 dc 61 5d 33 9d 44 c1 9d f2 b3 8d 40 42 ee fd 1b 1a e8 55 5e f5 4a f6 5c 89 78 f7 24 76 a8 f8 2e 58 00 49 82 5f d2 f6 fa 12 6c 20 6e 22 2c bc 7f 12 bc 35 2e 13 b8 0d 6e 20 74 05 5f 7e 20 42 87 04 2c bc 9f 72 39 51 2e 20 98 eb e4 a7 9c 31 1f 13 3d 4b 67 1c 3c 86 ee 9a be 98 6f 13 b8 42 90 2e b8 bd 2a 51 b7 a9 ea 3a a9 bc 29 33 ed b2 eb 0d a9 1c 6f 1b 39 5c be 12 39 44 6f 93 b8 f9 2d 66 91 d5 34 d2 10 ef 9b 73 ab d5 bf 52 b8 4d 9e 63 96 34 1e 15 cf 58 1d 7f e6 3c ab 52 be bd ac 9e ec 99 6b 41 e8 55 6d 32 aa b3 67 90 40 bf 1b 3a 8c d5 0f a5 bb 15 d9 10 09 c9 87 28 3f 06 6c d3 24 9c 42 98 b2 36 ae b7 0c a4 7f 27 cd d4 bf 13 fa de 97 1f cc bd 6a 90 40 b0 1a 4b 4f 7c a6 02 db c9 3f 03 b9 c8 24 93 a5 fc 2d 13
                                                                                        Data Ascii: oafX36,ga]3D@BU^J\x$v.XI_l n",5.n t_~ B,r9Q. 1=Kg<oB.*Q:)3o9\9Do-f4sRMc4X<RkAUm2g@:(?l$B6'j@KO|?$-
                                                                                        2023-09-15 03:49:52 UTC455INData Raw: fc ee 75 80 3d 79 2f f3 87 23 52 82 ed 3e fb 08 33 26 29 f4 fd 57 2b ed 7d 7c 33 78 bf 3f d3 ba 81 0f 12 a0 9e 0f 12 d9 bd 4f cf 70 dc 70 cd 79 f0 0b 11 9c 5c 6d f5 a0 c8 69 d3 ba 99 5a b3 a4 65 cd 0f e0 1c 73 73 bc 55 07 38 f8 3f 4f 10 8c 3d 6e 27 b8 a9 b3 1e 88 9d 53 1a a8 75 7b b1 be a3 07 11 88 dd 6e 7b 64 86 66 03 d0 bf 6f f3 bb d5 23 fe b1 ad 05 d3 5d 55 8c 9e ba bd 8f 2f 98 99 6d 43 da 81 3b 37 f4 34 28 17 b9 7d 6e 33 31 aa b6 08 e7 e3 2f 48 33 58 32 d0 74 bb 6f 46 b8 36 83 90 5c 45 ee ff d4 bc ef 1a 8b 7d 3c 45 33 c8 67 13 31 bb e6 55 bc 34 29 1b b8 34 29 1f 8b 6f e6 55 a8 fd e4 56 b4 86 ad 44 3a 3b 3b 03 9c b1 1b 59 38 e5 96 92 5f bd 6f 13 47 42 ee ec b8 bd 67 8a fa c8 4e 36 a4 36 ae 36 ba 42 0f 1b 3b 45 63 67 ee 3e ef eb b5 c9 3e 7b ae b9 8a 00
                                                                                        Data Ascii: u=y/#R>3&)W+}|3x?Oppy\miZessU8?O=n'Su{n{dfo#]U/mC;74(}n31/H3X2toF6\E}<E3g1U4)4)oUVD:;;Y8_oGBgN666B;Ecg>>{
                                                                                        2023-09-15 03:49:52 UTC471INData Raw: 7f ec f9 b9 bd 4c d9 8b 6f 57 07 a0 36 af ca b7 29 ad 20 66 0c 3f 23 b9 bd bc 20 69 86 aa 9a ec 3a 47 ef c4 70 1f 1e a4 5d e1 0b bb be ff b8 98 ec 5f 12 cd 13 34 4d b0 e0 5c d3 0a b7 ea e5 c6 cb 57 9e bc 30 ad b9 68 b7 0e 14 8b 4b 4e f3 be ef e2 b7 9c 4f 69 17 0f b9 5c da 89 b1 ae 20 6a 3e 86 3b b9 3c 8e 31 b4 75 bb 14 8b 74 6a a2 be 7f fe 00 80 b1 79 98 68 2d 60 87 79 8e 2e 08 7e bc df 11 b9 cd 66 db 83 48 e6 5f 0f 41 9b 6f 01 82 67 8a 8f b5 9e 00 69 e8 de 13 87 cd 7b a2 ed 0f 6f e2 a4 bc ca d3 bb b5 05 b3 b9 30 27 12 e9 4c 70 03 58 f3 e1 23 eb 9b 3f 30 4a ea 83 2f eb 29 3a 01 a8 2d 3a b0 8e ce 54 cb 50 30 ec 83 b8 8d 44 33 d2 c1 07 af 9e e8 45 3f 9b e8 04 41 ba a9 af 34 84 7e ba 62 97 eb bb 47 88 5d 6a 72 08 bc ba 47 30 f5 87 54 eb b9 4e 79 c5 e2 6b 19
                                                                                        Data Ascii: LoW6) f?# i:Gp]_4M\W0hKNOi\ j>;<1utjyh-`y.~fH_Aogi{o0'LpX#?0J/):-:TP0D3E?A4~bG]jrG0TNyk
                                                                                        2023-09-15 03:49:52 UTC480INData Raw: e2 ef e4 97 e8 a9 5f 13 a0 ef e4 40 38 bc 6f 43 a8 55 1a ff 47 42 ea 5b 78 b2 e2 e2 be d5 7c 65 a9 f5 ad e6 dc 9d 3f fb 91 be 5d 35 68 a3 3c 91 b8 7b 7e 7b b6 6b 6d eb ed a9 05 63 4b 55 b3 11 e3 bf cf 29 ec bf 9f b9 87 08 79 3d 09 ab dc 9f ba bb e9 11 6a 6e 5a 3b d0 92 ee 11 32 36 6d c1 95 0d a3 df 39 51 3e 2a 08 b0 47 72 b8 bd eb 37 80 bc c9 a9 b8 bd 6f 9e f2 42 be ea eb bd e4 8f 9c 9d 6e 13 b8 34 ef 5f 9c f9 e4 9f 9c 8d 6f 43 38 e8 ec d2 47 eb e4 a7 ba e5 6f 20 55 6c 96 d2 50 bf 54 11 4d bd 13 7f 31 d1 4b 23 31 b5 eb 37 fc bd 33 66 a9 e3 32 13 00 43 90 ec 47 e6 ee d7 ba ad 6f 0d 7a 95 6f 2a 14 99 3d 37 b8 af 1b f5 b8 31 57 13 a8 84 ee 10 22 c0 60 4d e5 3e a7 1a f6 b5 fb 37 94 bd 7d 6f 50 3e 96 13 a8 c0 8c 90 42 ad 12 cd b8 4b ae 12 cc 64 99 d1 b9 bd 1b
                                                                                        Data Ascii: _@8oCUGB[x|e?]5h<{~{kmcKU)y=jnZ;26m9Q>*Gr7oBn4_oC8Go UlPTM1K#173f2CGozo*=71W"`M>7}oP>BKd
                                                                                        2023-09-15 03:49:52 UTC496INData Raw: b2 c8 6d 11 40 c9 6d f4 61 74 05 15 60 bd 9c 9e bc a6 05 1a e8 64 47 da 66 4e 8f 2d ac cd 49 ca 72 04 eb 53 61 76 2f 2d 39 ff 0f 13 84 4c 6f 33 50 64 af cd 4a 3d 62 4f 9c b5 23 cd 49 ed 6f 47 50 be c6 16 68 e5 97 f0 a2 99 e6 6f 9c 8d e3 fb 8b ad 6e 53 a1 b7 07 dc e9 3b 7d f9 b8 36 ea c8 1a 2f 2d 03 b7 ab e1 32 a7 bd 70 3f 5d ad e4 c5 61 bf 81 23 2b 96 1b 37 94 64 87 17 33 46 2d 0a ba 3e ad 03 64 bd 0b 37 d8 3e ae 03 bd 2d 6e f2 df 52 6e cb 74 64 8f ce 90 f9 61 e3 d8 bc 07 a1 b8 fc 87 53 65 ed bf ce 20 cd 1f 3a 65 bd 2e e3 65 ed b7 ce 20 c5 ec a3 b8 2d 64 43 58 60 3f 93 38 b6 6f 43 20 60 3f 83 65 ed e7 13 65 ed a7 ce e8 7d b2 43 3a 05 5f 10 60 77 b2 4b 18 4d 6d b6 c9 bd c7 83 be e5 df 57 b9 55 2b 12 fa 4d 2e 12 40 b2 ea 65 8b d1 5f 53 65 65 b2 c9 65 65 3f
                                                                                        Data Ascii: m@mat`dGfN-IrSav/-9Lo3PdJ=bO#IoGPhonS;}6/-2p?]a#+7d3F->d7>-nRntdaSe :e.e -dCX`?8oC `?ee}C:_`wKMmWU+M.@e_Seeee?
                                                                                        2023-09-15 03:49:52 UTC512INData Raw: b7 12 b9 10 6f 30 7b 33 6b 34 3b 37 c8 dd 62 23 93 9f bf 83 b8 f5 6c d1 08 bd 1f f8 ba b9 ff 11 c8 60 6e 90 79 b5 ee a3 a8 cd b2 09 35 b1 9a 82 db ad 6c c2 3b d1 2f 15 cd 5c 54 1b 7e c0 42 d7 bc 36 a7 1c 17 bd a1 10 77 30 53 d8 33 73 ee f3 bc 96 a7 ce aa 30 6b c1 ba 3d b2 04 3b 7f 67 10 40 2c e2 91 53 ed 5b 47 b9 c9 4b 3f 88 bd af 37 83 43 60 9f cc 3d 02 13 84 fa 3c 40 4c c9 1e 29 d2 b8 3d e3 83 ec b3 fb 08 2d 35 11 83 f9 7b 9f ba 95 4e 96 53 ad 6e 02 a9 ed 2f 11 3d fd 6d e3 05 dd 04 30 78 9c 0f 2b d0 61 6a c2 26 60 6a d1 50 4d e2 ca 71 55 a8 03 8b 5e 57 b7 66 5c 69 2a ea fb 9b d8 b9 ed a6 a6 c9 8e 8b 60 91 b3 af 17 b8 8a 6b 83 90 c8 ee 54 d2 fd e4 00 98 bc 1f 84 fc a3 0b f4 ae be 6e bb a8 be b3 54 b9 84 9f 55 fa be 95 db fc be b1 43 b9 0d f6 42 b3 9d 53
                                                                                        Data Ascii: o0{3k4;7b#l`ny5l;/\T~B6w0S3s0k=;g@,S[GK?7C`=<@L)=-5{NSn/=m0x+aj&`jPMqU^Wf\i*`kTnTUCBS
                                                                                        2023-09-15 03:49:52 UTC528INData Raw: c8 33 f8 12 88 f3 b7 d9 e8 bd 2f ca 90 78 b7 de 0a 1b 3f b2 0e bf 93 44 6a 08 5e 1b f8 bc a6 13 ba 95 ae 73 66 85 a3 cd 7b ec d5 d3 21 dc 7f d3 66 af ab 13 2b e5 93 22 a8 b2 e3 4b 71 ef b9 ce 60 6c 7e f8 bc 2c 6f 43 ed 99 23 12 08 da 6c 6f 08 2a ac 12 de 86 cf aa fa aa e3 ac d8 2a cf 87 61 7d 05 13 65 65 87 55 18 db 58 24 34 d5 91 28 ee cf 2c e8 50 8e 2d 11 0d 9c 55 04 53 bf 98 b8 ef 59 6d 17 5e bf 5b fb 5b 57 6d e0 87 fd 7d 4a 50 6f 14 61 ba ac 6c a5 a3 be 8f 7b 31 e7 6d 15 50 91 86 20 98 54 88 c4 74 8d 37 e5 3d bd 90 9e a4 c2 e2 0f 65 95 ce 13 bb c2 49 7b 31 cc 6c 93 c9 be c5 4f f9 bd ab 82 be 90 fe 15 d0 2e 69 13 33 7b 31 48 7b ee 87 61 d9 6e 69 98 48 55 39 83 b8 2d 3c 30 04 d5 e4 85 bb 2f 3c 82 bb 2d 3c 22 d1 be 4f 79 b8 eb 87 7d 98 8b e2 55 3a 95 9f
                                                                                        Data Ascii: 3/x?Dj^sf{!f+"Kq`l~,oC#lo**a}eeUX$4(,P-USYm^[[Wm}JPoal{1mP Tt7=eI{1lO.i3{1H{aniHU9-<0/<-<"Oy}U:
                                                                                        2023-09-15 03:49:52 UTC544INData Raw: 35 61 23 96 79 8a 99 18 4c d6 01 e2 b3 ad 6a ed b4 12 07 06 ba 5d 68 4c d1 78 6e 83 b3 b2 05 be 7d bc 90 d5 b9 0f 55 93 98 aa 47 92 b2 b8 5f 28 84 6c 5f 98 4a 30 63 2b 38 96 98 f8 bf 30 cb 37 4b 86 33 2f 89 4d 54 03 91 9c 53 ae eb b9 16 30 e8 b9 cd 13 60 f9 ea c3 84 38 93 bf c4 65 ce b0 f8 99 7f 42 85 bc 5f 31 b1 4d 72 27 b8 3d c0 3b b7 38 56 cc 70 99 91 33 47 99 90 37 4b 99 bb ec 9c 4e 6c 55 b0 ac 2e 12 bb 3e 83 1b e9 82 86 46 3c 82 47 e3 9d 3f 8c ab d4 1d 29 d3 1c be a6 21 b8 6f 39 93 36 a5 af 2c 61 8d 49 23 31 1d 6c d3 87 a9 99 1d 09 26 6e 23 9f 85 6e 9e fa 41 5c da a8 38 af 6f c6 6d 7e 3f 33 40 6f 38 43 30 2c 17 33 63 e2 1b ed b1 e6 83 bd 96 b2 f8 b2 be 9c 51 88 ae 47 10 40 64 6b 0c 98 3e ae 17 60 b2 bf 13 8c 3e eb d4 44 79 1e d1 a8 86 a0 73 9b bd 4f
                                                                                        Data Ascii: 5a#yLj]hLxn}UG_(l_J0c+807K3/MTS0`8eB_1Mr'=;8Vp3G7KNlU.>F<G?)!o96,aI#1l&n#nA\8om~?3@o8C0,3cQG@dk>`>DysO
                                                                                        2023-09-15 03:49:52 UTC560INData Raw: 39 e7 33 11 78 af b7 63 3b f8 b7 1b 38 f4 2e 5e f9 db af 26 f9 bf 8b d3 97 b5 6e 11 7b f4 33 03 b9 bc 72 90 7a b5 54 5e 54 34 7f 46 48 c1 fb 93 88 3e 12 3b 78 bc 11 40 65 b9 a7 91 90 79 0d 13 e4 75 97 98 fd b5 b6 17 f8 35 e4 d2 93 f8 73 d2 dc 60 43 17 6f bf 41 d3 a6 77 2f 9a 61 7c 2b cb 72 fc 65 cf bc 7b af 03 65 9d 73 dd 64 7c b2 93 8c 63 ad 03 61 74 b2 0f b8 d9 a7 f8 be bd b2 c9 65 65 b2 ca 3b d0 6f df b9 b2 ea 92 44 42 90 13 65 65 5c d3 35 d8 db 4c b8 e3 34 98 f5 41 5c de 50 bd a7 30 b8 bd e4 f6 e5 7f 6f 3b b8 71 a3 46 33 51 ec 13 54 ed ce 43 b0 b7 7f 20 b8 78 e6 56 44 36 2a 1f eb bd e4 4e 90 eb e4 66 a8 ea 7f 9e a4 60 67 53 ee ee ae fb b8 be 05 13 ee 34 2a 1f 50 3f cb 52 b6 f8 7b 98 c5 a5 af 17 98 34 2a 07 bb 7d 2e 13 3b 79 6f 1f 3d 42 e2 67 be b5 1b
                                                                                        Data Ascii: 93xc;8.^&n{3rzT^T4FH>;x@eyu5s`CoAw/a|+re{esd|catee;oDBee\5L4A\P0o;qF3QTC xVD6*Nf`gS4*P?R{4*}.;yo=Bg
                                                                                        2023-09-15 03:49:52 UTC576INData Raw: ab c7 44 f7 ab 90 8f 00 09 bd 18 9f 38 a1 1f e3 d9 cf 06 60 71 78 d0 17 9f c4 9a 3f 47 a2 70 89 ba 50 40 ac b6 04 61 7c b6 69 57 60 bb 8c 0f 9c cc d2 08 43 cb 1c 2c 5c cc a1 1c 66 1c b7 c9 04 ed 09 0b 76 d6 c4 9f 5c 89 f9 78 10 0b af dd 54 2d 3f 6f 45 78 cd d5 62 37 9d 1f 9c 87 f5 3c 77 58 d4 09 75 dd cf 2e b6 aa b5 ac 1a b8 fe 39 4c ec f5 3d 56 eb bd 27 4c fa f4 21 52 ea e4 ac b1 b2 f0 6e 4c f1 f3 39 33 b7 a9 21 ec 59 ff 7c 17 44 cb d0 15 0e bb 86 67 6f a6 ae 59 67 0c 1b 3b b7 7c 0a 91 b1 a8 09 64 f8 f4 0c 43 a7 db 23 a1 e1 03 b8 e0 14 d2 52 13 b8 fe 8c e3 26 90 55 33 da c4 2d 0f 8d a6 9a 0b e9 ce be e2 87 bc df 13 ba 8d 6f 10 45 8d 6f 17 cc bd 9e 13 c9 bc 6e 13 47 bc 98 12 39 8c 76 72 c8 cd 1d 7c c0 8e 76 d1 f1 bf 5d 70 cd cf 19 83 a8 0f 65 6d cd 7e 46
                                                                                        Data Ascii: D8`qx?GpP@a|iW`C,\fv\xT-?oExb7<wXu.9L=V'L!RnL93!Y|DgoYg;|dC#R&U3-oEonG9vr|v]pem~F
                                                                                        2023-09-15 03:49:52 UTC592INData Raw: 88 bd 93 52 88 bd 7f ba b1 bd 4f 23 b8 87 3a 23 b8 ff 5f 13 ea 8d 6f 4f 88 bd 05 46 88 bd 1d 23 b8 c1 5f 13 30 8d 6f 8b e1 8d 6f 1f 12 0d 6d 23 b8 97 5f 13 8a e8 5f 13 84 8d 6f 57 88 bd 3b 23 b8 db 3a 23 b8 d3 5f 13 3c 8d 6f 8b 88 bd c1 46 88 bd d7 23 b8 77 5f 13 6a 8d 6f cf dd 8d 6f ff 88 bd 6d b8 08 b7 5f 13 ae e8 5f 13 98 8d 6f 3f 88 b5 59 63 b8 fb 3a 23 b8 ef 5f 13 de 8d 6f 61 88 bd e9 46 88 bd f9 23 b8 11 5f 13 06 8d 6f df 2d 8d 6f f5 88 bd 99 23 b8 b5 c3 e3 b7 e8 5f 13 90 8d 6f 29 88 bd 23 23 b8 e1 3a 23 b8 d5 5f 13 c0 8d 6f 9b 88 bd f9 46 88 bd cd 23 b8 0d 5f 13 78 8d 6f df ed 8d 6f c9 88 bd 85 23 b8 41 5f 13 be e8 5f 00 aa 8d 6f 0f 88 bd 47 23 b8 8d 6f be 27 07 ef 1a b8 ff c2 1a b8 ed 6f 23 12 e5 6f 23 d0 bd 5f 65 b8 a5 e7 13 a0 97 f5 13 a0 19 6f
                                                                                        Data Ascii: RO#:#_oOF#_0oom#__oW;#:#_<oF#w_joom__o?Yc:#_oaF#_o-o#_o)##:#_oF#_xoo#A__oG#o'o#o#_eo
                                                                                        2023-09-15 03:49:52 UTC608INData Raw: 8d c1 58 92 8f 3b 58 17 84 89 53 6d 84 74 53 0a 85 14 52 13 b8 bd 9f 13 b8 9d 6f 13 b8 98 5c 26 8b 34 5c c0 8b a9 5b 5e 8c 4d 5b 14 8e 74 58 46 81 e2 56 79 81 bd 6f 12 b8 ad 6f 13 b8 71 56 c7 81 61 56 13 b8 bd 7f 12 b8 e5 6f 13 b8 94 5c d5 8d 76 5a c3 8d d7 59 7c 8e c9 59 1e 8f a9 58 31 8f 8b 58 2e 8f e8 58 49 8f e2 58 60 8f c5 58 6e 8f 21 58 d6 8f 4d 58 e6 8f 47 58 64 80 c2 57 82 80 24 57 2d 82 fe 55 5b 82 1e 55 a0 82 ae 54 48 87 dd 50 76 87 6d 50 c6 87 67 50 13 b8 bd 4f 12 b8 f1 6f 13 b8 95 5f 3e 88 8f 5f b1 88 1a 5f bf 88 ea 5e 4f 89 dc 5e bf 8c 0c 5b a5 8c 79 5b da 8c 73 5b cf 8c 5c 5b f5 8c 4c 5b e5 8c 46 5b 15 8d b6 5a 03 8d db 5a 6a 8d 3d 5a aa 8d 0d 56 a4 81 00 56 2e 82 db 55 13 b8 bd 5f 12 b8 a1 6f 13 b8 48 58 ef 8f 38 57 98 80 63 57 18 85 ac 52
                                                                                        Data Ascii: X;XSmtSRo\&4\[^M[tXFVyooqVaVo\vZY|YX1X.XIX`Xn!XMXGXdW$W-U[UTHPvmPgPOo_>__^O^[y[s[\[L[F[ZZj=ZVV.U_oHX8WcWR
                                                                                        2023-09-15 03:49:52 UTC624INData Raw: f9 9a 68 57 db bb b3 17 f9 55 9d 32 65 e7 8f ce fc bd a8 eb 64 fc 9f ce e2 55 42 e1 99 91 99 32 b9 dd 43 e0 99 7e 44 0d 68 bc 62 63 8c bd 62 b3 d0 57 6e ce 60 e1 67 eb 4a 9c 4e 71 98 4d 4e f2 d9 44 ff 06 3d 6d 99 32 3e a3 90 9e 47 30 9a 9e fa f9 90 9e 74 3e 83 1b e9 dd 47 52 18 e2 3a 45 ef c8 22 13 a3 85 8f 96 47 b2 eb 79 f9 a1 0f 0a 38 a1 62 12 0c 99 fe 17 4a d2 d9 02 b7 0b 63 0b bb ed 68 c3 78 95 44 c0 32 bb fd 12 7b dd ad 9b ae be 9a 96 a0 42 1a cc 21 7d ed d1 b7 39 71 4c 09 b9 ee ab c9 b2 cf 07 58 a3 57 01 e6 4b 6a 22 31 1f ae 36 45 96 95 98 61 bd 44 c9 35 ff 6e 98 6d 96 72 b3 a9 34 4f 46 98 e3 6e 72 ac 56 7c 2f 53 b4 bb 9f 48 ff ef 12 b9 15 60 a5 b8 a1 68 1c 0e a9 65 1c 0e bd 57 38 43 b2 d9 4b 47 96 3f c9 b7 0b fc a2 b0 35 6f 19 2f a8 3d df c4 ed a3
                                                                                        Data Ascii: hWU2edUB2C~DhbcbWn`gJNqMND=m2>G0t>GR:E"Gy8bJchxD2{B!}9qLXWKj"16EaD5nmr4OFnrV|/SH`heW8CKG?5o/=
                                                                                        2023-09-15 03:49:52 UTC640INData Raw: f9 41 6f 3a 78 b5 60 9f 4f 9d 33 9e f3 b1 44 11 67 3c f2 98 66 96 b0 9e ff ef 6b 93 23 c0 67 f3 b9 f1 ef 50 e8 9d e4 4b 44 38 b4 93 b9 8d 60 3f 3c 4c 4f 57 fa 27 ab 13 b9 36 17 1b bc 38 90 13 bc ad 60 97 0d 38 ad 12 b0 7f 6e 0b b7 39 c9 d3 b9 19 b4 13 58 99 5f cb b9 9a 77 d3 20 ab 7f 37 2e 1b fa 03 1e 28 5f c8 f9 15 9b cd 72 7f fa 0b 98 97 77 b1 d0 3c 6f 5f 63 b9 68 c9 f0 41 ef 98 ba ad 47 10 9c 66 2e ef 62 f5 65 1b 18 bf 5f bb ba 95 b4 53 bc e9 b5 1a 3c bf 5f 93 ba 8d cd 71 c4 ae 6f 1a 39 a5 53 85 f8 bc 4b 9a 84 3f 6c d3 b8 95 e6 6f 2e b5 8f 13 b0 91 86 c4 18 a9 ea c8 cc 9d 3c d3 b7 1d 55 c9 cc 37 68 2f f8 b9 53 86 18 a4 5f 51 db 8d 2e 70 33 85 8c 08 ee c9 ca 00 1b bb 77 fb a8 fd 4f 10 f8 1c 4f 52 47 36 37 17 da 9b 7f d2 b3 6b 93 10 bd 74 77 57 58 af 2b
                                                                                        Data Ascii: Ao:x`O3Dg<fk#gPKD8`?<LOW'68`8n9X_w 7.(_rw<o_chAGf.be_S<_qo9SK?lo.<U7h/S_Q.p3wOORG67ktwWX+
                                                                                        2023-09-15 03:49:52 UTC656INData Raw: ae 5c 7d 73 a5 7e 6f 40 ed d7 1f 79 b8 eb 87 03 6d ae 65 13 f8 a1 5f 9e fd 28 0f 08 b4 9d 61 a8 ba b3 69 63 b9 fb 4f e8 cf b3 e4 2f 9a b3 e4 0f a9 5f 62 fb 6e 39 4d 0c 9d d5 72 54 9e b1 4d 0c 9a b1 90 fb ff 9e 63 4e b8 e6 30 20 78 e3 ac 79 bc bd 38 98 85 99 7e 18 a8 30 6f 55 ac ed 90 c4 d2 b9 e2 53 f6 a5 3c 42 47 6a 2f 6f 88 fc 4f ba 3d 42 60 9f f1 bc c2 4f 38 99 73 96 63 b2 e3 2e d9 bc 6e 72 d1 45 6e 67 91 3e 97 1b b8 c9 4b 2e b0 bd 6f 93 cc bd 72 90 40 ad 1b 0b 85 ad 7e 72 b9 ac 52 33 79 bd 65 90 40 bd 4f 67 bd 3e 97 53 cd b9 3b 96 55 1d 7e 3a 1e ac 1f f5 a5 52 73 fb 01 3d 7a b4 a9 1d 73 3b 3b 40 ee 53 b3 38 82 67 9d d5 44 35 be 9f 33 35 be 51 87 94 93 bb 3b 37 b8 91 ec e9 bc c9 45 90 42 97 67 53 be 93 29 15 f4 fb 69 f8 50 bf 3b 58 be f3 5f 96 71 34 11
                                                                                        Data Ascii: \}s~o@yme_(aicO/_bn9MrTMcN0 xy8~0oUS<BGj/oO=B`O8sc.nrEng>K.or@~rR3ye@Og>S;U~:Rs=zs;;@S8gD535Q;7EBgS)iP;X_q4
                                                                                        2023-09-15 03:49:52 UTC672INData Raw: 44 51 63 57 b6 b5 6e ca ba 53 63 11 61 ff 6b 12 96 b0 6c 90 79 b9 ec d1 a8 9d 54 d8 b7 31 4f 53 e4 86 a2 57 c5 82 ae 2f 61 b9 e5 fe 81 8c ef 90 79 bc 54 de c4 7c 2f 4f f9 bc 05 0b bb c9 4b 37 38 e0 43 d6 b8 d4 c9 15 d1 e4 ad 0f 32 d5 a3 74 bc 3f 6d d3 df 36 33 37 ac e8 67 10 78 eb a6 75 bf 30 cb 37 83 7c 30 93 d6 95 a6 7b 79 9d 2f 61 a0 3e 6f d6 45 3e a9 1b 33 42 b6 5d fe 68 08 14 e5 55 0c ca fe fe 5c 54 a3 fc 33 f8 bd b1 5c 45 99 a0 64 ca be a2 f0 1f 31 b1 ac 21 27 b1 e7 1f fc b6 6e cf 61 fb 6e 64 67 b1 a9 1f b4 62 63 dc b4 0d 6d ca fe ad b0 1f 71 b1 7b cc b4 be a0 1f 5a f1 a9 33 83 70 60 9f 96 e5 cf 52 59 85 0f 5e ce dc 58 ca bc db a1 0c a8 b5 7f 57 76 42 46 9c 8e a4 6e d2 eb f1 4b 3b c4 31 84 17 0b 1c 61 d3 eb ad 6c b3 2d ff 3b 9a b8 bf 5f 1c 3d 22 92
                                                                                        Data Ascii: DQcWnScaklyT1OSW/ayT|/OK78C2t?m637gxu07|0{y/a>oE>3B]hU\T3\Ed1!'nandgbcmq{Z3p`RY^XWvBFnK;1al-;_="
                                                                                        2023-09-15 03:49:52 UTC688INData Raw: 61 8d 54 17 3a 34 bf 64 99 be 84 33 b0 30 0b 37 b8 7d 7f 27 33 bd 2b 18 bc 96 28 17 3b 7c 6f 23 21 36 b7 98 be 96 68 03 8b 67 44 c9 ba ac e6 52 68 bd e6 4a 6c 36 29 1f 93 fa 67 1f 3b 7b 8d 12 fe 65 44 54 ba b5 67 11 60 34 36 cf 33 fb 7f f7 93 fa 7b c1 b9 5d 44 54 ba ad b7 12 58 34 36 f7 33 fb 7f ff 93 fa 73 c1 b9 55 44 54 ba a5 b7 12 50 34 36 ff 33 fb 7f e7 93 fa 4b c1 b9 4d 44 54 ba 9d b7 12 48 34 36 e7 33 fb 7f ef 93 fa 43 c1 b9 45 44 54 ba 95 b7 12 40 34 36 ef 3b 50 62 c3 a5 87 9f 95 e8 ac 4f 90 78 b1 6b 96 78 3c 62 6d 99 96 98 98 b8 62 44 dc 33 55 e2 5a b8 bd e4 17 a6 96 6c 90 7b b9 6c 41 bb 4d 6d 9a fc a4 93 66 52 76 7e 0b b8 af 7b af 3f 22 91 4d a3 4a 75 b9 ac 4b 75 3f 48 a7 68 00 ee 95 90 09 2e fd 9f 09 b9 ab 73 e3 a2 9d ff e3 ef ff 5b e3 a2 81 6e
                                                                                        Data Ascii: aT:4d307}'3+(;|o#!6hgDRhJl6)g;{eDTg`463{]DTX463sUDTP463KMDTH463CEDT@46;PbOxkx<bmbD3UZl{lAMmfRv~{?"MJuKu?Hh.s[n
                                                                                        2023-09-15 03:49:52 UTC704INData Raw: d0 42 1b 0f 48 ad af e5 a8 bd 7e 92 38 7c 6f 93 47 42 e4 d2 68 37 65 23 68 9a 43 82 bb 61 2a 33 de bd e6 57 cc f5 ec d5 b9 3c 79 ed c9 bb 0e 16 31 7d 6e 6f 1f 30 5f 57 9c f5 3f 53 b0 8d 6f 0b e8 bd e2 17 87 ed 3c 42 ea 55 1f 1d f5 bf 6f 56 ab 8c 62 53 ab e6 bd 9e f6 16 6f 32 5e 14 65 5c 13 ed 6e 5d 4c f2 c4 52 9f f2 c4 37 80 7f 75 97 3c ec 78 01 8b 91 e2 1f 87 7d 7d 39 fc 96 c4 30 59 89 13 f3 ea 7a 6b 53 33 42 60 a5 b4 bf ef 8a 80 fd 60 bc 76 30 e3 0a 6a 1f d9 53 e4 bf 6e 1c 17 63 9f 10 80 08 8d b1 8b 5f cd 8a 09 af 8e b1 7b 5f 7d 1b a0 8e b4 b2 1a 7e ec f8 b9 a9 ee f0 5a af ac f1 aa 76 09 9a 68 f2 93 9e 36 3f 7a d2 2c bf d6 b1 bd 3a 7a e2 d9 ba 09 9a cf 43 60 a3 0e f1 6d 11 69 b7 54 1b bb 82 67 64 87 b5 50 1b 8b b5 60 3c b0 92 67 33 b0 f0 c1 0b a8 b5 ad
                                                                                        Data Ascii: BH~8|oGBh7e#hCa*3W<y1}no0_W?So<BUoVbSo2^e\n]LR7u<x}}90YzkS3B``v0jSnc_{_}~Zvh6?z,:zC`miTgdP`<g3
                                                                                        2023-09-15 03:49:52 UTC720INData Raw: 90 ad 3c 03 b5 bf 7f b0 10 34 8f 13 1b 11 2f 13 00 8d 61 f3 b8 f7 df f2 b8 09 8e 13 08 b2 8f 13 00 f8 8e 13 04 fd 6f d4 bd 7d 3f 13 a8 a1 7e 11 28 bd ae 15 5a e8 e3 37 58 ac 0e 13 3c 99 b3 72 b8 29 4b f7 93 dd 6f 13 df 95 7f 12 50 1c 6f 5f 9c bd 43 44 35 f1 4b 3b 31 e9 ef 37 8c ec e2 87 9c 7d 9c 12 be 81 9f 12 39 be 3d 43 50 25 8a 92 79 cd 7f 98 50 55 d1 62 2a 35 37 34 d0 6d cf 16 bb eb 3f c2 f1 29 2e 23 83 d7 90 fb 97 cf cc 5a e5 b9 ee d7 e9 b2 ac 98 fd bd 39 23 33 4d ee f5 39 d5 7f 9e 98 7c 6f ed bb 3e 89 2c 3b 7b 6e bb 3b 43 6e e3 b8 99 0f 15 a0 6d 35 9d 63 7b 6b b1 f6 7f 6b e2 50 5f df 15 ad 7d 6b 4d 6e b9 3c 43 b2 ed e2 4f 39 cd 7c 5f 9c a5 ec f8 bc 4f 58 43 33 f9 d3 23 e9 c7 f2 d2 b5 e9 2c 63 b9 0d 59 12 d2 bd 05 63 b3 3e 6b d0 bc 6d 7b 23 50 64 8b
                                                                                        Data Ascii: <4/ao}?~(Z7X<r)KoPo_CD5K;17}9=CP%yPUb*574m?).#Z9#3M9|o>,;{n;Cnm5c{kkP_}kMn<CO9|_OXC3#,cYc>km{#Pd
                                                                                        2023-09-15 03:49:52 UTC736INData Raw: 40 96 95 a3 ba bf bf c2 b9 ff 67 38 3c 99 8f 12 28 bd bc ec bb 45 84 29 93 6d ad 8a 4f 43 da 12 40 6a 6e a3 b9 26 50 1a 8b b4 3c 20 b1 69 55 90 76 7c 68 bd da 7d 68 f2 8b 79 68 38 7f ba 4f 13 bd 3a 5e 2a 88 bb de 29 6b 45 e4 e3 eb bb 8e 32 d0 be 9f f8 fe c9 6b 77 ba 6e 67 5c ea 80 14 11 67 b5 bc 1b 7d ac 7c 01 4e a9 e4 d5 a8 af e3 00 aa fc 77 38 b8 65 44 d4 83 65 e6 8f 9c bf eb f3 bb c3 6d 98 60 38 b4 1b b7 33 71 f2 8e 6e 05 12 4f b3 b5 06 df bc 7c 03 df d5 9c b6 ea 8a af 61 19 c0 9a 4c 9c 4d 30 e2 b8 ed 9c 63 1d 55 0e f8 e8 8e ff 51 98 b9 b4 06 fb f1 17 e3 f4 01 6e 54 e4 99 77 a8 4c dc 0c 26 95 5d 63 12 cc 9d 46 63 69 8e 5b 38 70 cd 48 07 49 df c4 50 d4 99 25 07 49 88 2b 40 ba be ad 71 d6 cd 5b 61 9b ad 6e 7f 29 e1 5f 1a 33 c2 b6 b3 94 c4 63 53 e5 5d 48
                                                                                        Data Ascii: @g8<(E)mOC@jn&P< iUv|h}hyh8O:^*)kE2kwng\g}|Nw8eDem`83qnO|aLM0cUQnTwL&]cFci[8pHIP%I+@q[an)_3cS]H
                                                                                        2023-09-15 03:49:52 UTC752INData Raw: 45 23 41 e9 46 28 c2 ec 3c 10 ae b8 bd 16 ad 23 39 13 00 b7 14 bd c5 d4 95 bd f4 0f b8 f7 90 be 9c 3f 4b 9a 14 c9 6c 5f 9c 91 a8 07 b5 bd 48 67 b9 dd ef b3 bb e9 4b 33 2f 7c c2 53 b9 de 39 7d d0 eb 56 57 d8 a8 6f 9d e8 bc 6f 13 79 44 7f 13 b9 f1 4b 07 3d 66 60 9f fc 21 6d 53 ee d1 4b 0f 18 ba 4f 12 39 e7 ff 20 71 36 97 d2 47 b5 7f 90 57 bd 78 e9 bb c1 4b 3b ac 3e 92 d3 ed 7c af 45 75 bf 76 13 dc 9e a2 b2 ee 9f 37 d2 40 b6 4f 90 58 a2 e4 f8 b8 be 6c d3 ec be af 52 e1 68 2f 4a d4 fd 36 9b 99 3e 39 de b7 0b ba 73 a9 99 60 e7 0e aa cc 34 f4 bd 1f f7 9f bd 4a 53 bb 87 13 96 98 99 8f 0a d9 93 6d 32 30 aa 83 98 30 9c 26 d3 b7 9d d0 1b 00 b5 ef 09 b1 5e 54 db 33 7d 76 d6 bb 47 60 b3 0e 51 60 a5 bf 7d 67 db 58 b7 82 97 b0 75 0e 91 b8 29 ae d7 ba 7c 4e 56 bb 74 e9
                                                                                        Data Ascii: E#AF(<#9?Kl_HgK3/|S9}VWooyDK=f`!mSKO9 q6GWxK;>|Euv7@OXlRh/J6>9s`4JSm200&^T3}vG`Q`}gXu)|NVt
                                                                                        2023-09-15 03:49:52 UTC768INData Raw: 9e 8c 3f 78 f9 bc 2b 24 28 94 5e cf aa 99 dd 12 60 70 be 11 9e 65 a1 5e f8 ae a9 f3 dd 7d 3e ce e4 bd 6d 16 b8 d5 0e 18 a8 61 a1 ca 74 e9 b1 f5 88 bd a4 13 ac 5f ef 5d 7c a1 b2 0d a8 bf 4f 3f 09 dd 47 cd 53 b4 5f 06 a4 ab 3e 38 b6 b2 e1 09 bd bc 55 5f 28 88 2a 33 33 6c ae 5f 5a b8 1e 29 58 f0 6c c3 6a 87 a7 2b 35 f9 58 c2 82 ff 0f 73 fa 30 29 b2 b9 27 23 ce b8 02 ad 1a b1 2d 21 6a c9 93 23 14 ea a3 be 24 28 ce 3e 0d a0 d1 b3 1a cd 85 9d 13 90 7d 0d 86 b9 f7 ac 02 94 d8 6e 59 b0 60 6d e2 ec 8c 6b 06 2a dc ae 55 c1 71 7e 4a 60 70 b6 61 72 5c 1d cb 74 ef 30 81 c1 cf c0 d2 dd ad 4b 23 a9 99 23 12 98 ad 1e 30 98 12 5d 4e b8 cb ad 1a 0e ad a5 a1 a8 74 0f 1c 41 5c 33 4b 48 7f 13 63 e1 0c 67 51 c7 0e 6f e9 90 68 35 0c e9 24 ef 0a a9 b8 df 05 d8 0d 4a 11 9f bc 0f
                                                                                        Data Ascii: ?x+$(^`pe^}>mat_]|O?GS_>8U_(*33l_Z)Xlj+5Xs0)'#-!j#$(>}nY`mk*Uq~J`par\t0K##0]NtA\3KHcgQoh5$J
                                                                                        2023-09-15 03:49:52 UTC784INData Raw: 35 89 57 9a fd bd 8f 9a cd 45 e6 5e 6c 7a 2b 56 54 bc 28 1c 34 11 6e 68 b5 3d 8b d9 b5 ad 60 97 18 3d 6a 13 3b c0 ab 16 33 f8 9b 9a b8 f0 af 66 fe 86 ae 67 b7 ad 3f ec ad 55 6f 1d 3d 7d 60 17 34 e0 6f 27 d2 bd 05 1b eb 05 e2 56 4c bd 64 92 a1 bc 64 75 39 82 6f 46 4c 30 22 d3 e9 ef 90 17 ad 51 ed 19 c5 f7 07 96 b2 0d 6f 13 51 92 ef 1e 3c 9f 93 17 af 17 51 98 9a 45 6b 18 96 37 4d 13 38 6c 2a 92 b2 a2 ef 19 bb c8 af 12 f0 f8 6d c7 38 e1 84 7f 33 f8 8b 9e b8 f5 6b 1c 17 76 6c db b9 bd 22 eb 35 08 9b ed 47 42 4f 98 73 55 be 96 38 bc 9f 98 ba 38 ee 10 8b 6f 54 97 0d 4d 7e 13 ba 34 1a db f8 c0 ec ed b9 bd e6 46 54 c3 64 bb b9 c8 6b 14 00 bc 52 f8 ba 8e af 98 ba 39 ed 19 10 bc e4 66 40 c9 2d 1d b8 2d 11 1a 3b 7d 2f 5f fd bd 8b 10 48 3e 12 ff b8 c8 6f 10 bb c8 8f
                                                                                        Data Ascii: 5WE^lz+VT(4nh=`=j;3fg?Uo=}`4o'VLddu9oFL0"QoQ<QEk7M8l*m83kvl"5GBOsU88oTM~4FTdkR9f@--;}/_H>o
                                                                                        2023-09-15 03:49:52 UTC800INData Raw: 98 56 67 9e 1c 99 6f 09 b8 2d 6b 90 14 bf 4b 12 8b 7d ea ec 99 bd 76 03 b7 33 94 13 ae 30 5b 11 aa b9 4f 98 c4 99 4b 10 40 af 56 10 e0 c2 68 17 d9 38 bd 9a f8 c1 4b 0f b7 33 c8 12 99 62 6f 38 66 34 33 37 a0 30 1b 12 3a e8 4f 2a e4 99 7f 6c f7 bc ef 08 a8 be a0 10 42 30 13 13 c5 bd 60 a5 a4 ac 60 a4 3c a1 31 93 aa 95 60 a5 a1 bc 6a 93 de 34 33 56 b8 b2 d8 13 b0 bd 09 9a a7 30 73 01 bb 7e 4f 10 73 30 73 86 39 85 6c e8 7a 36 ef 35 83 7e 11 db bc e4 6f 36 38 a1 54 d4 c5 a1 84 10 38 c2 7e 93 9d b5 09 98 bc 9d 6c d1 83 95 a8 6f 55 bc 78 98 b8 e0 ec d2 18 bc ee d5 b8 bf 6f 6f 7d bc e7 1b 98 bc e6 90 a7 b2 ea 7a 47 b9 90 ec b8 d4 6c d4 93 77 44 dd 56 39 bf 17 b6 3f 16 9f ae bd 7f 17 d5 f3 6c 10 77 34 a4 95 9b 72 91 13 ab 31 6b 37 94 bd 69 4c e6 e0 34 20 b8 71 5c
                                                                                        Data Ascii: Vgo-kK}v30[OK@Vh8K3bo8f4370:O*lB0``<1`j43V0s~Os0s9lz65~o68T8~loUxoo}zGlwDV9?lw4r1k7iL4 q\
                                                                                        2023-09-15 03:49:52 UTC816INData Raw: 83 e8 77 9a cd b5 13 9c e1 85 65 4e a8 9f c5 42 b1 0f 8e 3c e4 1d 4b 0f 28 36 12 e3 b0 aa 6b 29 c8 b2 d9 44 b9 3e 76 f6 b8 bc 41 53 b3 59 6f e3 b4 7d 9e 0e c6 d9 e2 62 30 ad b2 55 19 8d 2f ce fe 1c 5f f9 80 6d 3c 15 9c 8c 29 c2 f5 5c 52 72 85 10 2e 92 9c b2 64 14 b3 e0 6f 18 a2 bf 64 53 98 86 3a 37 c4 14 b7 19 fd ed 7f 90 7f be 8d 22 31 8d 65 96 2a ee 6e 09 ed b1 cf 5d 33 e8 6f 5c c2 ad 2c 21 a6 3d 1a 59 8a 49 21 93 74 e8 6e 33 e4 89 3c 98 79 4a b7 45 b0 30 6b 91 da e1 be 1c 17 6a cb 3a ed 4f 5a 9a fd 9d 5d f9 9b b5 3c 32 8a 7d ce 9d 7d 2e c8 07 8a fc 7f ae fe ad 3f 22 a9 88 23 f3 b8 8c 7e 0b 5f bd e1 10 49 b3 48 01 09 e3 5f 6d d0 2c 58 e3 79 ad b2 52 e9 af cf 6e e9 af 6e 84 ee bc 9e 50 39 6c 67 f7 aa fc 6e 54 80 a0 eb 3e a8 b2 42 3f fc 0f 7d d2 90 86 57
                                                                                        Data Ascii: weNB<K(6k)D>vASYo}b0U/_m<)\Rr.dodS:7"1e*n]3o\,!=YI!tn3<yJE0kj:OZ]<2}}.?"#~_IH_m,XyRnnP9lgnT>B?}W
                                                                                        2023-09-15 03:49:52 UTC832INData Raw: 85 60 9f 09 8b 7d 36 81 a3 46 2e f6 a2 5c 2e a9 98 5d 75 68 59 a7 ca 52 b2 a6 47 10 a3 97 77 13 a3 9d 6f 08 90 7d 75 23 b9 f9 e2 6d 79 a7 90 6f cb 7d 7d 07 39 8d 6a 0f 35 ce 63 38 61 b9 2d 33 e9 b9 e2 56 a8 79 2e ca fa b8 4f 75 a8 3c 5d d5 a8 64 29 f7 49 3e 52 cf d8 6d 7f 08 e8 ac 4f 22 e8 ac a8 97 89 5d 7f 13 88 64 29 ff dc 8d 8f 06 21 1d 40 ca fe 4d 6e 37 85 c8 de e3 b0 15 43 98 7e 3e 75 68 0a ba 1b a3 bf 39 3b 9d c8 81 e4 1f 93 63 8e 12 1f df 52 33 85 7c 53 57 75 cd 67 a2 8f b5 bf d4 a8 64 28 21 b0 53 5c 1b 0b a4 be 4c b0 5d b6 54 e4 b5 28 46 b0 8e 67 23 83 73 12 3a 69 9d cf 07 ac 30 ef 17 37 96 b8 ca bc ad bd 25 ba 70 4f 32 bc 86 a1 ca f8 41 c4 a2 b8 0f 72 f7 48 ac 77 93 ba 9d 4f 09 e4 a9 6e b3 8a 5d 75 b2 a2 8d cf 09 17 7e ca 09 a8 8c b2 0b 8b 7d 57
                                                                                        Data Ascii: `}6F.\.]uhYRGwo}u#myo}}9j5c8a-3Vy.Ou<]d)I>RmO"]d)!@Mn7C~>uh9;cR3|SWugd(!S\L]T(Fg#s:i07%pO2ArHwOn]u~}W
                                                                                        2023-09-15 03:49:52 UTC848INData Raw: 3d 3a 3f 0a 00 bc c0 62 00 8d 64 c3 12 dd 4e eb 5a 0a ee 21 62 3f 4b b3 2e 86 bc 1c 35 27 bf 03 a8 b2 c0 c2 bb 4d 7d 0b 35 a9 dd 83 68 f6 60 bc 88 b9 ae 00 50 ad 8f 3b 35 b9 2d 91 6f 5d 0f 88 b7 0a ef 01 b9 c8 9f 9a ed 49 ef df 94 bc 12 32 bf df d7 cb 28 04 b7 ca 38 e1 ed ef c4 66 86 5a fd ab 55 e6 2a 93 b7 23 2b 2f 7e 93 58 09 e2 13 a4 f4 e2 0f 20 34 32 ab 58 30 73 db bb 7a cd 07 e8 1f df 16 ba 59 0d 04 b4 30 73 4b bb e0 2d 1f 59 e6 73 4b 31 e0 df 8a 5c c1 6c cd 58 aa 2d 05 88 a8 63 d8 84 a8 83 00 e8 36 50 06 e5 55 57 06 10 bc 3a 49 10 d9 6e cf 80 a8 8f cc 08 d9 6e d7 43 8a 7a 23 75 05 50 06 69 5d 4f de 18 33 1f 0d 72 51 59 06 54 8d 7a 46 58 7f cb b2 cb 43 25 e3 b6 9d 7a cc ac 62 7b cc ac 65 7b 62 a2 3d 3a 33 3b 7f 93 28 7a 0c 58 73 ed 49 60 9c 8e bd 58
                                                                                        Data Ascii: =:?bdNZ!b?K.5'M}5h`P;5-o]I2(8fZU*#+/~X 42X0szY0sK-YsK1\lX-c6PUW:InnCz#uPi]O3rQYTzFXC%zb{e{b=:3;(zXsI`X
                                                                                        2023-09-15 03:49:52 UTC864INData Raw: 5a 67 83 b2 a5 5a b5 c3 b6 ad 90 c9 ec b5 1f 7e 98 61 20 e3 bd cf 02 33 c4 d0 b3 72 50 61 20 b1 60 a8 6e cf d9 4d 28 1b 40 4f 68 2e cc d0 8f 13 b0 c0 02 53 ad 39 6d 5f 68 db 97 6a d5 bd 31 10 cd dd 56 a3 b8 75 e4 74 8f 2d 02 ff 28 ab 60 9f 2d 7f 56 91 5c bd 51 46 70 bc 3a cf 99 90 6f 56 6c bc 6c 5e 68 be 95 b3 33 e8 7b 10 6a ac 6f 12 e8 b9 44 60 a2 5d 76 5e 86 d3 87 21 d6 2d ab 02 87 d3 60 9d b4 8f 01 f7 31 f0 3f f3 3b c0 8f 21 d6 1f 7d 71 ac d9 e4 6e d9 d3 e4 db 58 af ef 7d bb b5 af 90 7f 11 01 e8 b0 30 1d 37 a8 34 7f 36 ed a9 5f 7c 35 a1 7f 41 35 a1 b7 a3 d6 7c 8d 17 4c be bf b2 fc e8 da 7d 18 98 df 7d 88 bc ea ab d6 b8 ea 7d 6c 60 29 e3 18 9a 3f 12 f5 51 b2 32 d6 60 4f 7d 68 bc 4f 7d 98 60 70 ce be bc 22 13 68 60 75 90 7e 9d b2 55 e8 55 6c c2 65 97 01
                                                                                        Data Ascii: ZgZ~a 3rPa `nM(@Oh.S9m_hj1Vut-(`-V\QFp:oVll^h3{joD`]v^!-`1?;!}qnX}0746_|5A5|L}}}l`)?Q2`O}hO}`p"h`u~UUle
                                                                                        2023-09-15 03:49:52 UTC880INData Raw: fc bd 08 6a a8 b5 2b 42 b9 fd af 98 c1 41 b7 df f8 bc e4 cd 81 bc 35 21 b0 c8 67 a5 b2 fd fb 11 59 93 9a 72 bb f9 ae 13 b0 9e 32 0e bb 5d 7e 14 bb 33 63 14 bb 62 6d c2 ba b9 b6 53 c8 8f 10 a3 ba 3f 6d 4c ba 2c 23 11 e4 5c 6d 20 d0 60 2b 56 08 6d 7e ce fd 15 8f 02 61 bf 81 c3 a9 56 6b ca 72 64 a3 13 83 4d 12 54 33 f0 5b ce b8 65 e2 17 4f 96 a1 98 8c bf 6c 63 b0 fd 6b 9a cd fd e4 87 cc be cf 09 f8 4d 76 66 fc 8d 69 53 3b 7d 67 90 51 bc 1c 04 f8 78 1e 04 fc 0b 76 d7 cd 75 6f 16 38 98 6d 5e a8 c2 6e 5e e4 63 ae ca b8 76 ec d1 a8 be b6 90 d5 b1 7f 12 78 bd 7f 0d a0 60 35 e3 f9 ad ed 49 40 b2 ea a3 18 d4 e4 13 e5 b5 6c 4e 04 36 22 d7 38 bc 22 77 3b d0 7b 12 38 8e e7 1c 3d 97 ef 12 51 4d 68 60 97 bb 85 63 b8 c2 40 9a f5 65 84 10 3b 7d 6c d1 97 34 32 47 cc 93 2f
                                                                                        Data Ascii: j+BA5!gYr2]~3cbmS?mL,#\m `+Vm~aVkrdMT3[eOlckMvfiS;}gQxvuo8m^n^cvx`5I@lN6"8"w;{8=QMh`c@e;}l42G/
                                                                                        2023-09-15 03:49:52 UTC896INData Raw: 33 ef 7f 52 93 bd e4 17 41 36 23 ea bc ef 24 32 8b 3b 6f 5f f8 91 39 40 99 bc 37 12 78 b9 3d 42 e8 42 3b 37 c0 bd ec d4 b9 86 12 1f c4 7e c3 20 78 38 7b 53 d3 df 0f 24 81 7d 7a 1b b7 33 81 53 e2 60 2b 37 c8 b5 e2 1f cb 7c 58 9a e4 99 2b 32 38 e3 0f 9e f0 bc ef 4f 41 b9 8e 73 b9 f5 60 9f 69 fc 5d b3 6d 3d 4f 03 84 30 7b d6 19 28 e2 2f ab 3d e2 17 cb be a9 10 7a bd 6c 93 d8 34 13 37 f8 be 91 d3 bb 9f 1f d1 bc c1 4b 4f b8 87 27 90 b8 7f 7f d2 57 bf e2 0f 05 24 6d 15 b4 08 ae 13 b8 b1 3b 90 3b 81 ef 13 33 e1 4b 2f 65 be cf 13 38 fd 1b 23 60 74 b2 00 5a bc 2d 08 18 bd 33 ce fa 45 6b 11 c8 bd b2 49 40 64 af cf b2 60 67 00 65 a7 8f 13 f2 b5 b2 03 d8 60 35 1b 53 a5 89 17 ba bc 1f 13 65 bf b2 08 65 ff 67 ce 18 a5 6e 5f 9c fd 0f 13 e4 dd 6f 17 c8 3e 8f 9d 98 be ae
                                                                                        Data Ascii: 3RA6#$2;o_9@7x=BB;7~ x8{S$}z3S`+7|X+28OAs`i]m=O0{(/=zl47KO'W$m;;3K/e8#`tZ-3EkI@d`ge`5Seegn_o>
                                                                                        2023-09-15 03:49:52 UTC912INData Raw: 9f 8d ed 34 89 be b9 97 a4 bd 6e 10 73 86 a8 6f 5b 38 47 fe cd ad ef b6 ac 3f 06 90 ec fd 4b 0b b8 8e bd 28 39 e0 e3 d3 fd 42 90 ec 8b 7d 6f 4d 39 0c 61 33 39 35 ee a6 38 d6 5b 1c 3d a4 66 93 b5 e2 34 93 a3 b1 31 4e a9 fc 6f 97 81 b9 4b 67 a3 3d d2 98 b8 e9 4b 23 61 55 5c d3 66 b7 9e 93 17 b9 ef bc a2 3e ab 1f 58 7f 4b 13 61 53 ee 1f 39 b4 ef 1e ef 3b 65 97 0f bd bd 0f b8 92 77 13 a9 a9 fd 43 b8 bb 7b 42 38 bb 7b 41 bf ba 6f 41 e8 42 7a 7b f7 b0 7f 14 fc d4 ae 74 38 b8 3a 44 8b 74 5c c3 47 6c 87 2a f8 9b a8 53 de 3c 55 5e 78 bc 7f d2 b9 fd 5c 12 b8 bd 38 1b 10 b2 eb c0 f9 da 6c 91 ca 9d 6e 7c 1c 36 90 d1 df 8e af 50 d0 2a 6e 5b 99 7d 49 38 68 86 85 93 df 68 44 13 52 be bf 9e e2 43 54 d0 39 3d 08 37 c7 8a e2 77 9c 7a 0c 13 b1 b2 d8 3f fe be a2 90 ba 7a e7
                                                                                        Data Ascii: 4nso[8G?K(9B}oM9a3958[=f41NoKg=K#aU\f>XKaS9;ewC{B8{AoABz{t8:Dt\Gl*S<U^x\8ln|6P*n[}I8hhDRCT9=7wz?z
                                                                                        2023-09-15 03:49:52 UTC928INData Raw: 3a 5c 51 db 81 a9 ab 2a 8a c0 e4 bd 7e fc 37 63 81 bd 55 0f e8 bc 6d 42 b9 4d 2b 1c 07 bc 1e 77 8b d8 6d 49 d9 bf 75 2b ee d8 53 12 e2 6e ea 37 b9 c8 79 b4 69 b4 fb 96 98 cd 5e 57 8b 7d 8f 28 50 b2 ea a6 89 b4 4b 23 b9 c9 38 e2 3b 1f 7f d3 bb ed 5f 12 ec 4c 57 98 e2 7c bf 13 e0 9c 5e 72 ba e1 0f 11 f0 16 be 17 f8 bc 0f 03 b1 d9 0f 27 d0 ee 53 b9 d4 8f 2c 63 f8 89 1b 63 bb 85 1e 92 ad 4d 6f 6b 19 bc 13 43 bb 81 7e 87 2f 7e 23 50 a2 ff 0b 9f 3a a7 5c d3 68 9d 92 22 ee 4b 8b 09 89 c9 cd 0a 1e a7 c8 08 1a a1 7d 28 1c a7 e3 98 7b 82 47 12 2c 9e fd 06 2c 99 60 96 eb ce dd 07 61 03 81 a5 b5 82 62 29 b5 48 63 c3 a9 a5 50 1e 2b 82 62 2c b5 bd 6f e7 b4 38 99 01 fa 17 77 0b fa f1 3f 2c 18 ae 2d 00 58 bd 29 47 b7 ff 6e 51 4f 96 6c d3 bb 36 87 af 9c 19 6e 51 a7 bf 51
                                                                                        Data Ascii: :\Q*~7cUmBM+wmIu+Sn7yi^W}(PK#8;_LW|^r'S,ccMokC~/~#P:\h"K}({G,,`ab)HcP+b,o8w?,-X)GnQOl6nQQ
                                                                                        2023-09-15 03:49:52 UTC944INData Raw: b1 3d f5 42 bc bd 6a 53 31 ed 6b 3a 38 ac 53 ce 3a 6a 63 93 6f e6 b2 9e 38 6a 7b 96 0c be 6f 90 54 ad 6e bd 19 bc 4d 9e ec 3c 93 93 bb a5 ef ae a4 e8 39 92 15 3c d1 13 b6 91 38 98 a0 45 60 bc 38 1a ef a9 98 8e bd 06 3b 7e 96 13 bb a5 af 13 84 36 87 16 3e dc 43 93 d9 d1 4b 27 b7 12 c7 fb 31 d1 e8 72 8c 3c 0e e1 b8 f2 e5 40 78 e7 43 d3 e6 50 11 03 fa e1 4d 3a fc 84 aa 6f 48 fd 76 37 bb ee 2f 71 7b e6 6b 9b 38 a9 4b 13 81 91 7f 6f 68 54 d8 10 d1 99 e4 fb 98 b2 c0 7f 9c 81 2f 73 94 16 7a 11 e7 c9 ef 58 d4 fd 56 7f 9c a1 d7 1c 35 2c 2f 1a bb dc ef 51 84 3d 3d 19 8c b9 0d 3b b8 df 39 98 70 b2 4f bc 72 30 53 98 7b c2 43 98 12 b2 2e 70 a0 fc 0c de fc de 86 92 ab 88 2d 70 f8 fb 0c 53 39 a4 ee 00 35 b1 bd 86 39 37 6c ea 32 db da 52 9d bd 42 89 8c 3c 17 12 38 c1 ed
                                                                                        Data Ascii: =BjS1k:8S:jco8j{oTnM<9<8E`8;~6>CK'1r<@xCPM:oHv7/q{k8KohT/szXV5,/Q==;9pOr0S{C.p-pS9597l2RB<8
                                                                                        2023-09-15 03:49:52 UTC960INData Raw: 3b 47 6b 1c 34 13 ee b3 a1 30 63 6c 35 b1 e1 22 14 35 e2 1f 46 7c 01 9e b4 03 0f 13 b8 99 ec d1 44 36 a2 98 7f be 6f 32 f8 92 44 dd 3b 7f 6e 98 ae 63 2b 3a 48 b6 47 f3 be ad e4 3f 60 a4 44 38 69 d0 af 13 80 7d 6f f3 b6 7b 57 11 b9 cc 41 37 61 5c be 3d 3a a0 34 d9 b9 6c c7 2f e9 ac e2 12 90 6f 77 2b 6c 63 ae d3 d2 57 1e 04 80 3c 69 e1 ab 3f fa 27 f5 8d 54 d9 c5 8e df 30 ba 9d 8f 11 88 36 ae 1c 17 7a 77 38 56 30 3f 9b c9 b1 6b 95 93 bd b6 98 b4 95 44 1b bb 7f b0 63 4c 9c 63 33 bc ed 67 f3 bb 55 4e 10 a8 24 e1 07 99 fe bd 77 a9 a0 60 96 54 9c 77 2a 39 fe 57 4d 2a fe 81 bd 47 89 3e 06 01 bd e4 5f 9c a9 3d 98 ec 99 6f 07 e8 36 2b 37 ac ec 3d 13 e8 42 7a 77 e9 b0 7f d1 a0 a1 6f df b8 bd 6f 8b b0 64 81 13 79 55 6d 90 c4 99 77 13 b8 b2 eb dc b8 bd 6f 40 33 bd 33
                                                                                        Data Ascii: ;Gk40cl5"5F|D6o2D;nc+:HG?`D8i}o{WA7a\=:4l/ow+lcW<i?'T06zw8V0?kDcLc3gUN$w`Tw*9WM*G>_=o6+7=BzwoodyUmwo@33
                                                                                        2023-09-15 03:49:52 UTC976INData Raw: e0 dc de d4 38 fc 37 7a 59 12 e6 83 fa e5 ef 52 e0 9f df 93 63 fc 37 91 08 3d 2e 4b 5a 0d ef 52 e0 ff de 75 38 fc 37 b2 09 7a ef 51 e0 9d df 9a 62 2d 2d 4b 38 fc 37 71 08 3d 2e 4b 7a 0d d9 93 99 91 fd 4b 38 9c 43 d1 e0 3d 4e 3f 21 4c 37 d4 38 9c 43 22 e0 34 ff 31 94 0b ef 32 94 ef 37 93 99 91 ed 4b 38 9c 43 7e 0a e5 ef 31 94 5c 37 93 9a 91 7f 4a 7f 1b ef 32 94 ec 37 9a 28 9f 43 93 99 91 02 61 e0 3d 4e 3f 1a e5 ef 32 94 6f 37 93 23 9c 43 11 e1 3d 4e 3f 89 e4 a8 93 99 91 06 62 e0 34 ff 31 94 3d 4e 3f 2a e5 ef c8 99 91 ad 4b 38 9c 43 e1 e0 3d 4e 3f 9a e4 09 93 99 91 3e 4a 7f 3d 4e 3f 29 e5 e6 c9 28 9f 43 93 99 91 dd 4b 38 9c 43 f1 e0 0b ef 32 94 af 36 93 99 91 2d 4a 38 9c 43 12 c1 e4 3a 98 54 3e 8b eb 39 bd 83 a7 bb bd 6f ca 56 36 6f 46 b0 36 2a 03 61 7d 3c
                                                                                        Data Ascii: 87zYRc7=.KZRu87zQb--K87q=.KzK8C=N?!L78C"4127K8C~1\7J27(Ca=N?2o7#C=N?b41=N?*K8C=N?>J=N?)(CK8C26-J8C:T>9oV6oF6*a}<
                                                                                        2023-09-15 03:49:52 UTC992INData Raw: 31 af 6f 13 38 54 57 ea 47 42 07 9f f8 bf 6f 7b 48 7e 63 03 d0 11 a0 50 b8 bc ec 9a 53 e7 07 95 7e b8 13 12 7d b8 07 3e 47 42 90 f8 87 a9 07 27 3e bb 2b 9b b4 9a 07 00 3d 7b 6a 3f 78 b8 84 1c d0 b3 69 17 7c 75 a2 16 b2 43 87 4c 78 83 2e 52 b8 f1 4b 27 e9 55 9d 89 4e 9f 90 92 f2 ef 87 fb f9 bf e3 37 bc 8d 6c 51 33 cd ec d7 b0 e2 6f 4d e5 e6 5c df 50 52 ea 33 b9 bd ee d7 a4 7d 6a d0 74 bc 6b 13 ed 36 03 37 b0 38 82 1b b7 39 f4 d3 3e 3e 12 17 90 b5 60 96 29 ff 6d 07 b8 b2 eb b9 df ff 6d 0b f8 bf 32 51 ba a1 2f 11 92 ee 2d 11 98 fd 6d 5a f9 2e 2a 03 b8 ee e5 0b b7 03 a4 42 47 bd 7a b3 a8 b6 7f 90 7c b9 6f 96 78 c8 49 93 43 e2 1b 5b 99 d5 99 15 95 61 bf 13 b9 2d 7e 51 8f 55 c5 e4 ba 90 34 4e 7b fc 6f 1c 35 ed 6e 99 b0 bd 37 97 b8 74 1a e4 ee 96 ad 44 33 bf 97
                                                                                        Data Ascii: 1o8TWGBo{H~cPS~}>GB'>+={j?xi|uCLx.RK'UN7lQ3oM\PR3}jtk6789>>`)mm2Q/-mZ.*BGz|oxIC[a-~QU4N{o5n7tD3
                                                                                        2023-09-15 03:49:52 UTC1008INData Raw: 8f d7 af 17 28 ab eb 4c e6 5d 24 03 e9 55 24 80 f0 b5 87 d0 27 8c 69 4e e3 c0 7b 93 35 a9 4b 41 50 39 c5 71 b9 ea 4f 1a 89 c8 ce 0b 84 3d 69 15 c8 a3 6b 86 38 e4 6b 53 e6 91 1d 50 33 bc 3f 78 38 ec 87 36 43 42 90 4a b9 bc e7 98 79 7a 9e 11 b8 7a 2f 61 bb ff ac c1 c4 e9 4b 1b ee ac 04 1f 31 8f 39 07 e9 4d 17 f7 e8 4a ee 4c b9 5d 10 15 cc a0 05 17 50 e9 0c 23 9d 1f 5d 67 b7 7a af 94 48 f9 29 91 bc 1d 3c d1 a8 bd 5c d3 1e bd 02 e7 eb 38 ae 49 cc be 73 6c bb 7f 6d 17 95 ca 6c 17 1c ea 9c 44 79 9c 63 98 a9 bd e6 03 33 ec 6b 96 6a 34 ef 43 bc c9 6c 90 ba bc 29 11 95 ef 65 47 88 e7 cd 19 b4 2d 5c 98 76 29 a8 15 aa b0 29 01 b5 55 75 63 21 60 0e 16 b4 af 6c ec ba 40 6d f9 47 bf 90 11 b5 45 6d 99 58 11 98 11 3b c4 6b 13 b8 c9 7a 98 f9 b9 ec 13 47 bc 3e 13 80 bd 1a
                                                                                        Data Ascii: (L]$U$'iN{5KAP9qO=ik8kSP3?x86CBJyzz/aK19MJL]P#]gzH)<\8IslmlDyc3kj4Cl)eG-\v))Uuc!`l@mGEmX;kzG>
                                                                                        2023-09-15 03:49:52 UTC1024INData Raw: b8 96 30 4d b9 3a b6 da a8 60 77 4e e3 bd e7 ce e0 ad 44 d6 fc 65 2c c3 6f fe 3c d3 cf e1 4b 93 a8 64 ae 10 63 64 ad d6 fc 19 6c c8 38 a6 eb ad 36 f9 9f 96 fc bf bd 93 fc d8 e2 5c a8 7c 86 13 bc 36 be 9e fe fd ae f1 f8 b9 b2 53 78 b8 ef 53 b4 3e 4f fa b9 61 ef 73 b9 fd 2f 93 b8 61 2f b3 66 7e b2 93 f0 b4 2e 10 38 d5 ad 17 30 61 2f bb 11 3d 27 93 e8 7f 6b 63 7a b9 ff 93 3e 24 2f 5a 38 e5 ad 17 ba f2 2f 8b b8 35 6f cd 7c c8 c6 28 6b c0 44 03 33 76 44 d9 38 a8 ae fa ba bd e2 57 6e ad ec d2 b9 60 8f 53 48 3e af 33 38 b9 2f 04 f9 2d 2f cf f8 5d b2 53 50 3d 64 f5 ad 38 25 44 3f f7 a5 94 f2 60 37 0b a7 fa ff 51 3a 7e eb 93 74 3f 51 1c 17 70 6a 92 83 b1 ef 53 3b c1 4b 0b b8 b9 e6 5f 78 0a 1b c5 40 c9 10 37 eb ea 6f 6f ac 10 6e a7 33 44 5b 38 42 7c 2c 9a f8 b5 af
                                                                                        Data Ascii: 0M:`wNDe,o<Kdcdl86\|6SxS>Oas/a/f~.80a/='kcz>$/Z8/5o|(kD3vD8Wn`SH>38/-/]SP=d8%D?`7Q:~t?QpjS;K_x@7oon3D[8B|,
                                                                                        2023-09-15 03:49:52 UTC1040INData Raw: 3b 06 6f 15 64 f0 7b 90 7c ad 5c 13 71 3e 90 17 c4 86 e2 44 b8 41 ae f9 ba 3e ad 12 35 fd 29 03 35 b1 fa 13 b8 bd b6 13 78 3e af 33 3b 57 6e cf b8 f5 bf ce e0 6d b2 53 60 bd b7 da 65 e5 b7 ca 78 61 6f 5b 58 60 37 f3 65 fd 87 12 b9 a3 87 66 60 86 a0 6e a8 bd b2 17 76 3e ae 12 83 72 6e 13 9c e1 a1 eb c4 4d b2 cb b8 60 69 ca 50 61 ae ca 71 bd b2 0d 53 81 ec ec b9 60 6f ca c6 a9 e2 5c 47 3c 8e 13 47 42 90 0c 35 eb 67 10 b8 74 5c d3 33 47 9c b8 3b bd 94 12 c6 a5 e4 5e d4 be 6d da b9 bc e2 17 89 30 3c ec 28 60 7f 10 79 bd 18 66 4f bd 2a 13 ae 3e 02 57 b9 b2 e6 e0 b8 43 90 ec 33 f0 57 9a f5 bd 07 90 c5 c9 6f 1c 3c d1 6f 12 b8 bd e4 56 d8 36 22 13 c0 36 12 03 33 4d 44 66 b8 fd e4 c5 b7 12 be 28 48 bd e2 0f 6f 36 91 6e 81 96 67 d5 bb 7d 6e 12 31 f8 53 9e bc b9 a2
                                                                                        Data Ascii: ;od{|\q>DA>5)5x>3;WnmS`exao[X`7ef`nv>rnM`iPaqS`o\G<GB5gt\3G;^m0<(`yfO*>WC3Wo<oV6"63MDf(Ho6ng}n1S
                                                                                        2023-09-15 03:49:52 UTC1056INData Raw: f5 9d 23 10 f5 e5 54 90 f0 31 d4 53 45 42 90 9e dd 7d 0e 69 f5 9d 0b 20 75 55 44 d3 ea 3e aa 11 d0 b8 13 46 33 51 ec f7 40 bd ec ff fc 60 2a 1f eb eb 6f ce ec 99 73 98 cd b5 ea 53 4e ea a8 57 9c a5 2f 04 b8 3d e4 cd cc a9 e4 15 9d dc 1c 11 85 ff 1c 15 3b c3 7f 13 cd 9f 3d b3 f0 65 05 13 b8 35 53 42 a8 eb 87 44 50 be 1b cb 50 c0 cd 67 ba c9 40 7b 3e b6 1b 2f b8 c9 1f 79 47 55 81 d3 bb 3c d2 b3 cc 4a 4f cb a3 7d 4c d5 fc 30 b2 57 b8 99 4f 98 cb a5 b2 56 ac 3d e4 68 ac 61 0a 1f 33 9d 5d 91 77 3d dd 07 33 ae b5 67 18 bd 27 d1 9d 42 cf 2f 4f 7f 0d 7d fc 39 4b 0f 58 a9 47 67 b5 02 0f 11 b8 bd e4 e2 31 c1 4b 03 53 b5 41 98 70 bf 19 d2 40 be d5 32 9a cb 85 90 58 82 2e 37 5a be 6f 98 72 6e 8f 98 70 36 2c 23 bc 24 98 ea 38 ba 6e d4 a4 3e 4f eb bc b2 ea e5 79 ba 24
                                                                                        Data Ascii: #T1SEB}i uUD>F3Q@`*osSNW/=;=e5SBDPPg@{>/yGU<JO}L0WOV=ha3]w=3g'B/O}9KXGg1KSAp@2X.7Zornp6,#$8n>Oy$
                                                                                        2023-09-15 03:49:52 UTC1072INData Raw: b8 0f f0 35 58 9a 48 13 18 f7 74 34 b8 bd e2 34 b0 7f 01 8b c8 bd 6f 3b b8 2d 2f 18 90 7d c1 28 90 0d 6c 3b b8 bd da 98 90 01 02 af 90 bd 6f f3 8a 94 6f a5 0e 94 7f 1b 6e 55 46 63 95 97 8f 22 b8 81 45 13 b8 0a 45 13 ec bd 85 39 b8 0d 50 38 f8 15 6f 60 93 4e b1 b4 93 bd 6f 13 4a 96 9b a0 46 96 6f b3 f8 c3 43 93 af 09 43 e3 bc 90 6f 13 ba b0 42 8b 9c fe 42 12 88 37 42 b3 93 20 42 13 78 bd a9 3e b8 81 36 3d 68 50 6b 83 96 4d 42 3d 78 31 82 3d b8 74 9f 36 97 bd 6f 65 97 3d 73 ab 3b 92 6f 1b 17 0d 6f 13 b8 8d 6f f3 b5 8d ef 8d b8 fa 5f 13 1e 1a 5f 13 b8 bd bb 23 f0 a0 8d 23 b8 fd 6b 63 89 0d 6e 21 b8 c9 61 21 a8 cd f5 59 8a 8d 5a 21 f8 1f 4f bd 8a 96 e6 f8 08 bd 2d 20 b8 bd f7 6c 8b 3d 0c 37 8c bd e5 18 db 89 6f 13 04 89 6f 4b 86 76 5b 13 78 d9 5a 03 b8 54 cb
                                                                                        Data Ascii: 5XHt44o;-/}(l;oonUFc"EE9P8o`NoJFoCCoBB7B Bx>6=hPkMB=x1=t6oe=s;ooo__##kcn!a!YZ!O- l=7ooKv[xZT
                                                                                        2023-09-15 03:49:52 UTC1088INData Raw: 9f 0f e8 49 a3 a9 a8 c5 76 e5 7f 78 7b 0b 37 41 e2 1a ef 3e c9 91 6e c6 ea ed ae df ec ed 6c af fe e0 7b c3 4a cb 95 fb 29 fd 25 c3 cd b6 bc 32 78 0d 3f 13 29 eb 3f 48 e9 83 4f 37 b5 6e 0b 21 d8 ec 0d 43 51 e9 28 48 cc f0 db 1d ec dd 62 ab 51 ee 5f 51 f2 5d 3a 5b eb fa 3e e3 bc c6 70 ec a9 66 99 02 a8 9a 21 53 d6 cd d0 5c c8 bb 1f 5c 56 ec ef 5c f8 8a bd 99 f7 dd 65 73 a6 ad 7f 33 98 ea 0d 4a da 4d 1f 42 f0 9e 6f 47 c8 30 3f 54 e8 bd 5e 47 f3 9d 37 58 e1 f6 36 03 5b e8 24 cb eb f1 3f 03 bd 7d bb 46 0b b3 5f a6 90 e1 3a 4e a9 91 3a 63 f2 ef 0e 93 ea dd 3c 73 eb dc 4f 73 d6 7e 8a 16 88 87 4f 46 f3 ef be 88 4b cf d2 d3 ff ee 0e 47 c8 bb 8f 81 68 f5 38 93 94 8a 0e 28 f8 ec 9f 69 f5 ed 20 53 14 ec 3c 6d f5 cd e2 f0 fd ae 51 32 69 ed 04 e0 8c 9d 6b 5e ed 4d b3
                                                                                        Data Ascii: Ivx{7A>nl{J)%2x?)?HO7n!CQ(HbQ_Q]:[>pf!S\\V\es3JMBoG0?T^G7X6[$?}F_:N:c<sOs~OFKGh8(i S<mQ2ik^M
                                                                                        2023-09-15 03:49:52 UTC1104INData Raw: cc f2 19 5e b8 c5 24 6a f1 c4 28 6b fe bd 19 55 cc fa 1c 5b cb f4 6f 67 f1 c8 27 65 ff cb 4f 13 ff c9 28 66 f0 c8 27 67 b8 fa 1b 13 b8 8a 35 29 ea bd 2e 41 ea d2 4f 53 ea ec 6f 7c 98 82 3d 41 ca 9d 35 33 9a eb 25 41 ca 48 16 48 f6 bd 41 42 89 ee 5b 46 80 eb ef 2e ee fe 3a 5a ec f0 9f 68 b8 e1 20 71 f7 da 3f 7f e9 ad 00 40 cb 9d af 12 8d e9 57 03 ed 80 3a 51 c8 d7 23 43 ef bd 20 48 f6 dc 21 74 f7 d1 2f 42 c8 ee 1c 45 ce 4d 6c 45 b8 93 3c 22 e9 89 20 2b f6 3d 52 5d fb f2 26 43 f5 9d 2d 13 e4 e8 0d 46 df e9 03 40 a8 d2 3e 60 98 7d 6e 26 e8 85 6f 5c 85 f2 2d 43 f0 ec 23 13 ec ea 3a 48 ee dc 39 74 38 e8 03 40 c8 ec 1c 5d 48 be 6f 4f f6 96 3d 22 ec 88 3a b3 82 e8 51 47 fa 8e ee 41 48 26 6c e3 30 3d c6 43 e2 e9 0d 46 de bd 3a 79 ec d2 3d 60 f6 c4 4f 33 e8 93 3d
                                                                                        Data Ascii: ^$j(kU[og'eO(f'g5).AOSo|=A53%AHHAB[F.:Zh q?@W:Q#C H!t/BEMlE<" +=R]&C-F@>`}n&o\-C#:H9t8@]HoO=":QGAH&l0=CF:y=`O3=
                                                                                        2023-09-15 03:49:52 UTC1120INData Raw: ee 9d 6f 9c ee e9 38 5a b8 81 37 4b b8 83 4f 44 b8 58 3a 13 ef eb 37 13 f6 ea 3c 58 9c ed 39 12 0e ee 37 13 a7 e8 4f 03 ec f6 3e 45 39 eb 4f 43 f7 bd 3a 5c b8 bd 23 4a ee ed ee 93 bf ec 39 43 ec f2 3e 91 89 bd 3e 40 ec e9 39 46 98 f2 6f 42 e9 ef 3b 40 ee e9 39 92 38 f4 3e 4b f7 ea 21 45 38 c4 bf 44 b8 f1 37 92 2b f2 ef 06 b8 2d eb 42 e8 bc 4c 42 e8 ec 3e 13 f2 84 6f 0f e8 e8 ee 02 b8 8b ef 3b e8 bd ef 13 f3 e4 39 5c ea e1 ef 56 b8 ee 33 33 ed ee 3a 42 eb fc ed 23 f6 ec 22 40 f5 3d 0c 43 b2 e5 6f 8a ee 3d db 5c e9 f3 3c 77 f6 eb 6e 36 e4 e8 6c d5 39 7a 36 53 f3 ef 23 43 f5 f2 6f 0b e8 9d 3f 42 f5 e1 4f 11 38 ec 23 13 e4 9d 3f 42 ea f2 3b 5c 53 bd 06 13 23 eb 6f 61 eb bc 20 13 c7 bd ca 53 ee ec 39 47 ed eb 6f db f2 59 33 5c 3c 99 25 48 31 9e ef d2 3b 9e ad
                                                                                        Data Ascii: o8Z7KODX:7<X97O>E9OC:\#J9C>>@9FoB;@98>K!E8D7+-BLB>o;9\V33:B#"@=Co=\<wn6l9z6S#Co?BO8#?B;\S#oa S9GoY3\<%H1;
                                                                                        2023-09-15 03:49:52 UTC1136INData Raw: b9 93 41 3d 7a bc 17 c3 9d 8d 5d 6b 7c f4 18 93 b2 fd dc 2c fd ca e6 5f 7b 2c 6b 15 7c 1a ac 17 db d2 71 7e 79 82 bd 6c 3d 88 8f 15 dd dc 02 2f b8 fe 2c 16 5b fc 6e 72 f8 d6 00 64 47 bd 2d 13 e1 dc 4a e5 bf 3c 52 13 b8 5c 52 d7 d0 0c 59 2d f9 9d 1c 53 ac 3d 09 4c 7a 86 ef 33 ca d8 1c 76 ca cb 0f 1f 30 c9 0e 74 5d e2 2c 7f d7 3c 6b 90 fa bf a7 61 d1 d3 0c 7f cd 1d 04 1b d9 d3 16 72 f9 cf 06 71 cd a1 1b 76 39 8a 8e 5b 59 89 30 7a dc a0 9d 24 82 65 58 a2 8f dd 22 76 c0 c9 5f 61 d9 9d 0c 14 a9 5c 74 19 84 d5 4e 3e 95 bd 05 6b ba d1 4f 35 98 e5 42 3e 86 1d 5b 57 f4 ce 09 5f cb c1 4f 70 b8 ea 0e 05 b8 b6 ca 25 53 f3 4c 82 bc 86 0e 7e c8 dd 51 2d b8 fc 64 1c d9 b1 2d 1f f8 ec 0e 11 fc d2 1a 71 99 9d 4a 7b c1 cd 07 f3 bf 9a 42 ef 95 9a 4d 98 b0 8e 8b 3c dc 81 0e
                                                                                        Data Ascii: A=z]k|,_{,k|q~yl=/,[nrdG-J<R\RY-S=Lz3v0t],<karqv9[Y0z$eX"v_a\tN>kO5B>[W_Op%SL~Q-d-qJ{BM<
                                                                                        2023-09-15 03:49:52 UTC1152INData Raw: ba e5 3f 67 ca 8f 2b 10 80 c7 5c 17 a4 f3 6e 0f b8 31 6d 4f b8 a1 3d 6b dd dc 03 1a 94 bf 21 17 ae bf 39 40 c7 b9 39 13 b6 bb 39 17 ae bf 39 17 ae bf 44 41 b8 d8 1c 7b d9 cd 0a 5e d9 bb 1b 13 b6 be 28 5a d5 dc 08 76 39 bc 64 50 ca d8 0e 67 dd bf 61 d3 f0 d8 0e 77 dd cf 64 00 ba 12 9f 50 d4 d2 01 15 b6 bb 70 13 f6 b9 5e f4 be 9e 6f 01 b2 a2 21 57 3f 94 eb 1c 39 fd 6e 97 f9 ef 0e 64 fc dc 1b 72 43 3e 68 93 39 8c eb 62 3d be ee 4c 3a b8 ef 76 a7 38 6c 95 b1 3b 5e 98 8f 3d 4a 23 6f bc 6f 03 08 65 6e 03 d8 67 6e 1b a8 6d b3 93 bb 63 6e 03 48 f5 8f 12 a8 3d 7c 7e c8 3e 3a 7e b8 cd 3c 13 b8 d4 0c 65 f5 5d 06 7d f5 dc 17 93 b1 3b 6a 93 b3 bd 0c 65 f9 df 1c 57 d1 db 61 75 3a a8 eb 16 3a b6 26 7d ea dc 61 7d 3c 34 eb 16 38 b6 cf 12 ba ad 2f 43 ba bf 7f 23 bb 3d 6e
                                                                                        Data Ascii: ?g+\n1mO=k!9@999DA{^(Zv9dPgawdPp^o!W?9ndrC>h9b=L:v8l;^=J#ooengnmcnH=|~>:~<e]};jeWau::&}a}<48/C#=n
                                                                                        2023-09-15 03:49:52 UTC1168INData Raw: 80 42 57 0c 81 90 56 21 81 8a 56 6b 81 c0 56 91 81 14 56 bd 81 0e 56 c6 81 67 56 cc 81 b5 55 59 82 e8 55 8e 82 1f 55 b4 82 70 55 c1 82 6a 55 2a 84 83 53 50 84 b2 52 07 85 a4 52 2f 85 f7 52 5c 85 e9 52 b1 85 1a 52 bf 85 6e 52 cb 85 60 52 ec 85 b9 51 1a 86 85 51 71 86 d0 51 a6 86 07 51 ac 86 90 50 21 87 8a 50 48 87 dd 50 76 87 2d 50 86 87 27 50 13 b8 bd 6f 11 b8 fd 6f 13 b8 89 5f 2a 88 83 5f 4e 88 d2 5f 67 88 c4 5f 1c 89 a9 5e 0a 89 fd 5e 56 89 f7 5e 83 89 fd 5d 33 8b 9d 5b e3 8c 4d 5a 03 8f 6d 58 d3 80 6d 56 a3 82 5d 54 29 85 e7 51 c9 87 bd 7f 11 b8 95 6f 13 b8 87 5e d3 8a cd 5c 43 8c ed 5a 33 8e 9d 58 53 80 bd 56 e3 81 bd 54 f3 83 ad 52 79 86 37 50 13 b8 bd 4f 11 b8 d9 6f 13 b8 77 5f 39 8a 1f 5c b4 8b 11 5c a4 8b 75 5c de 8b 65 5c fa 8b 53 5c 14 8c b3 5b
                                                                                        Data Ascii: BWV!VkVVVgVUYUUpUjU*SPRR/R\RRnR`RQQqQQP!PHPv-P'Poo_*_N_g_^^V^]3[MZmXmV]T)Qo^\CZ3XSVTRy7POow_9\\u\e\S\[
                                                                                        2023-09-15 03:49:52 UTC1184INData Raw: 38 c2 ef ec c7 3d 10 93 c7 3d 10 93 c7 3d 10 93 c7 3d 10 93 47 c2 ef 6c 38 c2 ef 6c 38 c2 ef 6c 38 c2 ef 6c 38 bc 15 93 fc 01 6f 8f 84 1d 53 b7 84 15 53 13 14 81 df 2f 0c 81 d7 2f b8 01 53 d3 84 79 53 db 84 bd a3 2f 68 81 bb 2f 60 81 6f cf 84 5d 53 f7 84 55 53 13 54 81 9f 2f 4c 81 97 2f b8 41 53 13 85 b9 52 1b 85 bd 63 2e a8 80 7b 2e a0 80 6f 0f 85 9d 52 37 85 95 52 13 94 80 5f 2e 8c 80 57 2e b8 81 52 53 85 f9 52 5b 85 bd 23 2e e8 80 3b 2e e0 80 6f 4f 85 dd 52 77 85 d5 52 13 d4 80 1f 2e cc 80 17 2e b8 c1 52 93 85 39 52 9b 85 bd e3 2e 28 80 fb 2e 20 80 6f 8f 85 1d 52 b7 85 15 52 13 14 80 df 2e 0c 80 d7 2e b8 01 52 d3 85 79 52 db 85 bd a3 2e 68 80 bb 2e 60 80 6f cf 85 5d 52 f7 85 55 52 13 54 80 9f 2e 4c 80 97 2e b8 41 52 13 86 b9 51 1b 86 bd 63 2d a8 83 7b
                                                                                        Data Ascii: 8====Gl8l8l8l8oSS//SyS/h/`o]SUST/L/ASRc.{.oR7R_.W.RSR[#.;.oORwR..R9R.(. oRR..RyR.h.`o]RURT.L.ARQc-{
                                                                                        2023-09-15 03:49:52 UTC1200INData Raw: 8c 55 db 3c 2e 54 41 0b d9 70 5d 3e a0 5e 41 99 ae 5f 41 05 e8 96 73 29 ec 7f 40 12 e8 bd 55 89 02 fd 2b 37 a1 ce 6b 9b b8 ed 55 0b f4 99 75 13 28 bd 3f 99 e4 99 6f 08 82 6e 1c 15 32 67 e7 12 b8 f5 ec d5 b9 3e 03 37 84 bd 6e 66 3b 36 13 37 f8 36 6f 67 9c f9 e4 57 9c 91 ec 33 7f bc 54 eb 31 bd 2f 1c 34 bd 22 ec 47 42 60 a5 ec 99 6f 0a b7 0b 2b 37 a0 96 ad 33 21 8e ad 38 7a bc 4f 09 38 6d a6 ec 92 75 6e 39 ae b9 45 13 02 7f 71 15 90 aa 60 a5 6b bd 41 13 ab 93 72 12 a3 bf 78 13 e2 9d 6f 03 a4 36 6f 47 9c a1 05 13 ea ed 39 13 35 f1 4b 77 50 eb d1 12 ba bd 6f 6f 9c 36 03 37 f0 36 67 4f 9c 9d 6f 81 83 c9 4b 3b ba 34 6f 98 b7 31 e6 ed 47 42 6f 98 f4 99 23 90 fc 99 5f 13 dc 3e ac 12 83 e1 4b 2b 9a 34 6f 37 b7 31 2e 13 a1 d7 6e 12 b8 fc 37 42 33 72 87 32 6b b9 6f
                                                                                        Data Ascii: U<.TAp]>^A_As)@U+7kUu(?on2g>7nf;676ogW3T1/4"GB`o+73!8zO8mun9Eq`kArxo6oG95KwPoo676gOoK;4o1GBo#_>K+4o71.n7B3r2ko
                                                                                        2023-09-15 03:49:52 UTC1216INData Raw: 4d 39 3a 13 33 51 ec f7 40 3c 83 9f be b5 df 2a 2c e5 38 9a cc 99 4b 13 cd b6 5c d3 e7 e3 34 98 98 58 32 d1 b4 bd fd 47 cc a6 7c 82 c6 0f 68 03 9f 0c 68 90 70 42 6e 05 ba 36 12 03 3d 42 1b 48 f1 7d 61 f9 6c bc 5d 67 8b 1d 6f cc f3 6d 0b b3 b8 95 cf 13 5c 6c be 20 33 35 b7 fb 63 3d 6f 28 60 c8 5f 44 fc 55 af 20 b9 45 87 a4 89 bc 97 c7 cc a0 9e 16 b1 4c 6a fb 3c b2 75 15 b8 f8 63 96 78 c9 28 98 b0 bd 5c c8 3d 74 60 8d 7b 36 6f c5 33 ef 63 90 53 bc 4c 53 61 36 27 1b 83 77 ee 37 c4 bf 6b d3 e7 a5 e4 5b b4 36 2f 1b bc 8e bd 42 ba 7f ec f9 b9 b9 4c c2 49 25 e4 5a a8 86 ae 8b 33 4f 13 06 09 8d 4c 98 e8 3d 6d 6b a8 8e 99 63 db dd 6c 22 a3 6d 25 0b 98 86 b0 1c 35 9f 7f 0a 83 c9 26 b3 26 30 77 83 b8 d5 6f d3 a9 30 67 9f 9c 21 de 34 b8 ec 87 af 98 fa 6a 13 33 7a 4f
                                                                                        Data Ascii: M9:3Q@<*,8K\4X2G|hhpBn6=BH}al]gom\l 35c=o(`_DU ELj<ucx(\=t`{6o3cSLSa6'w7k[6/BLI%Z3OL=mkcl"m%5&&0wo0g!4j3zO
                                                                                        2023-09-15 03:49:52 UTC1232INData Raw: e1 38 76 92 ed 2c 76 37 38 ac 4b 93 a1 99 ef c3 9c ab e6 93 b9 3f 76 69 38 a4 52 34 30 be ee dd b8 bf 6f 67 e0 90 f5 91 b9 bd 6c 2e 3b 55 6c 67 9c 90 3d 96 39 7e ea 12 3d 96 46 d3 ad 55 ef 47 58 b9 6f 9a 3f 21 6e 3a 12 80 6a 15 a8 bf 41 97 79 b9 46 d6 bc e9 93 eb 79 b9 ef d2 bc a8 aa 17 50 b4 af 17 50 ae 6f 03 3b 45 5d 9a bc 3a cf d2 c2 30 97 10 b8 bd f7 7a 78 75 af 11 fb b9 86 f4 b8 b9 c7 3e b8 2d 2f 32 86 fe 4e ec 79 b4 43 96 c3 3d 6a 11 a9 1e 6e 02 76 62 7a 52 99 19 ae 18 0f bd 69 79 ab 30 3f 54 f5 e8 3f 54 3a 1f 6e 16 bc e9 3a 44 ff b9 ff 53 bc 65 ad 30 67 3d 8f e5 7c f9 60 99 c7 b8 7b 11 ea bd 7b ce e4 99 7f ce bd fd d7 34 be ad 87 72 78 9a b6 43 e4 99 77 ca b8 13 b3 53 01 55 cd 57 b9 b9 87 cd 49 f9 5c 54 78 b0 ab 2e bb 3d 45 1c 37 f3 ed a1 39 bf ab
                                                                                        Data Ascii: 8v,v78K?vi8R40ogl.;Ulg=9~=FUGXo?!n:jAyFyPPo;E]:0zxu>-/2NyC=jnvbzRiy0?T?T:n:DSe0g=|`{{4rxCwSUWI\Tx.=E79
                                                                                        2023-09-15 03:49:52 UTC1248INData Raw: a8 b3 3e 1d 6b c3 3b 83 1a 4b 3e bb 81 f8 07 e2 e9 12 1c 33 cf 0f 12 fb 05 8d 66 4c c5 3f 20 bd 4e 38 30 6e e7 c0 47 61 b2 c2 20 6f f7 69 c9 ec ad f2 7e 11 59 f3 30 6e 37 f3 e0 5d 37 f3 e0 5d 47 32 21 4c c5 e2 12 4c c5 e2 12 4c c5 e2 12 4c c5 62 30 6e e7 c0 30 6e e7 c0 3f 6e 49 ed 6f 42 c5 4b 86 32 89 e5 12 83 47 c1 90 6f 09 85 90 6f 85 db 44 86 d8 bc 99 b5 c1 cd 5b 3f 21 3e ea e8 1e e5 dd 33 ec 99 4f 41 08 9d db 0f cf 0e 4f 05 c9 94 5d 38 ec 8d 44 ec 4b 96 5f 39 88 96 ef 39 89 91 9f 13 48 97 df b3 35 8d 44 0a 89 1c 1d 6e 50 61 f0 2c 93 78 5e 38 d3 0c db 9f 9c 89 bf c0 c8 69 ef 20 74 0d 6e fb 45 3f 4a c7 39 45 b7 92 54 b1 63 13 b8 d9 b8 93 cd b7 5d d3 e6 3c ab 02 b9 fd ac 40 ed ea 07 13 e8 f1 e2 9b 3c 99 4f 41 c7 ed 87 d7 38 b1 3e 20 b9 f1 4b 3f 19 3c dc
                                                                                        Data Ascii: >k;K>3fL? N80nGa oi~Y0n7]7]G2!LLLLb0n0n?nIoBK2GooD[?!>3OAO]8DK_99H5DnPa,x^8i tnE?J9ETc]<@<OA8> K?<
                                                                                        2023-09-15 03:49:52 UTC1264INData Raw: ae 55 18 ea a9 0f 1e 7e 8b 66 60 04 90 55 66 39 e8 8f 67 0b b8 aa 87 12 af 04 cd e2 be aa 77 fb 34 6d 78 1c af 2d 6e c3 b4 d6 be 11 6c b1 77 c1 b4 d2 2f 1f ea be d9 2d fc b9 78 c1 b0 b6 78 22 b3 bd 78 ec ac aa 6e 04 59 d1 6b 04 83 b8 78 39 d2 bc 4e 33 ae e9 4b 33 ea dd 1d 9f b0 b4 8e 5f f8 be 3c 04 9c 55 23 1a 6d e5 78 c5 ec aa a7 51 bf 4c 0f 15 ea aa d5 0f e9 aa 0c 80 ad c2 65 63 b2 7a 8f 1a d5 9f 6c 1d 38 bd 3f 04 eb ea 78 d3 81 55 23 ab 19 5f 7d 42 e3 80 f2 b1 b8 fa 2d 40 08 bd 5e e6 47 42 cf 38 e6 ad 7f 6d 8b ea 2d 4d c6 9f e4 27 47 ee 3e 4f af 1d 2b 43 ba b6 05 21 b8 5f 6f cb 4e 8d 3e e1 e9 c1 8f b2 a9 b7 31 03 c4 72 8d 53 7b 1d 53 02 44 89 e4 52 84 a7 6e 98 39 15 bc e9 00 4d 70 55 b7 4b 70 42 01 a3 5f 37 ad 39 71 ea 08 fa 4b 63 87 b7 e4 94 89 6c 6c
                                                                                        Data Ascii: U~f`Uf9gw4mx-nlw/-xx"xnYkx9N3K3_<U#mxQLeczl8?xU#_}B-@^GB8m-M'G>O+C!_oN>1rS{SDRn9MpUKpB_79qKcll
                                                                                        2023-09-15 03:49:52 UTC1280INData Raw: 73 ec 61 32 bb 1d 62 0b bb 6a 64 93 b9 5d 60 e9 f8 8c 6c dd bb 44 87 93 84 92 ef 1c 04 ce 61 03 b7 ec 24 9e ab b2 c7 82 b8 2d 3e 1c 34 23 fc 13 b5 ad 60 87 29 85 ff 17 33 47 60 bc b9 dd 6b 10 41 38 bd d5 bc 92 8f 12 c6 94 e2 69 c8 b2 7d 12 b9 b8 6a 03 b4 c1 7f 1f 7f 42 e6 27 7b 39 e6 6f c7 b2 15 12 83 c0 1d 1c 8f ad 6c 61 b7 e7 6c 12 e7 be ef 12 98 36 6d 6c cc b2 95 90 51 bc 6c ea cb 4d 64 a1 b3 39 2b 32 b7 3d 61 82 32 f1 4b 37 a4 6c 70 66 be ee 4f 28 70 c5 60 96 4d 0c 41 f2 bb fd 4d 83 a9 99 34 b3 ba 7c 4a 27 99 d3 6f 15 4a 8d 4e 27 e9 bc 4b 1c 34 04 3c 22 94 ed 69 53 9f 6c 14 72 f0 ae 47 9f c6 1d 6e 90 7d e5 6e 90 45 2c 30 e3 c8 bd ce 11 d4 ec 9d 3d f4 86 86 73 bd f5 1f 12 a8 ed 10 5c 33 ca bf 67 4d 0d 7d 43 a8 36 ad 6c 8e 3c 22 9e 94 b3 6b f8 bb 4d 4b
                                                                                        Data Ascii: sa2bjd]`lDa$->4#`)3G`kA8i}jB'{9olal6mlQlMd9+2=a2K7lpfO(p`MAM4|J'oJN'K4<"iSlrGn}nE,0=s\3gM}C6l<"kMK
                                                                                        2023-09-15 03:49:52 UTC1296INData Raw: bf 30 6f 47 9c 81 3d f8 bf 30 2b 27 9c 81 8e 09 a9 59 71 bc 98 ad 87 37 cd 35 cb 33 04 3a ee 54 51 4d 6f ee 47 42 ff 81 23 bf 7f 33 a8 21 6d 03 39 8d 6f 13 ba 0f 6d 33 b8 bf 6e 23 b8 b4 6f 12 48 80 c1 48 41 80 7e 31 4f 80 9b ec 85 b1 98 2e 3a 4c 9e 65 bc c9 0c 79 b9 ac 6f 32 59 ad 3b fb 74 2e ed 1b fc 34 cd af 3a 85 87 ff 5c 6f 42 55 89 bc ef fb 07 5b 91 ec 3b 7b be 3e 52 b3 be 3e 7e 68 42 57 98 b0 be 11 9c b0 f5 57 9a b0 cd 83 b4 ef 6c fa 3e 6c 42 57 51 b8 6f 11 81 03 db 03 b1 c9 ff 35 33 3b 1f 82 fc 13 17 42 b8 31 e1 67 69 97 cf 87 33 3b 13 82 b8 b5 03 37 88 ad 55 37 53 a5 e4 33 f6 b1 e4 45 a8 0d 6f 23 33 9f 86 03 91 c1 4b 27 78 ff 4b 98 98 77 54 d2 33 65 ff 28 ac b2 6d 9e 49 bf e4 ea 93 45 44 97 d4 99 47 f3 bd 9d 6d 2b 59 81 6a 31 53 e9 6a 83 d8 99 57
                                                                                        Data Ascii: 0oG=0+'Yq753:TQMoGB#3!m9om3n#oHHA~1O.:Leyo2Y;t.4:\oBU[;{>R>~hBWWl>lBWQo53;B1gi3;7U7S3Eo#3K'xKwT3e(mIEDGm+Yj1SjW
                                                                                        2023-09-15 03:49:52 UTC1301INData Raw: 38 e6 7d 3b 99 0d e4 eb 98 be 4f 9a c4 d9 4b 47 f8 be 43 cb 99 e6 2f 17 61 bd af ca 50 61 86 ca 73 63 cb f2 65 1f 66 cf 71 7f ff 4f 18 bb 59 47 59 b8 ed 00 fc 9d 5d 71 bd 63 8a b2 78 2e 8b ca 73 65 0e 17 94 df 6a 99 24 bf 32 cd b9 bf 4f 67 e6 7d 6b 13 e4 36 a1 ce e4 99 2b fb ac 9a a9 e1 72 b0 ce 1f 33 73 b3 2b d4 99 2b f2 b4 dc 7e d1 bd 55 aa b0 6f b8 eb 16 94 d7 6f 93 d0 05 ee 7b 98 67 05 ed 47 eb eb 12 7f 39 63 37 7c bd d4 12 b8 55 6d 7f 46 e8 ee b6 53 3d 66 43 58 bd bc f3 b8 b2 cf a4 70 ec 38 40 d8 b8 ab 12 bc 3d 0e 62 46 42 07 13 b9 3f e9 39 3d fd c4 43 b8 be d3 12 bb b5 5b 12 7a 11 1e 08 47 42 eb d3 cc d7 63 d3 ba 09 ae 11 59 5d 6e 93 27 dd 6f 20 63 86 ac 67 b0 36 7f 13 31 e9 4b 53 53 ae df ec e8 35 2b 37 fa dd 6f 52 d8 bd 2f 43 7e f9 4b 50 f9 8e 43
                                                                                        Data Ascii: 8};OKGC/aPascefqOYGY]qcx.sej$2Og}k6+r3s++~Uoo{gG9c7|UmFS=fCXp8@=bFB?9=C[zGBcY]n'o cg61KSS5+7oR/C~KPC
                                                                                        2023-09-15 03:49:52 UTC1317INData Raw: b9 c9 43 73 b5 a4 67 98 3e 31 8e 51 78 c8 6a ab ce ed cf 1d 58 99 67 d6 b6 dc 40 13 94 35 4f ed 47 42 84 3d 7c bc 1a 1c 97 fc 5f 72 84 3f 7d 73 ad 85 0d 06 6b 64 66 90 be f3 07 73 b8 d1 4f 1c 0e ab f9 d2 31 dd 35 39 78 bd e4 9d 58 2c 0f 16 30 2b 67 51 ba 2b 48 d3 b8 35 e7 95 b2 1d 6f 99 3e 94 8e 25 ac 03 6f 31 ba b6 cf 13 84 b5 e6 03 b7 35 f9 1a ba b8 af 61 b0 bd ae fb bb b2 c0 d2 53 b4 7e 93 b8 3e af 14 18 bc e6 95 bc be 6e 19 9a f8 e5 1b 3c 74 1b 0f f0 36 f9 fb 1a da a6 42 d8 91 3d 13 3b 7d 6e 43 ef eb 87 97 7a d6 ae 29 ac 36 e9 cb ba 98 8d 59 73 5f 6b f2 bb ec 2f 30 db e0 6e 17 18 d6 6f 23 ba bd 6f 17 cc a1 ef d7 06 85 6f 12 f8 c8 7c 50 b3 7f 67 9b 50 43 b5 11 2a 3e 11 63 98 a3 27 e4 fe d1 6f 17 b8 c9 6f 6a fe af 86 1a c1 c9 23 92 c0 c9 29 93 2a 03 8e
                                                                                        Data Ascii: Csg>1QxjXg@5OGB=|_r?}skdfsO159xX,0+gQ+H5o>%o15aS~>n<t6B=;}nCz)6Ys_k/0no#oo|PgPC*>c'ooj#)*
                                                                                        2023-09-15 03:49:52 UTC1333INData Raw: f1 bc 44 90 79 8d ef 83 9c 8c 43 98 98 e5 1f 45 35 0d bf 1e b8 05 cc 53 cf 4d 02 57 9c 8d 5f 13 8c 6f 4b 51 07 4c 77 9a cc 99 47 03 b9 85 3a 23 b8 81 df 70 f8 8d 6f 57 38 ba 27 02 d9 b5 60 97 57 9d 1c 96 4e b2 6b 97 5f 1c 1c 47 2c 8d e4 15 b8 b2 d9 65 b3 e8 e4 fb b7 f9 c0 f9 d8 33 5f 98 6e 5d 5f 9a 78 d1 4b 37 b7 39 c2 72 0f 0c 5e 11 1a 1d 6c 38 6f 30 12 ec cc bd 1d d2 56 be e2 4b 47 b2 6f bc 46 b2 c0 cd bb 64 6c 9b 41 38 af 16 93 b2 e9 4f d8 bf 6d 45 18 fb 3b 40 e8 55 35 67 bd cf 39 2f f9 3d af 6d 99 36 87 63 53 be e2 5a 68 bc 7f 6f c8 e6 53 10 68 bc ff 12 93 43 ec fe b9 c8 55 f9 08 8b 4b 72 82 2c 27 e3 83 96 b1 97 83 bf 2e 22 ca 0e 86 19 a8 b8 6f 9e e8 42 be f9 69 52 6c 73 69 be 96 e4 7b dc 72 43 b2 a5 6f 67 8a 3e a5 ec 35 b1 ea b2 39 ba 44 c2 3b 73 df
                                                                                        Data Ascii: DyCE5SMW_oKQLwG:#poW8'`WNk_G,e3_n]_xK79r^l8o0VKGoFdlA8OmE;@U5g9/=m6cSZhoShCUKr,'."oBiRlsi{rCog>59D;s
                                                                                        2023-09-15 03:49:52 UTC1349INData Raw: 3c b3 de 73 dd 16 86 8e 98 b1 2f 1d fc 3d 4c b9 49 3e 4c 5b f8 bc 89 50 b9 f1 2f 12 be 66 ed 4e b8 ab 47 98 4a b2 e9 1d d6 7d 6a 32 29 df f0 d2 3b 7f 6e 3f 31 f9 2f 81 5a 38 25 f2 29 ff 6d 1b de 7c 8e 53 b7 75 60 a4 79 3c 0f 34 47 c8 76 1c 0e bf cf 04 b2 f9 4f 83 50 dd 6b ec 33 f9 ea 32 98 af 6b 5b 53 d6 ae 3b b2 37 6f 5c b1 35 61 99 ff b5 84 c3 e6 b2 d9 29 58 b9 23 30 2d 5d 6b 37 c4 00 8f 17 b4 f2 6f 1e 8c b2 67 a4 c7 b5 2f 0b b7 12 a7 ae ba 42 ef 0f 93 55 60 bc 45 30 7f 9f 81 bd ef 93 9b 7c ae fb 74 ad 6c 92 b8 bc 6b a5 40 7c 68 93 9f 3d 27 d2 50 b5 e4 1f 01 bd 62 11 f9 9c 7a 9b 9e 35 29 12 3b ed ad 17 3b 7b ca 60 f4 1c 43 b2 7b 0d 01 f4 ae 6c 60 95 28 bd 6e 63 ad ee 8d 05 ca 90 ae 10 4f b0 2e f2 84 84 47 75 79 5d 8f 1e 7f 1e 4e ec cd bd 66 75 33 fc 92
                                                                                        Data Ascii: <s/=LI>L[P/fNGJ}j2);n?1/Z8%)m|Su`y<4GvOPk32k[S;7o\5a)X#0-]k7og/BU`E0|tlk@|h='Pbz5);;{`C{l`(ncO.Guy]Nfu3
                                                                                        2023-09-15 03:49:52 UTC1365INData Raw: a9 fd 66 27 d9 9f 2c 2e 8c 51 1d d7 e7 80 2c 2e ba 82 fa 57 85 9e fa 2f f1 b9 30 2e fe 80 2d 20 f0 80 2f 1c 10 38 39 ed f8 80 03 32 98 45 ec 8b 9e 91 8f 32 f9 d8 5c d3 59 9d a9 12 f8 38 bd 98 45 cb 49 33 be f9 6e 73 b8 85 e5 15 32 aa bf fb a8 97 bf 9b a9 1e 6c 90 7f bc ef 90 d4 99 2b 12 cd 5b 0e d6 f1 7c 72 60 89 bd 67 07 93 fc 44 57 b0 b2 d9 46 38 7b 69 10 7a 24 af 38 7a 37 78 c2 40 58 69 d3 d8 8c 27 14 61 36 ec 72 b7 d8 29 93 b7 a9 eb fe dd fb 82 76 fe d1 4b 23 a3 dd 29 53 eb 48 cd 0d 95 20 11 20 33 96 6f 45 5c f8 6b f9 fd 45 8d 56 46 7c c5 fc fa 95 98 e2 31 b5 43 55 3a 9e 29 f9 98 9f 29 97 96 fb 5b ff 9d fb e4 b2 9d fb af 92 29 7f 38 ee ce fd 2f 09 80 b8 0f 13 88 5e e4 05 32 ba bf f9 a4 97 ad b1 3d 1b 48 36 9c 6d 84 14 8a 07 4d 37 68 bc 9f 22 38 ac 57
                                                                                        Data Ascii: f',.Q,.W/0.- /892E2\Y8EI3ns2l+[|r`gDWF8{iz$8z7x@Xi'a6r)vK#)SH 3oE\kEVF|1CU:))[)8/^2=H6mM7h"8W
                                                                                        2023-09-15 03:49:52 UTC1381INData Raw: 79 b4 6b 96 4e 05 94 d3 e5 c9 6f 08 33 7b 31 48 3b 79 57 19 7b bd 4d 0f 79 b0 3f 9a ab 55 e1 63 7b b5 6c 15 7d ee 2b 37 a8 7c 3b 32 78 b4 67 79 47 ed ef 10 b4 ec 7f 41 e8 55 5a 13 a9 3e ab 07 ba 7e ae 14 bc 36 a7 98 68 7c 6f fa b6 7c 85 1f bb 75 e2 0b fc b7 64 9a dc 31 08 df ee 30 66 11 1b 04 71 13 60 8e 99 98 47 bd 09 9a 88 3e af 17 3b 54 ef 12 cd 48 e2 91 30 b4 2e 15 eb 3d 68 59 bd c1 65 53 bd ae 2f 16 35 b9 0b 37 f1 bb e6 a1 14 ab 6f 43 b8 34 dd bb fa bc df 51 b9 1d 6e 53 b9 db a8 91 2c b9 6f 13 b0 bc 6f 4d 38 b2 3e 98 28 ed 47 07 b8 bd af 2d cc bd 76 bf 08 b9 33 18 58 b5 63 25 83 77 e6 01 d4 5d 2e 9c 20 7d 65 40 c5 89 7f 98 0c 35 0f 13 bb 36 c3 9b b9 5c 6c 1c 0f a9 d8 1c 0f a1 6f bc de 86 bc 61 aa c8 7c 03 32 29 69 4b f8 b5 55 87 90 bc ae 13 cf be ec
                                                                                        Data Ascii: ykNo3{1H;yW{My?Uc{l}+7|;2xgyGAUZ>~6h|o|ud10fq`G>;TH0.=hYeS/57oC4QnS,ooM8>(G-v3Xc%w]. }e@56\loa|2)iKU
                                                                                        2023-09-15 03:49:52 UTC1397INData Raw: 33 b6 67 98 a9 ee ee 89 bc 36 2c 17 bc 36 67 d0 18 bc 3c ec 69 36 7d a7 ba bb d6 33 99 b8 97 e0 1d 79 09 b6 f8 3a e6 56 f4 3c 48 53 ae b7 63 51 ae 3e 2b 05 a8 c1 e4 4c 9c e3 32 dc ad 71 3c 91 19 55 fa 82 19 dc b1 fb 86 bc 36 95 20 9c 4d 22 19 cb e4 85 30 fc 6e 12 9e 36 e1 30 fa bc 0d 47 33 fc 6b 33 b1 e3 e6 55 ba 5d 3b f1 01 ea e4 ad 59 bf ef 13 c7 ac 6f 67 b0 e2 d7 11 a9 bf d1 98 3e 29 0e 16 f0 b9 3c 92 5c c2 b7 90 50 bc 1b 5a 38 bd 6f 66 c3 85 28 07 7e fa 7e 33 b9 c9 4b 98 2e 3c 6b 2b fa bd 62 67 df 36 69 d4 f8 a9 2d 28 39 a4 61 98 a9 eb 4c 0d 7b bf 34 33 7a 36 29 6f 81 3b eb 0a b9 66 2c 9a 5a bd ac 11 38 c2 7b 53 b8 c9 60 fb 63 47 2f 05 7b 9d 34 d5 ff a9 6f 91 ba ad 6f 07 cd ae 2d 1a 9b f7 66 45 50 af 40 73 a3 db 65 f5 a7 5e be 95 79 aa a8 13 b8 3d 96
                                                                                        Data Ascii: 3g6,6g<i6}3y:V<HScQ>+L2q<U6 M"0n60G3k3U];Yog>)<\PZ8of(~~3K.<k+bg6i-(9aL{43z6)o;f,Z8{S`cG/{4oo-fEP@se^y=
                                                                                        2023-09-15 03:49:52 UTC1413INData Raw: 3d 6f 18 15 3b 9d ad ec de 34 7f f2 13 53 6e 07 cd 7b 9f 2d 83 3d 2b 6f 15 e3 67 4c e5 e6 99 55 ee 8e 99 20 ba 7d 4f bb 99 ea ec d2 a4 36 6f e9 28 36 7e 28 6e c3 64 13 3b c4 93 13 c6 b8 e2 52 f8 59 e4 e1 3b 7c 4f b2 1e 5a 04 27 f2 48 6d 08 48 bf 77 e6 ba 2d 6d fb 15 2b 6d fe 60 f1 9e 5f a4 ff c3 82 99 b3 6f 98 f2 a5 e4 03 eb 36 37 29 a8 1d 61 07 68 f1 ae 8d e8 23 6b 28 52 6c bf b5 b4 db ad 67 38 da 4f 32 c8 9b 2d 33 c8 88 47 1c 35 48 ee 65 42 f1 84 10 48 b2 5f 24 a8 86 5f 43 c7 bf 27 f2 e1 36 63 ab 33 6b ae 93 5a b8 6c c0 35 a9 3e e1 b9 bf 56 e3 7e 36 a5 98 7b c2 77 12 4b c4 09 98 a1 3e ae 11 de ad ea c8 cd 9f bf 87 83 78 11 35 56 6c 3b f2 f7 7f 2f 62 bc c3 a1 96 d8 87 54 a3 e1 c3 ca f8 b6 1d 79 75 88 5c 6e f2 82 34 55 91 af bd 0d 28 2a 7f 2e 14 c6 ce 5f
                                                                                        Data Ascii: =o;4Sn{-=+ogLU }O6o(6~(nd;RY;|OZ'HmHw-m+m`_o67)ah#k(Rlg8O2-3G5HeBH_$_C'6c3kZl5>V~6{wK>x5Vl;/bTyu\n4U(*._
                                                                                        2023-09-15 03:49:52 UTC1429INData Raw: cc b1 54 e4 b8 c2 67 28 70 c9 6b 98 46 b9 e4 c2 be ae 8c 96 6a b2 e3 11 3c bd 42 98 b4 2e 6e 1f 3b 3d 6e 7f 3c a5 ec af 3c bc 57 9b b8 30 e3 91 bb 7a 6b 80 b8 bb 4f 13 c4 a0 e2 88 39 be e4 12 b9 2d 7e 6e 51 bc 03 87 a0 34 cd 87 ba bb ec af 2c 3e 62 97 3a be 6f 1c 34 f3 90 ec 47 56 68 bb 35 19 4b 91 a7 bd e5 0c 3c 39 70 17 51 94 6f 01 8b 42 e2 4c 9f ad e4 67 04 a5 6f 44 9f 3e 91 03 98 c3 7c 98 b8 0d e4 03 31 bd 35 07 33 b5 e4 02 e8 42 6f c1 3b 79 6b 93 3c 89 4f 1a b8 2e 6e 9e 3b be 6c ee 39 42 fe 51 8a 7a d1 03 b8 a9 d6 0d 79 a5 4f c5 38 01 63 31 b8 ba 6f 65 be f0 2f 11 39 b4 6f 98 79 c8 7f 13 35 d9 4b 13 93 78 ef af fa b9 2d 17 cc 49 ef 97 fa b4 91 56 78 bc 4e 92 ac 3d eb 17 79 bc 6d 38 78 bc 2e 1b 47 f8 7e 9e 7b be 18 a0 b8 96 a2 38 4d c8 cc 93 04 bc 2d
                                                                                        Data Ascii: Tg(pkFj<B.n;=n<<W0zkO9-~nQ4,>b:o4GVh5K<9pQoBLgoD>|153Bo;yk<O.n;l9BQzyO8c1oe/9oy5Kx-IVxN=ym8x.G~{8M-
                                                                                        2023-09-15 03:49:52 UTC1445INData Raw: 00 68 af 18 9a 7c 64 77 79 b6 7d df b3 71 78 83 4c 36 25 e3 78 b6 9d fd 78 b6 f5 e7 79 b6 8d 53 ba 6d 2c 76 b6 7c 38 cf 1c 47 ae 6c 3a bf 2d 4e f7 3d 6d 50 81 df e7 53 be 36 e5 97 f8 bc 2f 00 1c f6 af 03 fe 84 f8 92 ae d5 d2 93 ae 3a 44 92 ae 79 7c 06 7f ae 65 d4 ab 42 62 46 6a ae 3b da ab fa ae 00 1c 5c 66 24 d5 55 66 d6 98 ba 8b 1a 02 ff 6e f1 b1 12 ca e0 b1 b9 86 1a 4f 50 8f 1a 58 5c 66 bd 5f 9d 6e f5 87 5a 66 79 5f b4 30 e0 b1 2b db 13 bf 5b 66 b4 59 b4 73 ad 58 b4 6d 84 59 b4 e4 56 50 ed 87 40 18 51 90 ec e1 7e 2d 12 f0 fe 6e b2 3a 92 cb 98 f2 1d 4f 15 cd 9c 69 a9 e8 9c 69 76 99 bb 64 13 5d c2 63 95 a8 ab b5 51 b9 ff 7c dc f8 bc e4 96 18 1c 2f 12 e8 55 80 f8 be b6 ed 32 ba 55 e4 99 24 1e 7c 05 1a ae 0f 6f 19 ae 05 1a d9 b0 fb 72 b5 44 6f 02 5a fa af
                                                                                        Data Ascii: h|dwy}qxL6%xxySm,v|8Gl:-N=mPS6/:Dy|eBbFj;\f$UfnOPX\f_nZfy_0+[fYsXmYVP@Q~-n:Oiivd]cQ|/U2U$|orDoZ
                                                                                        2023-09-15 03:49:52 UTC1461INData Raw: ae b3 7d 4b b7 a8 4c 0a 9c 85 1f c9 85 9e 2e 88 dd 40 04 b4 c4 5b 35 f5 ef 76 66 36 f6 6d 57 77 b9 2c 6c ac b8 13 cc 0b 32 22 8d 20 1f bd a3 32 92 01 92 73 15 99 6f f2 17 09 50 c3 56 22 7d 13 3b 90 e9 1a 0a d1 a6 5b b8 99 c4 c3 eb a8 85 e8 c6 bd 29 3a 5a d8 18 7b 97 82 6f 6a 4e 8b 4b 5b 0f a0 66 13 a3 c9 6b 01 92 88 24 40 b8 01 9d 41 f0 30 dc 6a dd bd b1 63 d8 c3 80 22 5f 5b 6f e0 46 43 92 d1 07 68 bf 13 29 c1 a3 d8 18 80 ec 99 b8 8b 95 89 29 ba d4 a2 04 bd 3b 6b 10 1a 0a 2a 83 3e 6f 8b f3 9f f7 ba b2 b4 da 13 42 74 7f bd 73 35 30 fc b8 e0 20 55 4c d1 61 7e 61 bd 50 de cc 7f 61 9f 4b e7 6f 01 fb 57 2e 30 ba 7c 03 13 c8 7c b7 64 f9 3d f8 25 b8 6a 28 9d 95 5b 69 b6 b8 bd da d6 04 a6 eb 97 c9 fc 6f 99 a2 d5 35 a8 e3 fe 18 13 50 25 35 7f 61 64 7a 3e b8 f2 71
                                                                                        Data Ascii: }KL.@[5vf6mWw,l2" 2soPV"};[):Z{ojNK[fk$@A0jc"_[oFCh));k*>oBts50 ULa~aPaKoW.0||d=%j([io5P%5adz>q
                                                                                        2023-09-15 03:49:52 UTC1477INData Raw: c8 9b ef 2d ed 0d 43 21 48 81 50 a3 bb 8b 5f 13 88 10 5f 10 90 4d 66 23 fc 1d df 13 28 0d 6f c1 18 8d 2a a3 93 0d 6e 34 c8 bc df 13 92 2d 1f 11 58 cd 6e d3 48 bd 1f 3d f3 4d 6a a3 b9 cd 5f 13 f8 fd df 10 92 88 1f 02 97 4d 69 85 48 ed 5f 3f 98 37 04 23 ad 8d 47 13 48 9e ff e2 a1 8d 4e e3 63 4c 44 63 9a 2d 5e 5f c8 bd 7f e2 b8 8d 6f b9 08 cd 6d 93 48 bd 0f 63 b7 5d 5f 13 12 fd 9f 12 08 4d 79 73 88 97 6f 23 b8 77 3f e3 87 cd 1f 5e 38 57 1f 11 48 bf dd 23 88 b8 6f e0 48 be df 0c 48 0d 47 c9 b8 4d 48 83 09 bd 9e 35 e4 0d 76 e3 ac ef 1f 23 b6 ed f2 e3 b2 1a df 06 96 e8 5f 00 7f 4d 2e 38 08 bc aa a3 b8 7f 42 63 b8 7d 1f 03 88 f5 ef 23 a5 1d b4 d8 88 b1 1f 5f 48 8d 49 a3 48 cd 6a e2 a0 14 9f 10 48 30 5f 10 91 0d 40 35 88 be 09 34 08 bd df 2c a8 61 5f 13 88 90 6f
                                                                                        Data Ascii: -C!HP__Mf#(o*n4-XnH=Mj_MiH_?7#GHNcLDc-^_omHc]_Myso#w?^8WH#oHHGMH5v#_M.8Bc}#_HIHjH0_@54,a_o
                                                                                        2023-09-15 03:49:52 UTC1493INData Raw: 84 b1 52 04 85 a0 52 22 b8 80 29 2e e9 80 06 2e c7 bd 52 9f 85 7e 52 db 85 5a 6f 2e 54 80 65 2d a8 83 79 13 86 a1 51 b5 86 16 51 ae b9 1d dc fc 86 48 51 4d 87 d9 6f 2c d2 82 1f 2c c3 82 f1 13 87 16 50 a4 87 02 50 d4 f8 82 bc 2c 4f 82 90 72 74 bd 67 15 b8 01 cf 13 b2 8d 7f 23 b8 ab 5f 0f 88 9f 5f 3b 88 bd 41 23 8c 8d 55 23 f8 8d 6f 55 88 f1 5f 41 88 e5 5f 13 e6 8d 0b 23 d2 8d 1f 23 b8 cb 5f 6f 88 3f 5f 9b 88 bd e1 23 0a 8d 9f 23 88 8c 4f 63 89 7b 5e 32 98 2a cf 21 b0 5d 5d 33 58 80 cf 20 58 8e 6f 33 8c dd 5b b8 8c 46 5b 11 f3 5d e4 c3 8d 58 5a e8 8d bd 7a 25 93 8b 2a 25 e3 8b 67 a5 8e bb 8f 3e 1e 8a b7 24 30 f9 57 63 d8 95 7f 2a 25 1d db 13 42 84 45 29 e2 87 e5 29 b8 07 55 f9 82 a7 54 59 83 3d 15 28 12 86 b5 28 b2 9d 72 11 d2 9d 72 23 85 da 52 8b 85 bd a2
                                                                                        Data Ascii: RR")..R~RZo.Te-yQQHQMo,,PP,Ortg#__;A#U#oU_A_##_o?_##Oc{^2*!]]3X Xo3[F[]XZz%*%g>$0Wc*%BE))UTY=((rr#R
                                                                                        2023-09-15 03:49:52 UTC1509INData Raw: af 4e ef 12 ac 3d 64 76 38 b4 c1 52 38 bc 72 ce eb d0 47 93 b9 20 3a 93 b3 d1 ef 12 9e 3d 1a ab 38 ba cd 06 38 bc bf 93 b9 5b ef 12 06 00 3c 17 d5 60 af 0a cc 5c 3c 7e 1f bd b0 40 d5 f4 6f 7d b8 d7 2f 13 dd bd 0c 13 cc fd 6e 77 b8 bd 3c 13 d7 bd 1a 13 ca 94 af 10 dd bd 6e 13 eb 7d 6e 74 b8 b7 02 53 b9 d3 2f 1b f5 bd 0e 13 ae cd a9 16 79 b1 06 d3 b3 d3 6f 60 d3 79 6b d4 b6 fb 2f 15 d4 7d 6e 52 be ee 3b 13 c1 fd 7f 71 f8 ba 03 d7 bb f8 6f 13 fb bd 3b 13 f1 bd 20 03 b8 f3 6f 5b f8 be 2e 13 fc a8 2f 12 ea fd 69 5c f8 bc 26 13 ff ea ab 00 6f b4 6e 13 f6 7d 6d 44 f8 a7 3f b8 78 ba 6e 13 ec 7d 6e 58 78 b9 21 d1 a8 97 2b 53 93 fc af 15 b8 fd 67 5a b8 b5 37 13 ed 7f 6d 1b ce db 1a 33 d6 de 1b 72 da ff 63 13 b8 3f 90 13 b8 1e 88 40 d5 0c af 13 b9 74 c5 17 4c ee 02
                                                                                        Data Ascii: N=dv8R8rG :=88[<`\<~@o}/nw<n}ntS/yo`yk/}nR;qo; o[./i\&on}mD?xn}nXx!+SgZ7m3rc?@tL
                                                                                        2023-09-15 03:49:52 UTC1525INData Raw: 47 c8 8b 54 ae 5c 6c 10 bd bd 12 f3 b8 c9 67 ec cd 5d 77 fb 4f d0 ae 33 d8 b3 63 90 dd db 8b 92 74 fd 02 f8 ae d4 7c b2 23 55 6d 03 d9 ae 5c d3 81 f8 8b 66 b8 f4 56 56 64 c9 2b e5 fd 6d 73 12 cc 83 df 4f e8 d8 5c a7 e4 1f 2d a3 b8 34 2a f7 78 ab 4f 81 df 84 3b 0c ed ad 4c 3f 21 da df 42 6d 70 6e 82 d5 59 87 9b 17 bc 6f d1 da a5 6e 73 39 51 3f 83 8b dc 0f e5 b0 eb 87 a5 5a bc 67 9e 2d 49 68 52 d3 ad 41 55 d3 f8 63 f8 a0 3d ef ea 82 c9 7d 93 41 e1 cf 79 38 44 40 67 b0 ed 87 44 78 b1 2b f8 bc 8d e9 eb 32 b5 3f 11 67 b5 e2 8e 08 6c 67 66 b0 34 1a 20 e8 f1 5e 17 d2 bd 5f 5d 7a c1 1a 1b bc 36 97 20 b9 86 97 4a 35 09 6b a6 4c 0d 43 4a 31 83 19 0b da ea 3c 12 e8 55 45 c3 bc 0c e4 15 b8 7b 68 4f ff 34 51 98 be 3d a8 13 92 93 45 13 eb 49 6e 1b 47 a8 af 72 ad 45 90
                                                                                        Data Ascii: GT\lg]wO3ct|#Um\fVVd+msO\-4*xO;L?!BmpnYons9Q?Zg-IhRAUc=}Ay8D@gDx+2?glgf4 ^_]z6 J5kLCJ1<UE{hO4Q=EInGrE
                                                                                        2023-09-15 03:49:52 UTC1541INData Raw: 50 b9 1b 44 38 b0 3f 50 3b f8 97 11 a4 ff 62 90 ed 41 6f 43 47 9d 1a ef 47 c8 97 d6 b5 c9 5b 12 79 b1 1a 3d 3b c0 87 13 cd ad be f8 9e 1c 2e 73 33 0d cf 70 38 ad 6c 0d 33 3d cb d3 ba 7e 71 79 b8 a1 5c c1 e1 4a 9e 98 60 f5 3c 7b 74 fb de 7b 1c b5 db 1f e5 7d 36 2f b9 a0 2a 3a 7e a4 75 d1 a1 a9 6e 52 99 7b 73 43 3b 6a 6f fb 1a c4 af 46 f3 c8 bd d3 d6 31 68 d9 88 e2 31 48 71 3d 24 91 fb 85 e4 17 b5 75 af 17 8b 7d 2f 75 81 bd 2e 11 31 f8 93 1c 3a 17 ec d3 9a bd 26 79 90 e6 ce d3 b9 99 6f 19 e1 30 1b 10 60 d7 67 13 35 f8 a7 43 35 f8 9f 9e b8 c0 a7 43 4b 18 90 06 4c 5c ef 6a 38 d8 97 13 b8 99 2e 15 38 81 2f fb 3d 49 90 ec 19 bc 39 90 98 45 6c 66 a6 1c 6e 05 4e fd 6f 00 ba c8 2f 79 bf 02 87 12 78 a2 e2 66 48 e4 5c d3 4b bd c9 66 97 56 4b 90 40 bf 5b 66 90 fe 2d
                                                                                        Data Ascii: PD8?P;bAoCGG[y=;.s3p8l3=~qy\J`<{t{}6/*:~unR{sC;joF1h1Hq=$u}/u.1:&yo0`g5C5CKL\j8.8/=I9ElfnNo/yxfH\KfVK@[f-
                                                                                        2023-09-15 03:49:52 UTC1557INData Raw: e8 71 87 0b b8 b5 cf 12 47 08 ae 17 b9 ba 3f ec 6f 54 d4 33 bb 7a 8d 15 bb 9c 4f 12 ef ea 07 2b 98 af e4 0e ba 1d 8f 83 47 6e e4 eb 3b 7a f7 10 31 00 ce 10 d9 fb 07 37 d8 be 7f ec 6b be 97 50 ba ea 87 d4 9e 7d 6d 19 78 a8 da cb b8 bf ea e5 b0 b2 eb 8b 18 b5 a9 15 96 fb 6a 30 ba f2 4c 16 35 fa 90 43 35 b5 29 12 e8 3f 64 ec 6b 34 ea 11 6c 1c 6a d3 cc a7 a9 15 83 ad e2 67 be bc ec 16 3b 74 90 83 93 75 6c ea fb bb 20 44 ba bb 24 30 b6 bb 69 1e b2 bb ef 35 3a e2 87 3b 29 73 90 51 97 98 2a 3c 3d 6d a4 b3 bb 18 40 a6 39 bc 87 5e f8 a8 6b 23 34 83 6d 13 88 5d 03 0f d0 e5 ce 3c 9c 4b 6e 97 f2 f8 63 f3 38 3e 0a 19 58 9d 6e 03 f8 80 e2 56 64 ed 4f 7b 06 35 3d 7e 19 8f 30 3a bd 7c 50 cb 9a b5 a6 96 78 b2 fb 3b 79 36 ae 5b 85 69 29 2e 6c 55 59 f0 38 d9 4b 1e 6c fd 64
                                                                                        Data Ascii: qG?oT3zO+Gn;z17kP}mxj0L5C5)?dk4ljg;tul D$0i5:;)sQ*<=m@9^k#4m]<Knc8>XnVdO{5=~0:|Px;y6[i).lUY8Kld
                                                                                        2023-09-15 03:49:52 UTC1573INData Raw: b9 34 da 1b f9 b4 6e 70 ba 2d 3f ec ad 95 4f 02 ee eb 67 11 aa 99 6e 11 d0 3d 8f 15 d2 bf e2 3a da b5 3f 45 f9 60 af 33 f2 42 7a 35 e4 7c 04 f1 b4 84 da b2 b8 b2 eb 01 c1 7d 3f 90 05 5f 7e 1c 3c d1 4e 93 b9 eb e2 96 50 fc 66 79 f8 99 e2 96 59 ab 3f ec 9a b8 e4 2e 6a e5 0f 14 47 6a ce 26 93 7d 6b b0 ba d5 87 c9 45 fc 7c 57 79 ba 67 0a 5c 30 6d 1b be bd 76 b5 b1 dd 90 a6 19 bf 34 70 bb de 6b f7 a9 82 0c 17 2b df 6b 53 af ac 61 42 a3 20 6b 11 28 b9 e4 eb 31 b9 d2 f3 68 bd ec 5e 44 42 84 91 b7 6d 53 d0 33 d8 87 20 5a bd 6f 20 4e 86 91 67 96 42 ea c5 88 8d 6c 15 bf a1 65 14 ad 6c 64 52 bf ff 00 53 bf 86 91 66 20 39 68 09 7d 3f 68 27 18 bd a8 56 44 7d 34 b2 84 90 a3 14 bb 72 68 dd bf 8f 0a 14 47 08 f8 a2 bb 12 68 b2 bf 49 be 97 3d 95 4f 12 1d bd 67 83 bc b5 f6
                                                                                        Data Ascii: 4np-?Ogn=:?E`3Bz5|}?_~<NPfyY?.jGj&}kE|Wyg\0mv4pk+kSaB k(1h^DBmS3 Zo NgBleldRSf 9h}?h'VD}4rhGhI=Og
                                                                                        2023-09-15 03:49:52 UTC1589INData Raw: 9c 2d 3f 1c 3c 48 af 17 d0 85 ff 12 f0 30 ea d3 39 92 90 a5 a9 da 90 45 0e 6c 08 91 d2 b1 6e 66 4b ed 6d 97 a8 66 e4 96 60 0d 4f 9a 3e 5d 3e 23 9a 36 ea cf 0a bd 8b a1 b8 75 7a a1 b8 7d dd 13 74 0d 6f 98 35 49 fe e3 aa 36 fa 13 19 81 e9 d7 ca bc 25 1b 0a bd 1f b2 99 38 63 a1 b8 c9 3a a1 b8 5d dd 10 c0 8f 6d f7 08 bd 38 db 33 00 df d2 af 3b 13 70 bb 0f 6f 04 59 b5 0f 10 09 bd d1 42 34 36 d2 a7 db cf 6e d2 b2 36 ea e3 ca bc 2e 9e 33 a9 d2 fb ca bc 7f 23 30 36 ea 17 91 dc 69 ad 50 cf 6e ff c9 bc e1 07 29 cd 6e 9a 2e 9d 3e 13 3e 99 3e 13 bc 03 83 c3 b9 c9 61 65 a5 3d 6f e8 ba ca 77 90 5a c2 e4 13 62 56 7b 1c 14 7f 68 20 b8 66 09 98 62 7c 87 14 3b bd 8c 6c 53 be e4 4e a4 36 7b 96 68 9f 62 c7 e8 bd 60 bf 68 bd 6c 20 47 db e4 eb 33 7e 6f d2 52 be ec f4 87 96 a8
                                                                                        Data Ascii: -?<H09ElnfKmf`O>]>#6uz}to5I6%8c:]m83;poYB46n6.3#06iPn)n.>>>ae=owZbV{h fb|;lSN6{hb`hl G3~oR
                                                                                        2023-09-15 03:49:52 UTC1605INData Raw: 9c fc 2b 34 bb ec 61 72 30 b1 e6 4d b0 42 b8 1e a9 ba fa 33 bb fd 48 17 b7 38 e4 0a 29 bd 2a eb 98 b7 fe 11 47 c8 97 4f 47 08 4e 17 79 a7 fd 11 d3 4d 6e 98 38 f8 97 2a fd 41 60 96 29 b5 63 7b f0 ac 04 21 ba 30 33 10 bc 65 90 06 28 8c 12 93 ba 2d 6f 1c d4 b7 7d 12 d0 b7 13 60 0b b4 ea da cc 63 06 d7 b2 d2 65 75 b2 79 68 fd 88 b8 0c 19 d6 59 fe 13 d7 b7 09 19 7c 4d 6e 76 b2 05 6c e2 28 0d 66 f8 bc 3e 09 1f b8 b5 ec 75 bc 2d 6e e7 31 bb e4 03 fd 21 e6 55 78 c0 cf 9a fe bd 7b 98 fd 19 e6 55 a0 36 6f 56 10 34 29 0f 3b 7b 4f 14 ca b7 ae 9a 18 9f ec 56 4c b9 54 33 fd 55 60 91 80 2d fe 38 cd bf 8b 93 90 3e 0a f3 b8 d7 7f 13 e0 7c 91 16 31 c8 b3 d2 b8 5b 6a 10 48 d7 6f 9a 21 b4 fd 0c 09 25 ae 15 f5 41 3e 43 f8 34 2a c7 35 f8 bb f2 b3 7a f7 56 60 9d 3f 12 39 b4 1b
                                                                                        Data Ascii: +4ar0MB3H8)*GOGNyMn8*A`)c{!03e(-o}`ceuyhY|Mnvl(f>u-n1!Ux{U6oV4);{OVLT3U`-8>|1[jHo!%A>C4*5zV`?9
                                                                                        2023-09-15 03:49:52 UTC1621INData Raw: f9 df 07 ef d9 ec 1a 1f e0 55 04 2d 09 2e 7d 07 a4 6c 52 6e a8 4d 60 97 ab 3d 6f 75 33 30 6d c3 88 f6 09 98 79 db 98 cb b4 30 fa a2 b8 1c 1c 6e 50 a6 af 93 9b 7f 1b 16 de 84 57 92 b7 d8 af 1b 74 2d 6e fb f7 5d 7e 07 bb 84 6f 6e 64 36 5a 8f a8 ec 02 cf ce e5 bf 86 88 0a 9f 15 54 5d 29 a2 b9 a8 8c 89 30 0f 7b 1f 48 0b 59 98 fd 3f b3 33 b5 4d 98 cb 47 c8 ee 16 2a f8 1f 13 64 ed 7f d7 50 f4 bf 11 bd 5e 1b 1e 9c 08 47 79 b3 e3 84 91 c7 2d 76 ec 6e 84 d2 d7 58 bc e9 65 38 c6 ac 16 de 36 ea ab b8 ad 62 92 b2 30 ee 13 28 b9 ae 43 50 9c 5e 75 be 8f e4 96 b9 be f6 15 3d 7d b6 13 b9 42 da 72 b9 4f 69 ca 58 fe 9d 15 54 c9 ff 31 be f9 68 37 7d ba df ac 59 00 1c 30 80 4f 78 e1 57 9e 57 5f 04 3c f1 d2 98 24 54 d2 cd 8a 6f 22 cd 8f 6f 98 fd a9 ec fb b8 c9 49 13 f0 c9 76
                                                                                        Data Ascii: U-.}lRnM`=ou30my0nPWt-n]~ond6ZT])0{HY?3MG*dP^Gy-vnXe86b0(CP^u=}BrOiXT1h7}Y0OxWW_<$To"oIv
                                                                                        2023-09-15 03:49:52 UTC1637INData Raw: ee d7 7b fb a2 8c 65 d0 9f b3 ef 4b bc 34 37 1b 31 e5 43 1d b8 4e 1b 5f 33 f8 63 40 79 a5 8f 10 e8 8d 61 83 b6 55 c5 9d 1d df 61 26 d8 b3 b8 72 9b b9 61 d3 bb b5 a8 13 a4 d5 61 d0 cc a8 56 19 e5 de 61 5c db b3 fc 67 47 42 47 f8 bd 06 fe 1e e6 5b 61 98 7b e7 30 e3 b5 e6 97 1e 69 82 7f 73 86 8f 7a a3 9f b1 3f 39 92 9c 5c 98 e9 91 6f 38 e9 95 ae f9 bc 86 ad 13 cf a9 e4 5a 90 eb ae f3 d8 b9 e2 67 b0 4d fe 66 18 3f 84 c2 f8 eb 2f f8 bd cf 7f 4c d8 9e 0e 38 10 84 e7 8b e8 b1 1b 92 fe b1 4d 95 b8 f5 7f fb ec 45 90 ec 7a bf 67 37 ac f6 50 10 b8 3e 83 11 9c 7d 62 28 fd ad 1a 14 8b 15 af fa 02 9d 67 45 98 b2 a9 90 d4 e1 56 66 98 9e fe 48 2b 9f 7f 40 ad ea e6 70 ad ff b4 62 db 30 12 c3 f9 e1 2a 92 b8 5d ee 13 35 f8 bf 43 aa b1 67 98 73 34 df 7b cd 6d e6 66 b0 5d 87
                                                                                        Data Ascii: {eK471CN_3c@yaUa&raaVa\gGBG[a{0isz?9\o8ZgMf?/L8MEzg7P>}b(gEVfH+@pb0*]5Cgs4{mf]
                                                                                        2023-09-15 03:49:52 UTC1653INData Raw: d2 bd 2e 1a 3a 92 5b ec 47 7c 6e a9 78 bc 2e 17 77 55 6d 56 38 9d 3c ec ad e9 7f 42 8e d0 af 3e fe 95 3a 50 b7 3d 34 03 31 fd 6c 98 ff a9 e6 50 3b e6 4c 1b b8 3e 0c 97 e3 36 22 e7 e3 f5 0b 9a b5 7d 60 13 71 bd 2f 98 f8 f9 4b 17 31 fc 7f 93 b9 b5 cf 9a f9 a9 ec 9a 39 ac 67 45 ed ef 79 57 ed 50 0c 56 ed 4d cf 77 92 a8 6c 1c 97 b9 60 a3 bb b2 62 1c 0e 11 e8 3f 49 d2 dc 14 88 19 68 61 1f ba 39 3e 07 ba ca 14 89 19 68 27 1f ba 41 58 07 ba ca 14 91 19 68 e5 da 1b 68 35 d3 82 e8 36 3f a4 cb 7b 00 1e 68 33 3f 41 36 35 3f 4a ba 2e 3f f9 7f 33 fc ad 1c a2 fd ad d8 94 ae a2 77 b6 bf 96 cb 14 e2 88 68 0b 90 02 68 b6 bf 8f cb 14 4f e7 0e b5 bf 92 d0 14 1d ba 4e b7 bf 04 de b6 bf 0a e8 0b 07 ba ca 14 9a 19 68 49 c3 1a 68 09 07 ba ca 14 9b 19 68 2e 95 1a 68 0f 07 ba ca
                                                                                        Data Ascii: .:[G|nx.wUmV8<B>:P=41lP;L>6"}`q/K19gEyWPVMwl`b?Iha9>h'AXhh56?{h3?A65?J.?3whhONhIhh.h
                                                                                        2023-09-15 03:49:52 UTC1669INData Raw: fd 65 65 19 08 bd 64 93 ba 36 a4 43 50 b1 01 ca 98 95 2c 05 50 63 b7 ed b8 42 30 98 f5 49 e4 d0 e6 b5 0b 9a b5 2d 64 13 71 7e 89 43 b5 e8 02 e6 88 bd 90 23 b8 ad 3f 1d ed d0 76 23 b8 f4 5f 13 61 e8 57 13 90 8d 6f 27 88 bd 6a f3 af e5 1a 63 b8 d5 57 13 c0 c9 6e 2c b8 8a 6f df f5 c9 6b f6 88 bd be 53 f1 a9 ae 45 50 f9 0d a8 b8 99 b7 20 78 5d 39 97 b2 39 af 1b ee 6d 4b 75 33 fb 6d 53 ef ed 87 05 1f 43 9f 1e e1 9d 1b 1e 33 f3 6b 43 28 d8 e4 53 bb be ae f8 d9 36 8f 6e 47 bd 84 40 83 c8 63 67 e4 8e 2d d3 19 bf 3f fb 54 1b fc 11 a4 2d 39 9e fd b5 0e 0a cc 0d 1e 7d b8 b5 56 56 b4 cf 6b 98 48 bd 84 0d 33 43 84 09 de 3e 4f 6d ba bb 1a 00 c8 da 74 98 ba fa df 76 cc bb e4 28 bb 45 6a c3 f2 42 de 08 cc bb 6d 28 cb ed 67 66 10 8e 3f bd e3 5f ef d4 b8 56 9a 20 78 fd eb
                                                                                        Data Ascii: eed6CP,PcB0I-dq~C#?v#_aWo'jcWn,okSEP x]99mKu3mSC3kC(S6nG@cg-?T-9}VVkH3C>Omtv(EjBm(gf?_V x
                                                                                        2023-09-15 03:49:52 UTC1685INData Raw: 53 be 2f 9a fe e1 ec 6d 80 1d 74 69 d1 5f 7d 4d e1 ac 15 ea 9a 86 af 3f 49 9d 5c ec 81 c3 2f a3 1c f3 57 1b 47 cb 33 51 95 84 29 53 cd 9d 5b 2a c6 81 1a 33 0f 56 42 10 9b b8 0f da 33 ac e2 6e 40 ea c7 9e c5 41 9f 0f e4 3d 4c 1f 08 ad 9f 1e 33 f3 53 b6 a9 f5 7e a3 b5 5c 66 45 e8 3d 6c 62 b8 f5 6f 02 41 2f 1c 67 32 80 7d 1c a1 3f 6e 5b cd ac 38 14 9a ad af 12 60 56 60 19 b9 c8 a8 f6 38 be 3c 91 30 c9 d3 62 ac 5c 35 91 b3 bc 4e 39 8b 66 56 4d f8 ea 60 17 3c af 3f b1 81 e3 53 1c 3c b3 66 93 b8 2d 68 43 ae f9 60 91 1a bc 1e 39 fe 81 e4 6d f8 86 17 d9 b0 3d 50 53 38 6b 2f f8 88 77 8c 3a ac 9d 2a 60 ae 8d 2f 9c 53 96 e4 13 fe fd 09 90 c0 bf 69 66 3a 84 af 0f 83 7e 60 97 06 6c 6c 83 f8 b9 54 d0 a8 ef 31 03 28 aa 8f 5d 84 36 66 10 69 73 cf 11 8e a5 6d 53 b9 bb 21
                                                                                        Data Ascii: S/mti_}M?I\/WG3Q)S[*3VB3n@A=L3S~\fE=lboA/g2}?n[8`V`8<0b\5N9fVM`<?S<f-hC`9m=PS8k/w:*`/Sif:~`llT1(]6fismS!
                                                                                        2023-09-15 03:49:52 UTC1701INData Raw: 1a 02 4f 67 31 fb 7f 29 b9 16 5f 12 b8 3e ab 03 81 c3 7f 9a fe ad 7b 1c 3c 68 5f 10 83 7a 60 57 3c 70 1f 13 81 c3 4f 03 bf b2 53 95 6b ac d5 d2 bd 39 69 a2 6e f0 93 9e 59 bd 97 c3 16 fd 4a 1c 3c 60 4e 11 cb 8e 6e e3 60 28 af 03 26 1d 6e b3 9a b2 bb 97 7a 1a 6e df 18 bc ab c3 a6 1d 6e 79 f0 1c 6e b4 1f bc 87 41 64 3c f5 9e ec e8 9b e3 b9 89 9e 12 3f 4d 6e 1c b8 0a 2a eb 33 f3 7f 98 ed 0d 93 9a ac 3c ef a5 79 bf 83 66 bc ba f9 15 f9 d9 4f 70 50 36 22 ff 47 b9 1a f7 d8 ad 1a e3 47 c8 9b 3b 47 ed 77 63 b9 82 4c 17 ac 36 67 46 54 fa 5f 17 83 c3 4f 1c 14 3f 42 83 f8 99 62 c7 58 be 2b 23 ab 9d 52 98 b6 36 6e c0 f2 eb 43 52 a9 b7 e6 55 90 54 a2 b1 b7 b9 53 f8 5d 70 6e 73 b3 4d 6e a1 a6 54 c7 16 da b1 bb 63 26 36 96 f8 d2 36 6f 14 35 f0 b7 42 35 f0 bf 86 88 bd b3
                                                                                        Data Ascii: Og1)_>{<h_z`W<pOSk9inYJ<`Nn`(&nznnynAd<?Mn*3<yfOpP6"GG;GwcL6gFT_O?BbX+#R6nCRUTS]pnsMnTc&66o5B5
                                                                                        2023-09-15 03:49:52 UTC1717INData Raw: 48 7c 35 e3 36 36 9e 43 fb 62 1c 39 5c d5 5f 13 d8 30 e9 d2 93 dd 31 56 ba 6a cf 13 29 09 df 3f 88 0f 2b 3b 4c bd 9f 2f ca 88 df 4a e6 74 3b 7c 58 9b 8e 64 8b b5 b4 2a 26 7c cf 67 b1 55 1b 76 1a 8b 1b b3 7a 56 06 73 d2 9f 0d 40 9c 42 d9 92 9d 02 3f 73 c0 42 d9 2a 89 b2 e4 dc 88 bc 7e 10 78 f1 39 fb fa 07 4f 51 3c 7d 1a 39 53 bf e4 4b 77 42 d9 d2 a8 24 6d 83 2a bf 1b e5 b6 29 6d f3 b0 1b 4f 40 bc f0 4d 1a 69 7b 6e 72 fd 84 12 1b 33 64 60 97 6a 30 0e 64 33 88 fe 1d ef 58 67 e2 b5 a8 fe 4b 6e 8f 55 ae 89 bc 1a 03 de bf a8 d1 b9 93 6f 75 31 00 95 1c 38 bd 9c 7c e9 cf 5e 60 ef ea 90 a0 41 1c b0 ec 6e c6 6e 0b bd 7d 7c 72 cd a5 7c 54 4a bd 4f 09 ab 02 31 67 bc 3d 8c 01 33 ce 6b 43 b9 c0 1c d3 2d 7d 30 d4 b3 2e 9e 07 58 a9 87 3c ba 8e 1a 53 db e4 c8 03 e1 df 37
                                                                                        Data Ascii: H|566Cb9\_01Vj)?+;L/Jt;|Xd*&|gUvzVs@B?sB*~x9OQ<}9SKwB$m*)mO@Mi{nr3d`j0d3XgKnUou18|^`Ann}|r|TJO1g=3kC-}0.X<S7
                                                                                        2023-09-15 03:49:52 UTC1733INData Raw: 7b bd 05 0f 8b 6f 36 e4 49 db 6f 90 dd b7 6f 9a c5 49 e6 17 e5 45 6f 7e 35 f9 77 f7 83 bd b7 9a fd 41 1c 29 33 f8 6d ef b9 99 f6 4a 4f 44 90 66 b8 b1 90 66 b0 24 44 d1 33 bd 97 c2 47 d6 90 0f bb 46 6f 98 77 55 2b a9 47 42 ea 13 78 c0 6a 9a c5 41 84 16 b8 c3 57 9e e7 a1 54 4e 44 9d 1d da 33 c0 9b 13 96 36 22 91 44 bd 5e 9a f5 49 87 0e ba 9b 4f 79 a4 e4 1a 3a b9 ec 2a eb b8 24 98 ea f0 34 28 1b 8b bd af 53 51 35 6f 13 b8 36 69 d4 b8 ae 6c 20 33 f0 9b 5b 31 ad 2e 1b 53 59 ee 5c be 8e bd 27 4f 4c ed 37 40 3d 4b 12 f5 e1 67 03 5c 55 a0 aa ba 87 69 90 f7 ed 67 ec 53 f7 6e 1c 73 3d 61 fb 8a 05 6d 18 c6 b2 6d 0f bc d1 27 f8 fe 9a 6d 0c b8 fa 67 fb 2f be 7f 17 b8 8e a6 f8 bb d7 91 4a 33 b9 2a e7 3b 87 31 e4 46 be ae 32 3a fb 30 4d e3 74 6f 86 ee d7 ef 1f 33 4c 87
                                                                                        Data Ascii: {o6IooIEo~5wA)3mJODff$D3GFowU+GBxjAWTND36"D^IOy:*$4(SQ5o6il 3[1.SY\'OL7@=Kg\UigSns=amm'mg/J3*;1F2:0Mto3L
                                                                                        2023-09-15 03:49:52 UTC1749INData Raw: 54 3e 6b ff ac bc 4e 40 ee ea e4 e2 b8 c8 68 20 71 34 22 ef 53 fd 63 98 76 55 99 e0 39 71 93 1f 33 75 ef de b8 fb 5c c1 93 7f 6f 67 84 f5 1b 1a f0 c8 3e 13 35 c1 a0 17 53 f6 60 a4 b8 a2 ec d4 bc 86 31 03 31 bf 32 93 70 ee e2 5d b4 55 fd 19 40 be e2 25 39 75 29 1f d2 bd 67 40 ef ed 6f 36 5f 57 90 ec b8 56 76 75 31 b2 ec d4 ba ad 3d 75 31 aa 6f 1e e9 fa 28 37 e8 ea 6f 1e a7 56 ef 70 40 8e 2f c8 81 e0 93 9a e5 7d 0d e2 2d bc 3a 5d 78 df b6 d2 da f1 b6 d1 da 37 22 d3 da 76 a9 71 b7 39 ee d3 ba 3d 26 67 a4 f4 60 96 0d fc 6a 19 b6 7e 3e 57 78 ec 87 9e 84 fa 4b fa 18 bd 6a ec 8e 7f 05 11 56 b8 6c 37 1d 7f 66 98 ed 51 ec 76 b8 45 6f 20 78 fd bc f3 35 b9 2b 03 38 b6 ea d3 ce 95 5c 13 78 b2 d8 1c 33 e0 9f 9a bc b1 ec 93 aa 66 2c c0 5b fa 2f 54 47 f8 97 1c 0f 7d f0
                                                                                        Data Ascii: T>kN@h q4"ScvU9q3u\og>5S`112p]U@%9u)g@o6_WVvu1=u1o(7oVp@/}-:]x7"vq9=&g`j~>WxKjVl7fQvEo x5+8\x3f,[/TG}
                                                                                        2023-09-15 03:49:52 UTC1765INData Raw: d8 df b7 b1 fd ad 61 4d 3b 8a cf 4c 58 98 e4 5e a8 34 69 9d 79 c6 6f 64 a4 db e6 9d f8 ac ee 02 f5 9d e6 d1 9c d7 6f 9a da 33 4e 65 33 f0 77 33 9e bc 2f 9a aa 33 4e 37 35 33 0e 3f 50 15 db a6 9a 9e 4c d0 9e d7 6e 34 d8 b9 7b 70 9f 11 87 99 1b be 6d 09 b2 7c 77 52 b8 94 2e 13 d3 e0 ad 0f b8 36 6d 98 81 9c ef 86 c4 95 e4 82 79 b2 60 bc ba 2c 4e 1d bb 6d 56 47 9c b5 e7 6e ab db 6e 7b de 86 ee d2 a9 e3 1a 51 b0 dd 1d b2 ea 7d 6d 2e 1a f6 be 13 cb a4 39 20 4e 36 a7 55 b8 3e 8e 0c 6b 5b ae fb bd 8d ea 27 3a e3 cc 1e f9 b8 6b 13 b8 ee 39 44 8b 66 e4 ea 8b bd 99 ec 8c 0a 87 4a 5d 43 2f ec bb 65 29 92 46 1c 18 4a a8 cf 83 4c e6 5d 13 d0 33 7c 2f 98 f4 99 6b 92 41 bc 65 60 b8 a2 e4 c2 79 57 6a 9e bc b5 ff 20 6a fd 65 51 6b 5f ec 13 c4 99 67 13 cc b9 66 03 78 56 6b
                                                                                        Data Ascii: aM;LX^4iyodo3Ne3w3/3N753?PLn4{pm|wR.6my`,NmVGnn{Q}m.9 N6U>k[':k9DfJ]C/e)FJL]3|/kAe`yWj jeQk_gfxVk
                                                                                        2023-09-15 03:49:52 UTC1781INData Raw: b0 96 ce 96 58 a0 39 44 b8 36 13 37 a8 38 90 98 49 bd 1b 39 47 cb 67 fb 1e 92 6f ef 47 e4 e4 1c 83 7c 1c 93 ba 36 a7 90 c4 99 63 53 79 65 1b 03 e9 bc 77 d2 bb 83 af 10 d8 3c 6c 13 b1 5c 1e 1b 33 f3 67 38 f6 2d 6b 9a b0 e2 23 2d 07 5d d0 4d 1f 02 31 bf e6 af 51 da 42 bc 70 cb bb a2 55 d7 bb a2 cb 15 a7 9d 66 42 fc f5 6b 13 eb eb e2 63 b0 ea e2 2f b8 b3 54 e4 cb 95 e4 4e b0 9c 4f 5d ab 30 22 1b 19 e7 90 01 b0 39 af 67 e9 b4 e6 15 b7 0b 6f 55 bc 30 1b 23 b1 3e 89 33 44 86 98 61 63 cd 36 4d e3 6b 32 13 88 0d 4d e6 36 9c 7f 73 a4 32 4e ae 33 9c a5 c3 b1 32 4e 9c 99 3e 4e a3 37 9c 47 15 b8 15 ed 32 50 39 4e c7 38 26 ea 32 3b f6 66 90 f3 fc 27 42 b4 0d 4d 13 bc be b9 28 7a ce 61 1c b0 0b 1f 17 b8 9c 66 90 58 41 8e c3 b9 84 3e 1b e6 6c 4f 12 e4 2d 64 5a a1 9d e4
                                                                                        Data Ascii: X9D678I9GgoG|6cSyew<l\3g8-k#-]M1QBpUfBkc/TNO]0"9goU0#>3Dac6Mk2M6s2N32N>N7G2P9N8&2;f'BM(zafXA>lO-dZ
                                                                                        2023-09-15 03:49:52 UTC1797INData Raw: 97 85 16 c5 dc 82 6d 21 ba f9 57 11 30 82 6d 21 ba 17 0d a7 bf d0 db 14 c0 05 68 bf 87 be da 21 bb 30 5b 10 2d 09 6d a2 b5 5d d0 11 25 0f 6d ae 88 bf 9d 05 00 bf 63 dc 07 bf 3a 22 ba 64 1b 16 59 09 67 fa 00 b5 57 58 87 be 5d 10 45 89 6c 16 01 8e 6c 5a ed c9 6f 2c cc bd 5a 67 b8 9c 1b 13 b5 08 1b 13 93 c9 6f 04 c8 bd 5e 15 b1 0d 6f a5 d4 82 69 21 be e0 5f 11 09 bd 0a 27 bb 2b 02 63 b8 cc 63 66 cc bd 6a a9 cb bd c5 e8 4c bd 9e 67 b8 06 1b 13 09 c9 6f b9 7d c9 6f dc cc bd 10 67 b8 34 1b 13 12 20 1b 13 2b c9 6f b4 cc bd 8e 67 b8 57 b6 67 b8 54 5b 18 ab 4c 06 2c b3 8f 64 a5 a1 8d 66 a2 b8 9c 1f 13 89 b6 46 67 b8 17 3e 67 b8 fa 1b 13 85 c9 6f 20 cc bd f5 48 cc bd 0a 63 b8 c8 7e 97 68 82 69 46 89 bb 18 27 be c2 5b 10 3f c9 7f 9c e3 09 6c a2 e2 55 d0 10 0a be cc
                                                                                        Data Ascii: m!W0m!h!0[-m]%mc:"dYgWX]EllZo,Zgo^oi!_'+ccfjLgo}og4 +ogWgT[L,dfFg>go Hc~hiF'[?lU
                                                                                        2023-09-15 03:49:53 UTC1813INData Raw: b8 bc 0e 16 b8 66 5f cc 88 5e 5f 13 5f 8d 84 23 57 8d 9c 23 b8 4a 5f e8 88 42 5f 10 89 bd 68 22 b3 8c 60 22 ab 8c 6f 04 89 a6 5e 0c 89 9e 5e 13 9f 8c 44 22 97 8c 5c 22 b8 8a 5e 83 8c 02 5b fe 8d 95 3d 25 13 6d fa 1c c8 8d d8 24 98 c4 57 84 80 53 9f 0b 88 84 65 2b 08 d6 3f 23 17 e2 56 75 81 b7 02 a3 16 c3 df 9e 12 84 d4 2a b0 72 56 c6 88 30 8c 2a 52 84 6d e2 08 ac 66 29 b6 87 79 29 90 96 55 21 48 31 2c a3 d4 d6 55 13 c9 87 e4 29 29 87 f4 29 1a 9e 1f 75 e8 86 39 03 de c4 5f 76 ba 3b 5f 77 16 86 ab 28 72 86 ef c3 83 6b 54 33 84 9b ff 70 b8 1f 53 fa 84 18 52 1a 86 bd 2e 2d 57 83 74 2c 20 82 ef 8c 87 18 50 aa 87 02 bd 1d 90 bc 6f ff ca 38 70 e3 ee f2 5f 13 ed 8d 34 23 d1 8d 00 23 b0 28 5f d6 48 b1 4f 22 9e 8c 6f 22 89 36 5e bc 89 08 5e 1b 47 8c 2d 23 f7 e9 5d
                                                                                        Data Ascii: f_^__#W#J_B_h"`"o^^D"\"^[=%m$WSe+?#Vu*rV0*Rmf)y)U!H1,U)))u9_v;_w(rkT3pSR.-Wt, Po8p_4##(_HO"o"6^^G-#]
                                                                                        2023-09-15 03:49:53 UTC1829INData Raw: df 8d 6e 42 a9 4c 1a 71 2d 4c 1a c2 b8 7f 81 0f 4b af be 11 4f af 0b e0 aa 8c 61 b1 9b fe 4f 88 18 bd ea ec 33 4c 7e 45 b7 31 eb 3f d8 e1 0d 08 b7 39 4e b3 b8 a9 ec 6b a9 a9 78 81 b8 f9 6f 1c bc 39 62 f2 b9 f5 47 98 e8 91 3d 43 f8 ae 5f 43 a8 e8 43 d3 30 8d 27 fb 0c 15 ef 12 b0 36 df 53 e0 ad 67 98 f8 b1 1f 12 a4 36 60 7e 98 b8 47 13 e0 1d 5a 1b b8 d2 1f 11 90 8e 4f 73 49 ff 38 1f 5b ff 5f 17 f4 ed 2b fb 90 1d 41 98 c0 b5 8c 10 d0 af 63 83 af 86 b0 96 bd c8 49 2a 98 d1 4b 33 cd a3 ce 38 33 bb 6e 82 83 a5 3c 46 ef ef e4 43 ac 95 3e 22 e9 ec 3e 3b 53 c7 54 1b 67 c3 66 83 9b ad 05 17 e8 b9 84 14 99 ff 05 10 e9 42 7a 15 10 6d 7e 23 ca 36 2d 33 e8 36 97 dd 50 ef 3e 15 e8 b8 0e 07 78 ae cf 14 d8 e1 3f fb a5 9f 0f 18 99 bf 2b 96 d8 bc 43 83 bf d5 4f 13 74 2c 19
                                                                                        Data Ascii: nBLq-LKOaO3L~E1?9Nkxo9bG=C_CC0'6Sg6`~GZOsI8[_+AcI*K383n<FC>">;STgfBzm~#6-36P>x?+COt,
                                                                                        2023-09-15 03:49:53 UTC1845INData Raw: d8 e2 54 c2 a3 74 4c d9 f0 34 61 4c 90 3d d7 03 d8 a8 87 11 5e 5d 7d b2 38 7a 6a 03 8b 9d ab 9a 3c 99 63 53 ba ee e4 3b 24 99 77 f3 b8 eb 8f 37 33 4c 6e d3 87 a9 e6 6f 9c ad 87 9e bd bc 55 c8 d8 8a 63 66 bf 8e af 97 51 18 6e 51 78 c9 73 9e b8 bf 4f 43 33 73 87 6d 78 be e4 53 98 b5 54 eb c5 bf 8f 51 c4 99 2f 1f b8 c8 8b 7b 58 1d d0 40 a0 42 7a 83 7a 86 ee 56 63 c9 03 13 ed ee 38 9e f4 99 4b 79 98 bc 3e ec ad 31 6f 10 eb 36 3f fb 47 a8 f3 91 86 a9 8f 1b 9e be 8d 55 78 b1 7f 67 f8 30 3b 37 ac ad 3d 73 ba 9f 0e 18 40 84 00 13 b0 c2 7d 98 bf 36 3f 17 b9 5d 68 0f e9 36 a0 ec 6a 39 67 d3 cd b4 0f 1e a8 bd 1a c7 f8 56 7d 98 f4 99 77 d2 bb b1 e4 51 bb 3c 23 4e 58 9b 7f 98 34 1f 76 13 e7 e3 34 20 74 55 81 24 88 b9 6f 92 7c bc 70 dd fb 71 3e 91 eb 7d 08 ea 8b 50 87
                                                                                        Data Ascii: TtL4aL=^]}8zj<cS;$w73LnoUcfQnQxsOC3smxSTQ/{X@BzzVc8Ky>1o6?GUxg0;7=s@}6?]h6j9gV}wQ<#NX4v4 tU$o|pq>}P
                                                                                        2023-09-15 03:49:53 UTC1861INData Raw: a7 b2 57 d2 2b fd 65 1b a8 ef 3f 98 30 7c 66 ec e9 a5 e8 d3 a7 7a 67 d1 a7 3e 11 07 dc e4 75 01 b6 3c 3f 98 ee fd 3d 41 b0 eb 43 fb 11 fd ef 15 e0 ad 6b 4b 3b 79 79 07 fa a3 8e 00 32 1d 79 97 78 c9 cd 18 78 81 87 0f 45 7c 5d 1b f4 b1 63 25 f5 fc 63 f0 83 ad e5 85 08 dc 4d 5b a8 8e a6 d4 ba 98 6e 13 3c bd bd 1c 2d 7c ec d2 dd 34 59 5d 5b b3 82 0a dd 44 76 94 e2 cf 7b 43 33 ab 05 ec 79 e7 13 d0 e2 ed e4 d2 f6 3e 3b 08 5b b9 39 9a f0 df 3a bf fe 9d 86 47 3c e0 63 f3 f5 ba af 33 b5 1d 69 17 98 b9 4c 15 93 7c e4 5f b8 99 7f 28 70 cb 6d 98 70 15 e4 85 f8 bd 6a 42 b9 bf e2 d3 a6 3d 3f 42 ee 7a 2b 37 a0 9c 77 08 98 e1 ef 20 a0 fe 69 b3 a3 be a7 9a 6f ff 6e 18 80 5f 76 44 b8 a7 09 0c a2 bf 75 bb a1 36 61 12 a2 fc 6c 09 ae 5e 07 bf 8b 7d ef 6c 1b a7 7a d2 a1 fb 6f
                                                                                        Data Ascii: W+e?0|fzg>u<?=ACkK;yy2yxxE|]c%cM[n<-|4Y][Dv{C3y>;[9:G<c3iL|_(pmpjB=?Bz+7w ion_vDu6al^}lzo
                                                                                        2023-09-15 03:49:53 UTC1872INData Raw: ad bd 87 9e 44 42 90 45 50 7a 6e 53 b9 8e b4 45 31 e2 63 fb ba 21 4f 65 30 fa 7f 9a e7 a9 77 9a e7 a5 cf 06 78 c1 55 d0 cc bd 6a 2b e6 fd 1a 1a 30 e3 ef 4b 30 e3 36 9b e6 e7 4f 11 f8 c5 57 4d f9 c9 7e f0 a4 8d 66 f1 a4 42 7e 12 22 c3 0b 10 cc 9d 60 d5 fe e5 6e 30 bd 34 31 13 cc 56 75 2a e6 c9 1b 15 b8 7b 29 4a b9 56 60 2b e6 ff 3f 52 b9 e7 6e f8 bc 3c 6b 2b b8 e3 37 67 aa eb 87 f4 d4 b0 6f 1b 2e bc 4f 53 b0 34 38 07 80 95 31 49 cd fd 61 4a d9 be a4 4b 9f dd 6c 91 9b dc 6c 54 a0 5d 61 66 95 ad e5 54 a8 eb ef 03 b2 55 d2 91 ea 5f 6d f8 b6 55 2c 5f 58 9d 63 fb 05 dd cb 13 36 37 21 49 e9 ad 39 fb f8 fc ed 12 ee 55 18 d3 86 bd 6f 99 3e 74 0c 5e 58 bb 2f 03 33 ab 39 d4 fa 7c 22 13 79 5c 5d f8 af 37 e9 db b9 2b 2f 10 b0 ba 87 f9 78 a4 84 16 50 2e 7d 39 38 be e1
                                                                                        Data Ascii: DBEPznSE1c!Oe0wxUj+0K06OWM~fB~"`n041Vu*{)JV`+?Rn<k+7go.OS481IaJKllT]afTU_mU,_Xc67!I9Uo>t^X/39|"y\]7+/xP.}98
                                                                                        2023-09-15 03:49:53 UTC1888INData Raw: e9 4c 7a 0b a4 36 3e e2 ad 6d 38 0b 33 f4 74 e2 ad cc d2 2b 18 9c 5e 6c 8c 36 5e 53 33 81 b9 9e 8c 6b af 5d 8c b9 e4 65 c9 00 57 98 c9 b9 e4 13 f1 b5 e4 2f 2e 36 43 82 29 1d 6d 2f 33 b7 9e 04 eb e1 6e 04 c2 a0 bc 48 a8 8d 3e 12 98 8f 3e c3 b4 a2 cf 99 ed bd 28 56 88 b9 7b 52 9a e8 ad 40 e4 3d 6c 3f d9 9f 4f 93 c2 3e 0f d5 bb 36 53 8c 99 b7 af 13 bb f7 53 d2 af 95 bf 13 84 7c df 5b ac 8b f5 d2 ab fd 6a 2f d9 ac 5d 08 35 a1 2f 39 32 a1 6c 9b e1 cd 77 29 9b 3f 6f 72 a9 81 6c c0 39 bf e5 07 ce bf 6f 45 16 bf 92 b6 ba dc 12 b0 ba 85 3a b1 ba 42 ca 11 80 19 6d 4d 1d bf 31 26 14 bf 39 b4 ba be ff 14 7a bf 71 99 7c a1 68 92 ef 35 31 12 49 a5 2f 11 b6 bf 1e 66 48 b1 4e 0d a8 b2 ea e6 1f fd d1 41 81 59 7f e5 fb 1d 71 64 1a 65 87 04 32 e0 de 76 a4 6c 58 c3 b7 6d 7e
                                                                                        Data Ascii: Lz6>m83t+^l6^S3k]eW/.6C)m/3nH>>(V{R@=l?O>6SS|[j/]5/92lw)?orl9oE:BmM1&9zq|h51I/fHNAYqde2vlXm~
                                                                                        2023-09-15 03:49:53 UTC1904INData Raw: a3 bd 39 8a 4f c6 67 44 33 04 6e f1 8d d6 73 98 f1 a1 ae f6 3a be ff 5c 90 36 9f 98 7f 0d 6e 12 99 88 77 1c 17 68 d4 13 7e 34 2b 37 9c 24 44 d1 bc 6c 97 13 38 9d e4 d5 b7 12 6f d6 e8 ec 38 98 c4 99 2b 13 ef 55 b9 13 b8 bd e4 50 b8 b1 ec d7 a8 38 af d4 fc 39 4b 0f b8 85 6f 1c 36 09 6e 47 b8 e9 4b 2f 31 c1 4b 23 31 bd 3b 37 80 36 2b 37 80 8e 6f c8 3d 50 e4 1b 31 f1 4b 93 a8 cb 0f 9a d4 99 7b 13 9e 3d 77 20 55 38 af 6d 92 bd fd 11 88 bd dd 2f 33 ba 6c d0 3d bd 99 6d b4 36 a1 20 6a 37 ef 03 bb 57 2f 5a cd 4b 6f 59 98 81 ec d4 bc f5 6e 0c cd 63 66 13 b5 9d e4 13 f9 be aa 10 66 fd f6 e4 c4 99 4b 52 b9 f2 e7 07 f9 42 6f 0b ac bc 4c 07 cd 15 3f 98 d4 99 47 13 9b a5 6f 6c 80 bd e4 4f 9c 8d ec d1 bc 30 63 17 35 bc f8 11 31 e9 4b 27 bb af b7 13 96 a1 e6 13 a3 36 25
                                                                                        Data Ascii: 9OgD3ns:\6nwh~4+7$Dl8o8+UP89Ko6nGK/1K#1;76+7o=P1K{=w U8m/3l=m6 j7W/ZKoYncffKRBoL?GolO0c51K'6%
                                                                                        2023-09-15 03:49:53 UTC1920INData Raw: d8 bc 5b c2 d1 86 a5 67 a2 91 2d 10 9e 5d 6d 53 b9 a2 e4 5a b8 c9 e6 47 9c b9 e6 5f 9c ed 6f cc d4 99 3e 7f b8 4c 6f c9 bc c9 4b 12 8f 7e b6 16 68 5a 42 22 37 b5 99 77 49 ba 75 e7 b2 af e4 b3 f0 b5 99 d6 b9 ac 64 7f aa b6 01 77 a4 b6 90 11 43 bf 07 ec ba 4c 6d 08 bd 49 6d 00 4c bf 64 99 f0 d1 eb ad 71 b2 69 ec ba 40 6d 1f be 42 74 0e 47 a6 7e eb b9 3e af 33 47 9a af 67 99 c8 9b 12 a1 4d 75 33 e8 ba 4f 21 68 a5 64 93 3b 7d 35 9a b9 05 4f 0b 97 8c 9c 11 b7 39 f3 22 84 8f 6c 1c 3c 3b ff a3 b8 cd 6c 17 b7 39 e9 42 b9 9c dc 10 b0 64 ef 93 68 bd b2 0a 13 fc 75 e0 b8 39 9a 13 ac 4e 6f 9b 4d bd 85 0b 4b bd e3 e6 b8 a1 9c 13 c9 b8 9d 13 56 9d 9c 13 88 fc 9c 13 9c 4e 6f 03 c9 4e 6f 95 90 4e 6f 22 b1 60 76 ab bc b4 55 54 47 b7 90 19 4b b7 e4 83 b8 dd 3b 9a da ac 9a
                                                                                        Data Ascii: [g-]mSZG_o>LoK~hZB"7wIudwCLmImLdqi@mBtG~>3GgMu3O!hd;}5O9"l<;l9Bdhu9NoMKVNoNoNo"`vUTGK;
                                                                                        2023-09-15 03:49:53 UTC1936INData Raw: b8 ed e4 15 e9 ef 3f 40 50 bf c8 e3 bd 37 29 1b 3b 79 4f 13 10 bc 1b 01 61 fb 47 90 b8 51 67 ce a4 99 3c fb 86 bf 1c 52 bd b1 e4 55 b0 4b ab db b0 c9 60 92 bb 91 3e e3 b0 df 6e 13 b0 38 11 1b cc 9d e4 85 2a 71 ae 15 3e 75 3e 13 36 79 3f 13 e8 ef 3f 79 b8 fd 6d a1 fa bf 7b 13 4e fb 67 11 cc ae 5c c1 f8 30 29 57 32 eb 76 c2 be d4 69 6a fa b8 ef 12 bc c9 06 ca 3e db f3 33 bb 4e 69 ca 3e bc 1a a6 b8 29 3a ab b8 2d d7 13 34 05 6f 9b 00 bd eb 56 00 bd ef a5 b8 ee 87 a9 5a bb 2b 1b 33 3b af 42 ce 7d 1b 79 33 b9 d1 af 28 bd e2 1f 38 30 7b 33 37 86 95 60 e2 bd 79 15 3e b9 90 ec b8 b0 ec eb b9 c9 5d 1b 32 f2 7f b3 d0 96 99 d2 be bd 1a 35 4e fa 6c 33 cd b3 6f 90 40 be 1b 1a 4f fe 03 12 09 d3 1b 01 33 fa 63 98 f7 ee cf 72 d8 be 70 78 19 b8 7f b0 bd 3e ef d4 ac 30 7b
                                                                                        Data Ascii: ?@P7);yOaGQg<RUK`>n8*q>u>6y??ym{Ng\0)W2vij>3Ni>):-4oVZ+3;B}y3(80{37`y>]25Nl3o@O3crpx>0{
                                                                                        2023-09-15 03:49:53 UTC1952INData Raw: 70 bd ec d2 bf 7c 86 10 33 0f a9 ff 19 be 0f 7f 33 7c 29 9a 8b 3e d7 91 b0 bc 70 0f 8b 74 e5 9b 59 b7 af 98 69 f7 60 97 44 bd 6e d3 b8 bf 5e d3 b8 3e 85 11 cc d6 e4 55 28 98 67 d2 b1 54 e4 9b 39 b1 2d 12 38 dc 4f 96 71 0d ef 1c 3e a7 eb 13 81 34 0f d9 18 11 4b 97 79 bd 1b 01 33 70 e4 e1 33 64 62 50 b5 76 8c 53 d8 b8 6c c6 bb 40 6b 2f b9 1c 69 66 bc 0d ef f8 90 bf bf fb 59 6d 26 12 bf c8 aa b6 de ac d7 51 b5 ed 1f 33 ff 9d 6c 1e aa fa 2f 48 98 3d 6f 12 4f 7f 6f 93 b8 bc 6f 67 a9 05 6b 93 b9 a9 5c fe 18 f4 73 73 b8 ad 84 06 8e 00 6e 11 18 b9 73 12 d8 5d 6f 03 44 bc 2f 89 3d 74 e4 c6 b7 3b 86 04 d8 a5 4f 1f 79 63 4b 72 22 38 a7 67 b8 98 5c d3 32 77 e5 14 03 3d 60 1c b8 bd bc fb 01 dc 68 13 93 77 bc e8 32 b3 ec f3 b8 b2 4d ca 33 77 bd f3 b2 ad b7 9b a6 86 cf
                                                                                        Data Ascii: p|33|)>ptYi`Dn^>U(gT9-8Oq>4Ky3p3dbPvSl@k/ifYm&Q3l/H=oOoogk\ssns]oD/=t;OycKr"8g\2w=`hw2M3w
                                                                                        2023-09-15 03:49:53 UTC1968INData Raw: 3f b5 0e 93 b0 e8 38 fb 9c 28 f6 93 e9 ed 7f 93 d3 a5 e4 13 b7 ef 3f 42 d0 91 cb 16 b8 ad 07 7b 50 b9 7f fb 92 bf 81 92 fb a1 5c d3 e7 e3 32 13 e3 3e ab 03 7b 3c 92 07 19 bd da 64 d6 c9 34 13 1b 58 ef 70 8c c9 2b 13 1b 6f 6e c8 38 cf e4 09 e8 38 b4 66 93 bd 46 51 39 a9 2f 13 a8 36 60 43 eb ec 07 03 b1 3b 7c c8 55 31 7c 9a e6 99 86 17 63 4a ec 4a 33 bf e6 55 a0 b1 86 de f9 be 2e 2f a9 34 f9 33 31 3d 7a fa 04 bd 6b 92 45 a8 6e 6b b4 38 05 d2 a1 fd 23 98 b0 34 e1 99 9c bc 68 8c 7c b3 ee d5 90 f8 e1 c7 cf 52 2c 9d 3c 7f 62 8b ba 3b 2f 30 38 bd 1b 6f 35 38 86 6e 78 bb 0f eb bb b2 e8 32 f8 b6 6f 41 8c 9e 6f 41 b9 a6 ee d5 94 3c 60 02 ea d5 39 fb 80 39 60 56 f9 ab ef 09 65 ed 6f ca 26 8d ee 09 8c b9 49 79 e8 ad ee d5 8c f8 64 89 fa b6 63 af 51 aa 2b 18 b9 ba 2e
                                                                                        Data Ascii: ?8(?B{P\2>{<d4Xp+on88fFQ9/6`C;|U1|cJJ3U./431=zkEnk8#4h|R,<b;/08o58nx2oAoA<`99`Veo&IydcQ+.
                                                                                        2023-09-15 03:49:53 UTC1984INData Raw: 78 bd 61 d3 18 8b af 13 b8 bc af 17 ba b9 6b 17 bb 7d 6f 12 b8 b9 6c 83 b0 bd e4 57 9c b9 d5 12 f9 b2 3c 45 32 f5 77 98 e0 bd 4b 98 c8 91 38 98 c0 95 6f c0 5a 36 ad 59 3d 7d 11 13 95 db e4 18 3b 7e 6d 75 b9 bc 73 60 91 db e4 14 3b 7a 67 11 de 80 af 11 a5 db e4 1d 2c 3e a9 17 bb ad ed 16 c7 6e 4f 02 d1 bc 02 48 7b bd 6e 03 ba bc 98 18 f2 bd 17 3d 33 76 e2 17 ef 96 2f dc 93 4a e2 69 b9 dd 08 47 18 bc 6e 75 31 a9 4e 12 e8 bd 6e 19 a8 9c 6d 15 99 bf 69 90 50 bf ef 5c cd 63 30 4d e3 7e 8d 06 b8 3e 83 1f eb e8 e4 7b 94 bd 39 98 c8 99 5c c8 de 36 e3 4b a0 9c 65 31 b7 24 98 e8 bb c7 2b 07 af 3d 48 47 9c 99 cd 97 31 bd 2d 53 cd 9e e4 11 d0 21 26 71 c2 b4 70 77 c2 8d 14 74 c2 e6 67 90 7c b1 8a 69 f3 34 33 37 88 a5 84 1b 33 1d 6f 53 b0 9d e4 b3 ea fd ec e8 bf 3f 13
                                                                                        Data Ascii: xak}olW<E2wK8oZ6Y=};~mus`;zg,>nOH{n=3v/JiGnu1NnmiP\c0M~>{9\6Ke1$+=HG1-S!&qpwtg|i4373oS?
                                                                                        2023-09-15 03:49:53 UTC2000INData Raw: b3 ba ea e3 f1 bd 6e 98 b7 5d 6b 98 a8 54 6d 95 3a 55 0d 2c cd 98 39 fb dd dd 4f 10 78 97 ef 12 a0 36 2a 13 d0 c9 4e 93 fe ed 87 73 a0 1f 1f 20 78 ac 0c 84 b7 36 f9 12 be 3e a8 17 b8 8e af 9a a9 db e4 95 38 be cf 12 39 c3 21 29 93 75 ec ea 98 bc 60 9d cb bf 8f 1f af 36 6b 95 54 7e 6b 9a ba 36 f9 e3 83 9c 32 53 b7 e0 a7 1d b9 83 4f 1e 94 d7 bf 1b 50 00 dc d1 81 34 0a 11 8b ed 2f d4 b8 ab 6a a2 86 3e 6d d4 78 fd 6b 2f 2d 0a 51 c2 bf 5c 6f 02 21 b9 ee e8 a9 bd 68 1c 3f 44 7e c3 b8 b2 eb 8f e9 8d ec a7 46 9c 3e 0e bf b2 e8 a0 88 bf 90 37 ec 38 17 c2 a4 ba af 1b 02 8c 6c 75 ba 7a 2f 13 32 f3 43 98 bf e2 eb c0 5a 2d 69 59 de 34 7f d1 bc 24 1d 00 2e 49 6c 15 83 aa e1 e5 ea bc e0 7f af 7f 60 73 bd 1d 78 98 2e 39 20 1d 9d 7c 75 3d e3 be e9 c3 8b b3 56 79 c8 b1 87
                                                                                        Data Ascii: n]kTm:U,9Ox6*Ns x6>89!)u`6kT~k62SOP4/j>mxk/-Q\o!h?D~F>78luz/2CZ-iY4$.Il`sx.9 |u=Vy
                                                                                        2023-09-15 03:49:53 UTC2016INData Raw: bc e8 3e 40 89 ef 6c 61 b4 04 61 52 28 bf 9c b6 01 57 69 53 be 4e 6b 98 45 ad 49 40 fc 96 bc 92 bc 57 47 23 f2 7c 95 11 35 31 6d 86 29 bd e6 5e fc 36 3c 5b 39 c2 6e 9a f5 f5 e4 40 dc c5 6e 57 3d 7d f9 12 dc c9 72 76 f1 36 3f 60 94 36 97 a3 20 77 f5 52 fd d8 4e 7a ac 9d 40 7b a4 b2 73 e2 ad ad fc d3 fd 8c 01 1b e8 7d 6f 1b e9 0d 57 b3 b0 d7 60 79 b0 fd 03 1c 6a 99 69 33 91 ff 4f 11 a4 ee 5c c1 ed 9d 39 28 7a ea d2 52 bf b2 eb 11 b8 4d 1b 99 b8 37 62 73 a6 3d 6a 03 82 7c 60 96 48 1c 00 93 c4 99 5f 2b b7 38 8a 42 af a4 bf 0b 83 47 0c 07 cb ba e4 54 98 bd e6 44 a0 86 ad 66 b2 7a 6f 54 98 2d fe 17 a8 34 38 03 90 84 38 37 f8 f7 28 37 08 fa 8f 13 48 b5 9f 30 47 c8 63 a3 c0 a5 64 03 ab ec e5 0b 18 cf 4f 28 62 c0 6f 15 8b 50 98 c8 53 b0 ec 33 43 b2 11 1b 05 3c 13
                                                                                        Data Ascii: >@laaR(WiSNkEI@WG#|51m)^6<[9n@nW=}rv6?`6 wRNz@{s}oW`yji3O\9(zRM7bs=j|`H_+8BGTDfzoT-4887(7H0GcdO(boPS3C<
                                                                                        2023-09-15 03:49:53 UTC2032INData Raw: 83 8c 6f 12 88 bd 6c 23 b8 17 68 23 b8 b2 5f 13 a7 8d 6f 2c 88 bd fd 6c 88 bd 90 b7 08 80 4f 6d 08 80 cf 68 b8 ad df 78 88 bd 15 63 84 e8 1f 13 e8 8d 6f ff 08 bc 2f a3 b9 dd 39 66 c8 bc 5f 13 88 8d 6f f3 88 bd 6f 52 88 bd 18 71 b8 bd 1d 23 b8 89 5f 38 bd ad cf a3 bb 42 6c 13 a8 e7 ef a3 b9 6d d0 12 0a bc bf a3 b9 bd 75 6f 0f bc 4f a3 b8 08 6e 0f 94 b8 3b 03 d8 05 6e 93 00 bc 03 a2 b9 c0 04 2c b1 8c 66 ab 08 bc ff ac b9 0f 6e 1b ae 90 1f 10 08 b1 8f e3 b9 1d 17 13 14 ad af 23 b8 08 6e e3 88 bc 3b e3 b9 dd ff 97 b8 ad 4d a3 ed 8c 6f c3 1d 0d 6d 8f 88 bc 4f 6c 8b bc 8b a3 b8 f7 1f a3 b8 2d 5f 13 18 3d 18 11 94 2d 41 16 a8 0d 1f 10 68 3f 9f 17 88 3e 6f 03 fa 6d 37 27 80 9d 0d 13 d1 c9 02 72 c8 9d 47 39 b8 93 0d 7e c8 86 45 3d dc 95 06 71 91 8c 70 67 88 be 1f
                                                                                        Data Ascii: ol#h#_o,lOmhxco/9f_ooRq#_8BlmuoOn;n,fn#n;MomOl-_=-Ah?>om7'rG9~E=qpg
                                                                                        2023-09-15 03:49:53 UTC2048INData Raw: b0 6d d4 17 69 bc 6f fb 76 b8 5f 03 f8 72 6a a1 b8 10 6b 41 eb bd 2b 40 ff f6 44 9b 92 8d 6f fb f4 03 40 a0 4e 45 41 17 70 b7 5e 11 db 87 33 43 ca bd 00 74 ca dc 02 33 fe d4 6f 7f dd ce 33 5c c8 d8 01 13 fb eb 33 71 d1 d3 33 7b b9 3d d5 74 cd d4 5f 2a 81 93 67 63 dc df d4 84 80 dd 6a 03 14 cd 45 a0 be 48 69 93 48 bd e7 27 b9 46 9e 12 0d bc 90 13 b8 0f a5 e2 ab 85 6c 21 b9 ed 0e 16 a8 05 13 17 70 4d 6f c3 df 89 6e e2 b9 c2 6b 13 b8 84 6c 12 b8 e1 ba 62 ba 96 14 17 a8 4d 6f 0b 8c bc 9d 12 15 c2 6b 13 81 be 6e 13 c0 cd 6d 5b 80 bc 9a 22 ac e5 9f 13 dc 8d 6f 26 b1 8c 6d f7 7e 6a d5 17 c1 be 6e 13 2c cd 6d 87 80 bc de 0b 42 19 9f 13 0c 41 6b 62 ba cc 69 ee bc 04 6c 46 b9 bd df 63 ba 59 d3 1a 4c 4c 6f 3f df 0a 6b 22 ba 02 66 13 b8 c4 6c 12 b8 71 c2 63 ba 8d 1f
                                                                                        Data Ascii: miov_rjkA+@Do@NEAp^3Ct3o3\3q3{=t_*gcjEHiH'Fl!pMonklbMoknm["o&m~jn,mBAkbilFcYLLo?k"flqc
                                                                                        2023-09-15 03:49:53 UTC2064INData Raw: b8 d8 01 13 fe d4 0a 7f dc bd 20 75 ee d4 0a 64 fb d2 e7 67 d9 d3 ee 30 ec d8 17 92 f8 bd 38 61 d9 cd 22 7c dc d8 35 60 30 b4 29 11 1c 3d 68 5a 38 38 0a 13 fe c8 03 7f f4 d8 01 74 fc c9 07 94 bf ea 06 77 b8 ba 6f f1 ec bd 39 57 dd cd 6e 16 3b b0 6b 15 b8 f9 0e 67 d9 e9 16 63 dd 8e ee 3a 38 fa 1b 76 b8 24 ee 16 e0 f0 2f 5f e8 dc 0c 78 dd 3c 42 41 b8 d8 09 76 ca d8 01 70 dd b9 2d 7f b8 b4 38 7b d1 c9 0a 13 b8 e4 2c 71 fb cf 3f 7c 8a ce ef a2 d7 d3 eb 0a 3a b4 3c 66 f8 df 1c 72 d5 cd 03 9a b1 fe 6f 7c dd db 09 7a db d4 0a 95 d6 3d f1 93 1b f0 0e 6b eb 7c 67 53 dd eb 0e 7f cd d8 af 10 d1 b3 01 d9 bb 7f 6d 95 8e bd 2a 6b cc b1 1d 72 bb b8 ac 2d d9 cf 08 76 f8 c9 3f 61 d1 d3 1b d1 cc f9 2f 7c cc ef 0e 7d df 7f 5f 5d 79 bf ec 5c de f4 01 78 7a b7 af 12 36 f3 2f
                                                                                        Data Ascii: udg08a"|5`0)=hZ88two9Wn;kgc:8v$/_x<BAvp-8{,q?|:<fro|z=k|gSm*kr-v?a/|}_]y\xz6/
                                                                                        2023-09-15 03:49:53 UTC2080INData Raw: f9 b5 63 98 06 4f 77 08 33 ed 7f 07 33 f5 ef 9e b2 fd 7b ca e3 b9 6c 03 9c 4c 6e 57 e9 b1 38 43 61 9d 34 1b 50 1e 68 51 af ea 7f 13 61 ef 63 98 ff b9 e4 5c b8 ad b6 47 b0 b1 e4 44 bc f1 e4 54 28 bd 3f 36 3e bd 4b 16 a9 dc fb 17 50 64 73 19 68 a8 eb 17 a4 8d 3e 98 2e b5 ed 0c 87 a7 4b 43 3c 36 e9 52 b0 ed 87 60 df 2d 75 1d 3e cc 6d 23 bb 2d 6c ca bc ac e4 99 7a 7d 2f 4b 98 a6 b6 17 f9 2d 6f 15 88 dd 2e 22 b8 89 b3 db 61 7c 7a 83 f3 7c 5f 12 84 4d 6f 2f 50 94 88 43 a6 78 6f e1 fb 53 b7 f3 ba ad 38 d3 ba 3c 0f 5c 60 c9 4b 3f c2 aa b9 11 d2 bc b7 11 53 da 6e f9 c8 af 29 17 58 3a 2c 1e 49 bd 4e 1f 56 64 7e 79 68 85 16 d1 b5 a1 65 67 b5 ed 61 85 b5 c9 62 ca f0 55 05 13 c4 b0 f4 75 c0 b0 b6 b1 b9 2c 62 4f 9c e1 2d 1e e9 f5 62 d9 80 f5 62 27 c9 b6 87 47 4b b5 ad
                                                                                        Data Ascii: cOw33{lLnW8Ca4PhQac\GDT(?6>KPdsh>.KC<6R`-u>m#-lz}/K-o."a|z|_Mo/PCxoS8<\`K?Sn)X:,INVd~yhegabUu,bO-bb'GK
                                                                                        2023-09-15 03:49:53 UTC2096INData Raw: 50 a4 ef 37 39 e2 d6 13 a4 a5 6f 9b df bf 09 96 e7 8d ee 54 b8 41 3f fb 32 04 7e 13 3b 79 ab 1f 38 a6 a8 12 88 bc 73 93 3d bd 2a 1b 31 ff 6b 90 c5 ad e7 13 cd 97 ee 38 47 a8 cb 92 fb 9d 3a ef 31 ff 67 92 9b f5 6b 57 3b 74 ee 8a 31 f7 6b 12 bf f0 2f 1f 31 f5 63 f8 aa bf 73 1f bb bc 7e 93 8e e8 7f 9a e9 b1 ec 13 c5 a9 6f 67 a7 36 2a 07 b9 3d 67 90 79 ad e4 03 31 ac 6f 98 e8 b9 e6 42 bc 36 3f 13 b0 34 3e 1b 33 fd 63 9a f4 fc 63 91 c7 3c ad 52 98 3f 4f 0b b0 34 2d 37 3a 9d 73 9a e9 95 18 10 d9 30 d0 90 38 be af 1e b8 89 a6 78 b0 bc bc 78 d2 42 07 53 3c ef 6f 17 dc 1c 2f 1f b8 ed 3e 90 54 bd 77 40 ee ea ce ab 0e e4 6f 13 8b 78 3f 9e fd 49 0b 11 1b bc 69 9a dd 4d e6 5e 64 bd e4 56 64 36 27 37 31 f0 6f f7 33 e8 8b 41 50 38 d7 50 b9 fa 2f 2a 64 7a 2f 37 b9 b4 e4
                                                                                        Data Ascii: P79oTA?2~;y8s=*1k8G:1gkW;t1k/1cs~og6*=gy1oB6?4>3cc<R?O4-7:s08xxBS<o/>Tw@ox?IiM^dVd6'71o3AP8P/*dz/7
                                                                                        2023-09-15 03:49:53 UTC2112INData Raw: c5 ba 45 7a b7 97 a4 ec 9c 4d 4b 82 45 94 f9 5d 47 94 96 4b ce 37 90 3a 42 b9 10 ec 91 48 6e 92 15 41 87 fb 67 b5 7b ac 48 0c 48 cc 05 41 32 dd 39 42 6b e9 7b 40 64 c5 f5 42 64 e3 ba 56 6b 30 98 a4 63 33 a1 b5 ab bd 0c d3 99 61 ba b5 5f 11 44 36 7e 41 47 a8 61 9b 68 bc 69 17 4f c9 e4 1b e9 42 f3 06 98 0e 6e ec 0e 68 42 46 b0 8d 69 0e 0b bf 73 67 bc 54 e4 ef be 55 12 00 9f 88 7a ef ae 49 6e 1e ac 42 6e 90 54 97 67 e3 8f d5 bf 1c c7 dc 6d fb 81 be 3f 0d 19 06 98 cb 31 f8 93 66 b8 b7 07 16 f8 bd ef fb 7c 3d 15 ec 47 8e a6 66 61 bf 66 5a 88 95 0b 8d 08 99 87 0d b9 6f ab 15 b0 5a 6b e2 bc 8e af 90 c5 b5 1f 13 b7 28 af e7 3b de 44 02 b4 81 63 a6 eb 5c 6d ef a6 3e 83 03 31 bf 22 33 87 b5 6f 66 bd 3e a7 9b 47 56 0f d3 9e 55 2b 6e 38 94 2b 56 40 0d 5f 13 c4 b5 7f
                                                                                        Data Ascii: EzMKE]GK7:BHnAg{HHA29Bk{@dBdVk0c3a_D6~AGahiOBnhBFisgTUzInBnTgm?1f|=GfafZoZk(;Dc\m>1"3of>GVU+n8+V@_
                                                                                        2023-09-15 03:49:53 UTC2128INData Raw: 91 8b 0e 54 01 26 9d 09 4a bd 49 73 8f 4c 01 98 30 8c 6d 76 48 af fb e1 aa 41 e6 c1 bd 3c 6e 93 c7 3f 6f ec 3b 45 26 31 ba 2e 2d d3 bd 7f 69 67 2a 94 2f 17 3b 07 dd 05 cc a0 66 15 02 25 6c 15 7f bf 76 51 bb 4b 0c 75 4d 93 07 ec ad f9 ad 3b b0 c5 1b ea e8 15 be e7 e8 1b fd 03 ca bd f7 62 b8 42 2d 76 4d ff ae ee e9 bb bf ec e9 41 09 de 8e b3 3a 5b 42 ee 37 ec eb 47 3c fb 7d b5 6d ec 47 ac 3b fb e4 bc 90 95 47 fb 09 51 ed 55 f6 18 b8 9d 2c ab 70 38 a6 73 a6 dc e9 33 b9 9b 8f 12 4f 82 3b 2c ec 43 66 7e 47 b4 90 12 47 bc 9d 03 a6 0c cf 1a f6 1c 9b 12 e8 8a 90 66 a9 26 fe 10 d8 fa 27 53 bc cd 7d 9a fd 5d e2 62 49 b7 93 fb ae 5d 62 20 bd 45 6b 22 7b 62 2e e5 bc 05 5f 9c f9 7f 6e e6 ba 7e 6a 1a 41 c2 67 fb c6 5a 62 52 40 b8 49 f2 98 ac 7e 1a b5 a9 4f 81 31 f5 89
                                                                                        Data Ascii: T&JIsL0mvHA<n?o;E&1.-ig*/;f%lvQKuM;bB-vMA:[B7G<}mG;GQU,p8s3O;,Cf~GGf&'S}]bI]b Ek"{b._n~jAgZbR@I~O1
                                                                                        2023-09-15 03:49:53 UTC2144INData Raw: 4e 79 2e 66 88 b4 b6 16 00 3e 6e d5 b3 41 87 51 fe 9f 68 e7 50 23 96 42 e3 49 23 fb ce 12 68 ed bf 3f 6a ec bf 55 45 5e 4f ba 4a ea bf 65 9b 14 bd c7 ca e3 bf 6d 91 14 7e 66 9c 14 a6 49 68 cd 4e cd 17 ec bf 41 00 ef bf fd 3f 07 2a b8 32 30 bd ce 4f 16 a7 ab dc 12 cf 5f 69 eb 30 55 c0 eb 59 bb 97 fb 3f 52 69 a2 45 b3 97 fb 2a 3d 40 ea be 97 58 65 fa 7a cd 1b 4c 66 2a e7 6b 91 93 7b 50 48 b5 00 be 90 f2 16 4b f5 e0 16 41 f5 57 ec f0 f0 ab d4 fd 61 2d d7 38 82 a8 56 58 55 0d 13 5c 99 7f 15 d9 bd 87 2b da bd 83 73 b1 df 6f e3 34 dd 6f 42 33 79 e6 53 dd 75 3f fb 1a 65 ae 50 78 1c bf 7a e9 55 89 c9 09 bd d3 c7 f0 f1 07 a7 d8 bf 3e 78 e7 b3 7e 59 60 bc 5e 12 53 b4 e4 46 60 3e ad 11 b9 ed 04 90 c5 65 69 60 e2 bd e4 56 60 36 23 96 64 ec 6c 92 7d ac 85 fb da af 90
                                                                                        Data Ascii: Ny.f>nAQhP#BI#h?jUE^OJem~fIhNA?*20O_i0UY?RiE*=@XezLf*k{PHKAWa-8VXU\+so4oB3ySu?ePxzU>x~Y`^SF`>ei`V`6#dl}
                                                                                        2023-09-15 03:49:53 UTC2160INData Raw: 53 42 4f e4 18 ae 75 92 bb 02 ef 75 3e a2 97 17 78 e3 90 33 40 bc 3e 73 92 ce 90 12 4f bc fe db a8 b0 90 12 4e bc ae 1c 47 95 98 12 40 0e 9c 19 b0 ed 05 13 14 d5 75 32 bb 6d 6f 02 b8 c0 1f 82 ed c6 82 84 44 bf 77 ec ba 42 6d e2 ba ec ca 1b 00 ed 07 00 47 bf 90 11 40 bf 7b ec ba be 90 11 4c b5 79 a4 b8 ed 05 13 d0 8f 6b 13 b8 bd e4 5e 44 36 7e 41 47 a8 6f 63 02 ee 6f 98 5d e0 ad 1b bc bd a3 1b b8 e8 e4 ff e9 ef e6 13 3c f8 67 12 04 84 46 af 33 9d 22 1f e9 d5 7e 12 da e8 93 7b 33 bf 3f 14 da b5 67 71 bf 92 4a 13 47 42 6f 13 b7 0a a7 98 a8 e8 63 92 5a be 64 d1 79 5d bf 03 b3 75 3e 13 c0 af 7f 6b ba fb 26 17 87 d7 6f 13 9c e6 6e 13 9c f8 bf ef 33 b5 3e 15 9c 7e 69 0c b9 2c 43 7b e8 bc 4e 30 07 b1 ef 4c b0 ec 33 7b e9 3c 77 8c e7 39 40 47 1e 92 22 53 44 55 5e
                                                                                        Data Ascii: SBOuu>x3@>sONG@u2moDwBmG@{Lyk^D6~AGoco]<gF3"~{3?gqJGBocZdy]u>k&on3>~i,C{N0L3{<w9@G"SDU^
                                                                                        2023-09-15 03:49:53 UTC2176INData Raw: b8 79 6b 38 48 3e 81 12 ee 65 e2 9e c0 5f 44 30 bd c1 cf 65 18 b6 2a b2 a2 28 ce 13 31 28 3b d0 93 bb f3 98 3d 9c 6e 53 9c 5f 6b 97 9d b8 63 0a 19 ba 87 06 9a a0 4e 10 e9 55 76 4b 44 b4 6f d0 93 9f 6a e9 78 e4 a8 8f 3d c9 2f 12 31 49 6c 20 46 3f 8f 01 23 df 6c bb c7 e3 4f 95 78 c2 0b 61 5b 82 c4 ed 81 4d 44 9e 41 96 23 ea 93 51 86 38 f6 05 ad 0a e9 bd 8e 38 79 9b 8e 38 24 22 8d 38 e9 bd ef 0f 19 bc 8b 38 8b 89 5c 50 e8 4d 07 12 ba dd 21 c3 29 aa fa b0 ba b9 3f 3f 35 30 cb f2 b2 22 7f 17 ff e9 46 15 9b 3c 6e 42 50 08 dd 16 18 0a 2d 0a e9 bd cf 30 db bc 07 60 bb da 6f 28 9d 1d 6d db 59 ad c4 b2 4c ea fa d7 0b 4c 43 f3 de 36 7f 13 b7 09 06 a7 aa b6 7e 42 b8 34 e2 a3 3b aa 6d 98 2d cc fe 13 ea d5 bb 33 b1 9d 30 50 a0 7d 06 b1 ae f3 47 c2 a2 11 bd 09 e9 bd e6
                                                                                        Data Ascii: yk8H>e_D0e*(1(;=nS_kcNUvKDojx=/1Il F?#lOxa[MDA#Q88y8$"88\PM!)??50"F<nBP-0`o(mYLLC6~B4;m-30P}G
                                                                                        2023-09-15 03:49:53 UTC2192INData Raw: d9 9d 3a 9f 50 f9 08 93 a7 dd 4f 7b 78 8e 92 92 f9 f1 2f 57 3b bb 05 59 bf 9e 69 ea 99 bb 2a 9b 90 fe 5a b6 9b bb e1 34 be d5 94 51 93 39 27 38 82 ad ec 17 d1 3c 6b 36 a6 9f fd a4 37 8d 91 ec d0 75 29 08 1c bf 3e 62 f3 1c 74 56 ba 51 2e 11 26 ca 2f 11 bc bd 05 0e d2 d3 05 1f d2 b4 6c fc 9f 3f 6b ca 1f 40 90 7b 44 88 cd 1c 38 15 60 81 78 b3 cf 1c 53 8f 04 bb b7 9f cb 2a 19 b2 8f bb b7 1f 6d c0 12 cd 27 1e cf f2 62 83 39 b9 01 52 b5 0f 95 52 b5 30 13 f1 f5 1b 62 37 1b b0 c9 6e 11 b0 cd ab 73 33 cf 1e 40 15 62 3e 1a bf 0a b2 b5 dd 43 7b 18 b7 6f 7b 92 63 ae 54 bd b8 6b 6f b9 b9 bb b5 dd 9d 62 f9 99 b0 fa 6b 3a dc 49 1e 02 26 2f 1f 98 b0 7c 3a b5 9f a7 d2 6e bd 33 5f ac 3a 48 1e 1a bf b4 37 b8 e5 6b 37 d0 49 2f 1f d0 10 ce 8a 8a d7 05 19 d7 e9 4f 52 bd 2d 0f
                                                                                        Data Ascii: :PO{x/W;Yi*Z4Q9'8<k67u)>btVQ.&/l?k@{D8`xS*m'b9RR0b7ns3@b>C{o{cTkobk:I&/|:n3_:H7k7I/OR-
                                                                                        2023-09-15 03:49:53 UTC2208INData Raw: e3 75 64 98 af 8b 79 8c af 34 78 cd 19 b6 e2 04 45 bf 22 86 af a4 f0 04 32 aa 20 c3 28 aa f1 c8 70 b6 e4 04 ab 22 78 9a af 7c ce 18 35 aa f5 53 2e aa 7f 8c af 37 78 21 69 2d 78 a5 59 1d 6f 80 af b3 f0 04 31 aa cb b2 b3 e8 e2 04 3b 15 64 7b 32 aa 5a b3 b3 c1 5a 18 b6 81 2f 11 c7 a2 61 16 b6 be bd c6 a8 b3 7d 05 b6 90 60 1d 8b a2 61 1a b6 e7 bd 02 b6 1c ef 13 bd b3 0a 19 b6 99 ba 12 b6 ef 65 1d 92 bc 61 2c a7 b3 6b 1d 2c 3c bc 1a b6 ba 6d 1d 53 8e 57 d2 a4 bd e4 d2 5b 98 53 17 be bf 5c d3 d5 1c b2 0b 7c 59 87 ca d9 7f ba fb 5b 3b 5d 81 42 5e 6e dd 78 b6 97 f0 39 7e 6c e3 b9 42 1e ff d2 42 07 04 0e b5 3d 13 dc 0c 7d 13 e8 ec ce 13 00 0b 36 13 8b 78 3f 9e a8 f8 9b 77 1b 9c 6e 9a f5 4d 6a 53 b5 b2 ff 13 d0 7d 09 52 b8 ad 05 10 d0 79 ff 18 33 f8 9f 13 bd 11 e6
                                                                                        Data Ascii: udy4xE"2 (p"x|5S.7x!i-xYo1;d{2ZZ/a}`aea,k,<mSW[S\|Y[;]B^nx9~lBB=}6x?wnMjS}Ry3
                                                                                        2023-09-15 03:49:53 UTC2224INData Raw: b9 76 92 ec 51 74 c7 11 6f 3c 71 bc ba 1c 6d 05 19 bf f1 bb ba 8c 4f 57 cd a7 c0 11 4c 55 44 b3 ba 56 31 65 cd bf de 32 c7 bf 1e 11 fb cc 6d 5d 17 c8 6d 22 9b c2 6d 62 ba e6 1e 11 9e c8 6d 9a 09 99 1a 0b c7 bf 9b fb cb cd 6d 28 67 ce be 60 1b 62 1c cc cb 68 1c e7 50 d9 d5 d4 77 a0 86 cb a7 1e cb 6c b7 fa c0 6c 17 c2 c9 6c 4c 55 64 fc a7 bd 13 fa c1 a2 cc f6 16 72 64 dc b3 1f 69 29 0d bd 3e 98 f5 49 87 fe 7f 40 6f ec 33 e8 77 9a ba 3e 12 13 44 bd 1b 19 00 bc 6f 13 b8 bd 86 08 bc bd 6f 92 c5 b9 63 02 b8 8d 1a 45 33 f8 7f 13 9d 42 90 13 b8 b2 d8 db b0 3c 96 07 b8 d9 1a 50 7f f8 6d ef b9 21 e2 46 44 ef e4 56 38 a9 3f 98 f5 ad ee f2 b9 f9 6f 42 33 e8 7f d2 52 ad ee 39 5a bc 77 41 b9 01 a1 12 04 f0 77 b7 31 bc 66 af 04 be 68 af ed bd 5d 52 bb 92 60 a4 7a 80 78
                                                                                        Data Ascii: vQto<qmOWLUDV1e2m]m"mbmm(g`bhPwlllLUdrdi)>I@o3w>DoocE3B<Pm!FDV8?oB3R9ZwAw1fh]R`zx
                                                                                        2023-09-15 03:49:53 UTC2240INData Raw: f5 65 bc 11 3b 7c 3f 53 50 d0 5b 1e b8 be 5e 28 64 10 58 12 dd 8f 6e 53 84 5d 5e 1c 6c b7 09 1b ac 34 2d c3 82 a5 e6 59 b4 f5 e2 86 e4 35 68 e2 48 3e 68 83 ed 3f 68 87 3a ba f7 91 bf 21 ed 14 5c b8 ed 14 50 6d e9 9a ed 51 e4 56 56 a5 9f 50 a8 fa 9d 0a 5c fd 6e 81 8f cd 6e 03 a8 3e af 12 88 fe e4 5e 10 39 ec fa 18 bc 9f 9e ed b1 9f 0b 3a a1 3f 7c 0c 55 81 73 44 3d 60 90 1b 81 db 19 80 55 a6 d6 44 ec 19 51 b4 dd 1d a7 50 f1 cc d3 b8 42 7f 06 fc 07 3c 43 d9 9d 6f 67 28 ea 90 06 60 2d 29 98 2d 6c 6d 33 83 ff 6b 66 9b 38 6c 3f 50 f9 4f 4c 1a c6 db fb af fe 6c 8f a2 0d 2e 5e 30 4d 3c 37 ba 8d 87 ee 8a e3 4b 11 4c 1f 40 11 99 bf 5b fb f2 67 4a 11 69 97 6d 79 b8 5d 5f 56 12 a5 df 30 ac cd 4b 03 98 b1 63 41 ba 2f c4 40 ba ad de 53 b1 f0 e7 21 b3 b3 f7 94 bb ce 65
                                                                                        Data Ascii: e;|?SP[^(dXnS]^l4-Y5hH>h?h:!\PmQVVP\nn>^9:?|UsD=`UDQPB<Cog(`-)-lm3kf8l?POLl.^0M<7KL@[gJimy]_V0KcA/@S!e
                                                                                        2023-09-15 03:49:53 UTC2256INData Raw: fd ef 97 b3 91 f0 97 c3 98 34 ef 35 ed 2d 97 28 ad f1 0f 12 cb ab df 34 24 3e 57 23 90 1d 6c 01 97 ff 4f 23 90 b3 b9 20 90 7d 64 e6 c0 49 e4 6e 00 bd 22 e7 50 52 6e 13 b8 36 6f 56 4c 36 27 27 31 f0 97 13 33 e8 97 9a ed 41 ec 6e b8 41 6f 67 b7 d7 6e 98 f5 bd 93 fb 08 bf 6f 13 31 f8 ef e3 53 ba a8 56 48 bd 6f 13 b2 36 6f db b4 bc 73 f6 e5 7e a3 12 bc bd 3a 98 54 3e 83 1f 31 b9 22 e7 b8 33 ec 6b 94 bd 1b 31 f5 bd 25 98 e9 91 6f 87 33 f8 2f ef 3b 85 6f 67 84 bd fb 90 f8 c4 7f 13 cc a9 e4 13 9e ff 6d 03 b8 a1 e4 42 a8 36 6f 41 98 36 27 1b 47 6c 6f 00 7f ff 65 03 b9 e0 05 13 32 41 e4 5b 98 ac 6d 00 3b 7f 4b 13 f9 56 d3 b2 b0 f5 40 49 b8 3e 97 f8 b1 36 4f 5e 40 3e ae 17 bb 1a 54 06 3a f1 6f 05 cb ab e4 56 40 bc 0e 15 b4 bd 55 13 af ac e4 51 98 42 07 c3 53 6b 6e
                                                                                        Data Ascii: 45-(4$>W#lO# }dIn"PRn6oVL6''13AnAogno1SVHo6os~:T>1"3k1%o3/;ogmB6oA6'Gloe2A[m;KV@I>6O^@>T:oV@UQBSkn
                                                                                        2023-09-15 03:49:53 UTC2272INData Raw: f5 75 ee d2 54 e1 6c 13 18 55 f9 2d 45 42 6f af 64 bd 50 13 50 55 66 77 bf bd a8 56 ba 41 6e 7b d2 bb e4 5e 58 55 eb db 15 bc 3f f7 d0 bd 6d 13 f0 bd f2 9f b4 bd ec d7 bc 34 6f 56 6c 7b 2a ef b9 3e 12 13 6c bd 1b 23 e9 36 a3 9a b8 d8 bf 42 35 f0 b3 fb 64 bd ae 14 b8 36 a7 fb 6d 78 6d 14 b8 8f ab 98 ed 59 3d 98 98 f0 bb fb 8e 76 6e 1d 78 36 6f 56 78 34 2a af 53 ba a8 17 fd 01 6e 4e 33 f0 d3 9a f5 bf b7 13 fe bd e4 46 60 ef e2 93 f5 51 87 cd 78 ba 6f 93 bf ad 6d 9e fd 51 6f 56 70 36 26 13 9c 55 14 c3 45 42 a8 56 d6 71 ee 04 39 a9 ee 01 a0 3d 5e 13 e8 42 64 13 b8 bc 56 1a b9 84 2a df 33 f0 7f e7 dc 34 62 92 ab e4 e4 f6 2e e0 ec b5 3d 1a cf 9a 1f 81 39 03 10 bc ef 5e a8 34 2a ff 33 f0 63 13 39 5c 90 ec b8 bd 60 a4 b0 6c e6 46 b8 2a 83 13 cd b7 0b ab b9 bd 7e
                                                                                        Data Ascii: uTlU-EBodPPUfwVAn{^XU?m4oVl{*>l#6B5d6mxmY=vnx6oVx4*SnN3F`QxomQoVp6&UEBVq9=^BdV*34b.=9^4*3c9\`lF*~
                                                                                        2023-09-15 03:49:53 UTC2288INData Raw: a9 f4 9c 73 7f 38 5f f3 b8 2c 6a ab d0 a5 8a 52 9d 7c 6d 23 bb ad 0f 13 18 ec 87 88 6c 47 8f 16 50 6c 67 71 2d ec 6f 9a 2d 59 3f 13 2a a0 e2 22 29 bd 87 f9 f6 ac 2e 30 bd 63 25 8e 29 99 7b b3 b8 7e 51 32 bc 55 c6 13 ba d1 ec ae f9 bc ef 3e 9e 9d 45 d7 ba fc ce d3 ba 38 af 66 b7 59 6f 91 5a bd 7f 67 bd 54 9f 03 a8 30 ea 73 cd fe 67 3b 19 bc 48 90 b3 6d 08 f1 b8 65 2e f3 b8 3e 97 10 c6 e9 9b 13 70 d4 9e 13 50 be bf 11 b0 9c 64 47 b9 9f 75 c0 39 b6 8f 91 b3 ec 6f 9a 2d 61 66 90 b3 b8 e4 31 a0 3e a7 12 31 34 ed 13 33 30 ee 12 31 30 b7 43 b8 2d 84 57 d0 9d 5e 03 35 b9 4e 17 8c 12 23 f2 b4 69 4d 17 e9 bd e6 86 ca 6d 7e 0f fd 41 7f 56 98 a7 3c 17 ba 9a 3a 17 09 bc 3c 17 33 28 3e 13 31 28 dd 1f f8 b9 e4 96 e9 bd df 1a a0 ac 6a 45 85 ad 6a e3 bb b5 9e 10 35 4f 6c
                                                                                        Data Ascii: s8_,jR|m#lGPlgq-o-Y?*").0c%){~Q2U>E8fYoZgT0sg;Hme.>pPdGu9o-af1>143010C-W^5N#iMm~AV<:<3(>1(jEj5Ol
                                                                                        2023-09-15 03:49:53 UTC2304INData Raw: fc b6 6f 93 8a 7a ea 83 3e a8 fb 46 be ae f7 35 b9 21 49 12 18 9d 6e af 92 bf ee 06 1c 7e 7c b6 78 bd 6e d5 ec 38 c9 b0 b9 1a ec 06 10 7e 7c ba ad 3e 7a b9 1b bc c4 52 bc 36 7a bb 1d 1f 7d bf 38 bc ce bf ba aa df 11 af 37 df 11 af 09 ee 06 33 a8 db b1 ad 99 fa ab 1d a8 ea a9 98 bc 3f fb ec e7 da b7 ad 51 c9 06 48 9b 7c e7 2d 9b 6e eb 9e bc 93 55 93 bd 91 f1 ab d7 6e d0 b8 bf ac 13 bb 7d 6f b3 ad b9 34 d3 b8 5d 7c 16 78 bd cf 06 be 1e 6e 14 e9 fc 6b 98 b5 05 ad 01 b0 3d 6e 98 2c a8 d3 31 af b1 0f 12 19 7d 4d 04 fa ad 2f 12 de 36 62 d7 1a a8 e2 35 ac 1d 6e b1 ad 28 79 33 b9 ef 87 a7 14 09 cb 06 f0 7d 6e b0 ad f1 ee 19 6d 9f 7c 43 9e bc 3b 35 b9 e5 4f 12 1b a8 c5 4f 5b ae 32 d0 b8 e3 ac 13 e7 1e 7a b9 d8 5e 7c 72 1b a8 0d b0 b9 de 2e 17 2c 1c a7 b1 aa d9 ee
                                                                                        Data Ascii: oz>F5!In~|xn8~|>zR6z}873?QH|-nUn}o4]|xnk=n,1}M/6b5n(y3}nm|C;5OO[2z^|r.,
                                                                                        2023-09-15 03:49:53 UTC2320INData Raw: ba da 55 32 04 30 2a d3 e8 55 5b 8b 4b 8c 4e a7 88 bb de 3e 62 2d 7e 2b 99 7d 87 f8 d8 b9 e4 46 50 3d 54 46 b0 c8 57 fb 86 4e 6a 81 97 fc 68 d1 98 8f 12 6f b6 7c 6f 1d 0d 7d 6f 43 68 6d 65 90 c5 55 6f 37 c4 b3 0f 05 fd 55 bd b3 23 8f 4e 22 b2 05 87 a0 5b a0 53 d1 bc a6 df 7a 4b a9 c9 ea ac 49 54 f7 01 bd aa 43 35 f8 9b 77 1b bd ee 13 b8 34 22 df 7f f8 bf 12 f0 bd 87 ff 5a 42 90 9a fd 4d 6f 90 c5 4d 6f 66 bf 8e af 13 51 c8 6e 13 b8 36 2a 1b b8 ed e2 5e 54 ec e4 5e 48 bd 87 4f 9c bb 6f d4 fd 41 6e 12 14 d7 6f 9e f5 5d 87 68 b8 3c 69 13 7e f8 93 12 33 bd 3a c3 3b 77 6e 9a ed 6d 67 9e fd 5d 6e 49 50 9f ed 15 b8 bd 60 a5 70 38 a6 67 a4 b8 6e 0f 8b bd 73 98 70 55 63 96 b8 bb 6f 96 78 c8 66 d4 fd df a7 13 e1 bd 84 14 b8 b5 6e 5f 32 9d 3a db 30 e8 88 17 e1 36 2a
                                                                                        Data Ascii: U20*U[KN>b-~+}FP=TFWNjho|o}oChmeUo7U#N"[SzKITC5w4"ZBMoMofQn6*^T^HOoAno]h<i~3:;wnmg]nIP`p8gnspUcoxfn_2:06*
                                                                                        2023-09-15 03:49:53 UTC2336INData Raw: 88 be 6d 46 89 91 e5 56 a8 35 6b 02 7f 8e 5d ec a7 4e 15 1b 50 ec 8e 76 39 bd 79 bb 89 b6 ee 13 c7 3e 6f ef 50 8b b9 e8 c9 de 4c 1d a7 bc 6e c6 18 d9 4e 11 df ec 03 a2 9d 9c 1b 56 59 f2 61 eb a9 db f7 98 f8 ab 60 3b 4f 32 2a e7 5a b8 19 6e d9 a3 9c 1c ca cc ef b7 9f 1d 75 46 c8 b5 ea c1 c4 4d a1 41 19 9c 6d 28 80 7f 12 5c 59 bd 3f 24 8a 99 93 10 38 f0 97 99 ed a9 e7 02 c0 98 ca 20 b9 ad 50 12 ed b1 51 12 7e ed 20 9c 85 1b 99 0a dd c8 6c 76 cd ea 05 e1 65 dd 97 90 79 fd 3e 71 d8 2e b2 1b a8 ec 90 06 94 ac 09 46 40 34 2b 51 80 78 6d 16 51 7d fc 70 3b 25 16 53 b8 3d ea c2 ba 85 3f a7 d0 ae 9e 77 2a d8 86 88 9b da e4 51 a4 8c ff 17 40 55 ae 53 af 3c 6f 98 e9 dd 2f 41 50 55 b0 d0 ad ee 01 66 e2 a6 cc 15 64 9c 01 b2 be 81 ea 12 ba 11 84 4b 1c d3 fd 9e 84 fd 6d
                                                                                        Data Ascii: mFV5k]NPv9y>oPLnNVYa`;O2*ZnuFMAm(\Y?$8 PQ~ lvey>q.F@4+QxmQ}p;%S=?w*Q@US<o/APUfdKm
                                                                                        2023-09-15 03:49:53 UTC2352INData Raw: fd 49 3f 58 78 a5 9f 11 e9 1d 6d 46 44 dd 6d 23 17 dd 6d e3 a9 9d 6e e3 90 ad 4f 03 b4 7c 7b ae 1a bc 6f b3 b9 bd 51 c3 8c 8d 67 67 8c b5 49 1f 92 fe 9c 45 a2 43 99 45 39 51 f9 a7 d8 bd b9 1a 5c 95 38 9e d8 af 58 07 b4 36 9f 4f 0c 5d e8 98 fa b5 67 9a fd 01 6f 18 33 ec 6b 9a ac e8 d7 82 b9 f5 cf 75 78 7a 2a 11 48 fe 39 e3 31 e8 83 98 3d ac 3e 10 3b 05 b3 c3 b3 bc 1a 20 de 36 2d 17 1c e4 50 cb e8 bf 6b 12 a8 20 6e 12 46 cd 0b 16 b9 5f 50 9e 61 b8 6e 4b 7f 3c 87 91 fa 4d 6f 86 4a bd 2d d5 ac 2c 72 f0 bd 7a ef ff 78 bc 9d 13 d5 79 6d e7 4d bd ac 11 3a 1c 12 e4 b9 3c cb d2 98 6c 6a 5c 6e 3c 28 d7 7b 24 5f db 50 cd d0 14 da ee 64 d3 84 9e ef 33 29 bd 87 a7 c7 38 67 90 79 8d 53 42 d0 29 be 38 2b bc 05 47 bb 98 66 50 bb 36 27 4b 31 37 33 08 c9 cd cb 14 d8 0d 6f
                                                                                        Data Ascii: I?XxmFDm#mnO|{oQggIECE9Q\8X6O]go3kuxz*H91=>; 6-Pk nF_PanK<MoJ-,rzxymM:<lj\n<({$_Pd3)8gySB)8+GfP6'K173o
                                                                                        2023-09-15 03:49:53 UTC2368INData Raw: 28 c8 6f 67 a6 3f 78 43 31 aa fd 10 09 b9 ee 04 e8 56 77 79 b8 d5 ff ef cc e8 6f 87 b9 85 e8 03 a7 2c 4e 1d e8 54 bd 33 cb d5 9f 3c b2 1c 4e 15 d6 d5 7b 65 49 ab c3 ee ae 27 60 a2 a2 ae 4f 4a ca bf 1a 1c 12 b5 2b 66 b4 fd 68 d4 fa d5 de 13 53 df 49 83 a1 7a 2f 7b f8 bb 0e 1e 33 a9 3e 47 71 b3 9e d7 aa fc 3b fa 62 f6 0e 1b 94 6c 69 7c b0 a5 5f 11 11 a0 bb f9 b3 1d 7e 09 b9 be 23 12 bb 12 4b a1 9f 0c 7f 91 28 7c 2a fb a8 ae 1e 0e 2b 5d 7f 91 b9 54 b5 f3 b1 d5 03 ec bb 6c 9e 10 ee 36 fa e1 b4 07 ca 06 69 98 c5 4b 91 b5 58 86 b3 e5 cd 06 30 cd 6b ca 2c bc b2 96 a9 d6 2f 04 e0 ec 6c 32 b7 fd 37 9a e8 e1 86 78 59 bb e3 d0 57 bb 8f 15 cd a4 07 bb 37 b2 ee 1c 72 e6 4d 31 20 91 4d d8 b4 99 4d 92 b9 d4 cf 15 3b 07 ee 13 b8 ed 77 b3 ae 3d 39 87 09 bd fe 04 a1 7c 5c
                                                                                        Data Ascii: (og?xC1Vwyo,NT3<N{eI'`OJ+fhSIz/{3>Gq;bli|_~#K(|*+]Tl6iKX0k,/l27xYW7rM1 MM;w=9|\
                                                                                        2023-09-15 03:49:53 UTC2371INData Raw: e3 9e 4f 12 bb ea 6f 10 58 c9 93 f3 cc 41 4f 90 41 8d 13 03 58 c9 93 90 98 47 56 6c bf 05 ce 07 53 c7 0e 53 39 41 ec eb f9 bc 6c 32 bc e7 da 16 bb dc 6c 16 d9 bc 6c 32 bc c7 6a 10 aa f5 6c 16 96 c8 8b 12 80 3e 12 03 a8 bd 1b 38 7b b8 44 67 a3 6c ac 16 95 c9 7d f0 bc 97 2d 90 f8 be 4d 3c bd bb 68 fa 85 bd 70 20 78 18 9c 56 50 54 2a 03 ee ad 29 f7 bc fb 62 c3 98 14 ef 84 7a 9d 12 62 7f f8 6d ff 3a b9 66 98 ed 51 ec d1 e8 bc e6 46 54 fc 42 9b b8 b9 56 a3 fd 51 12 5e fa ba cd 2f 8d fd 6d 0b b7 0a 9f d3 bc 7d 0e 03 50 9b 2e d1 b9 7d 54 e3 cd 9a 4f 1a 33 df 7e b3 d2 b5 87 02 38 bf cf 3b 52 b4 e7 25 36 9b 2f 11 33 f8 85 f8 98 9d 84 8e 51 ce ce b2 7f f8 c5 fb 72 87 03 30 bc 55 87 29 e6 b4 54 ba 5b a0 64 15 50 a0 7b e2 a5 5d 98 0e 4e 04 cf 88 7c 83 e4 71 f2 9d 7f
                                                                                        Data Ascii: OoXAOAXGVlSS9Al2ll2jl>8{Dgl}-M<hp xVPT*)bzbm:fQFTBVQ^/m}P.}TO3~8;R%6/3Qr0U)T[dP{]N|q
                                                                                        2023-09-15 03:49:53 UTC2387INData Raw: ba 04 8e 13 0f 35 4f f1 b9 34 4f 6b ba f4 4f 10 27 19 64 b9 ff 95 60 98 1c b5 ec 77 bb 96 47 1c e2 d2 0b 10 df de 6c 72 b1 d1 2f 7b 51 df c3 51 f7 19 87 ec 39 9c 2f 25 4f 9e 4f a3 7a 84 cb 41 33 df d3 1b 50 b9 bb 1a db 34 22 e7 dc 34 62 fa 59 d3 36 4d 59 c6 7f e3 c3 58 c2 72 04 13 82 33 b1 be c0 f9 37 eb 6c 83 e8 5e 6c b8 7b 34 6f 83 07 1c 6e e3 ba be bb 52 b9 0b 61 12 e6 5d 6d b4 39 bc 0f 0a d7 5d 6f 46 fb ec 79 f1 ba 32 8b 11 2f 5c 6f 5e 7a b5 ce 16 b0 ef 87 9a 1c b5 cf 86 ee c3 ca 1b f8 25 4d 51 ff b5 2f 79 b7 e8 ae 12 ab bf 50 ef 78 d2 29 b1 be ee 82 77 b1 86 0c 1a 18 92 77 f1 ba 5f 6e f3 ba 43 4c f1 ba 5c 6a 73 b7 5d 6d f1 b9 5c 44 f6 ba 54 4d 01 45 44 46 02 47 1f 6e 73 bb df 4a 7e 52 7a 9b 52 bb fd 42 8f 58 bd cd 64 cd 26 cf 7e 58 bf b3 f1 ba 9d dd
                                                                                        Data Ascii: 5O4OkO'd`wGlr/{QQ9/%OOzA3P4"4bY6MYXr37l^l{4onRa]m9]oFy2/\o^z%MQ/yPx)ww_nCL\js]m\DTMEDFGnsJ~RzRBXd&~X
                                                                                        2023-09-15 03:49:53 UTC2403INData Raw: ab d2 6f 44 40 a8 2f 11 46 a8 03 80 99 bf 9c 06 8b 71 98 06 ab d6 90 06 43 42 7a ee ad 52 2f 45 47 a8 90 06 47 a8 9d 06 b0 24 d6 0f f8 bb 98 ea d3 7d 79 0f fc ab 9f 06 43 6c 26 e9 32 f0 c5 e8 b8 ab 95 43 67 44 0c 4b 3c f8 79 ce bd 5a ec a1 bf f3 79 e0 ad dd 90 06 47 a8 f4 ec ad 4a 7a 0f 47 a8 af 00 f7 b3 95 06 23 fd 6d ed ad f1 4e 11 4b a8 bc d9 4f a8 f3 60 d4 42 7a ec ad 40 7a cc ae 42 7a 12 4e a8 a3 a6 bc 7e a3 12 b8 e8 e4 ff e9 37 4f 56 47 36 8a 4e be 4d ec ff b8 b5 e4 56 b4 96 2a 1b 21 bd d6 cb b8 bd 6f e4 41 d4 6d d3 b9 a1 6c 56 a8 34 2a ef b8 8e bd 9b ed 46 5c d3 30 bd 2a e9 32 f0 94 42 32 e8 6f e9 ea 37 2a ea e8 30 22 13 a8 ec 87 92 47 42 90 90 b8 79 6b 43 33 e8 63 41 33 bd 2a 1b e8 55 1f 05 b8 bd af 90 7c a5 e4 56 44 bb d3 12 06 a9 84 18 b8 87 6a
                                                                                        Data Ascii: oD@/FqCBzR/EGG$}yCl&2CgDK<yZyGJzG#mNKO`Bz@zBzN~7OVG6NMV*!oAmlV4*F\0*2B2o7*0"GBykC3cA3*U|VDj
                                                                                        2023-09-15 03:49:53 UTC2419INData Raw: 69 9d 1b 26 fd a7 0c d1 bb 4d 7d ef 50 67 be 26 5b b9 25 93 b4 96 27 17 79 44 6c 92 b6 46 4f 16 8a ba d4 21 f4 8d 64 c0 b3 8c 64 c0 b3 12 7e 1e 6a b6 90 4f 4d 9d 7f 93 bc b1 ad 0a a4 55 3b b3 ba ed 74 d3 aa 30 6b d9 15 6c 66 1f ab af 9b 11 35 a9 61 2e 69 bb 30 ec e4 6f 66 71 be 4d 6f e1 bc d9 ef 11 e8 81 87 fd e8 bd 44 35 42 ba 2e 31 44 55 99 5a 19 bf 3e 3a 88 df 64 a4 8f 46 5a c2 b1 4d 7f 28 a9 a6 af 26 a0 bf 99 12 9b e2 9a e2 bc 34 58 19 b0 4c 3d e5 83 cc 6e ec 83 a4 99 04 80 bd 1d 76 49 9f 6e 28 ba a7 1b 76 e0 74 0f 4b 59 aa 67 98 f2 bd 6b 20 6a 86 27 17 b7 29 a3 d1 32 69 37 e9 b7 fd 6b ec d3 47 0c 9c 69 9c 90 14 43 ad 7f 49 50 b5 64 91 ba b6 4d 1d 4b 36 df e4 33 ec ec ff 90 f5 3c 45 ef 83 e3 9a dd 7d d3 c7 9f dd d7 b1 f4 bd 53 9a ed 9d 0d c7 50 b9 e4
                                                                                        Data Ascii: i&M}Pg&[%'yDlFO!dd~jOMU;t0klf5a.i0ofqMoD5B.1DUZ>:dFZM(&4XL=nvIn(vtKYgk j')2i7kGiCIPdMK63<E}SP
                                                                                        2023-09-15 03:49:53 UTC2435INData Raw: fd 55 ea 37 7a bb 27 0b bb 7d 5e 90 ba f7 6b 28 f0 a1 12 09 a3 b8 69 0f 79 8f ae 1f a4 be 2a 15 5c 3e 43 16 b2 b5 54 5b 98 c3 46 10 ac 9d 44 10 ac bc ea 1e 98 34 6d 59 7d ab 25 1f 83 f5 4b 6d cb bd 7b d3 b1 99 44 17 a9 7d 7b 10 b2 99 07 9a f2 b1 ef 71 47 bd 6f 52 de 80 cd 05 ba c3 0b 9a b5 bc 08 4a 37 c1 6a d0 c3 51 a8 68 39 51 27 12 b8 3f 6f 9c c4 30 a3 ed 47 42 cf 2d 3e 38 8e 13 bb 82 8b fb 36 a8 69 2c 98 30 22 db e9 36 ed 17 50 05 6f ee 47 42 e4 46 68 96 3a 13 70 34 3a d7 33 f8 bb 38 98 f8 a3 9a fd 05 ec 10 63 fc 67 2b 33 28 6e 12 62 cf 53 ca b8 e0 d3 c8 fd 79 b5 66 00 bd b6 56 04 63 b6 cc 58 4b 7f d7 bd c7 4a 10 b4 66 2f 2b b8 67 22 ab 62 c8 ab fb d3 31 b8 14 d8 31 cb 14 33 ec 57 53 b2 f9 84 30 3d b9 53 c9 f5 5c 68 fb b2 fb ed 17 7c 38 6b 2f 31 e8 d7
                                                                                        Data Ascii: U7z'}^k(iy*\>CT[FD4mY}%Km{D}{qGoRJ7jQh9Q'?o0GB->86i,0"6PoGBFh:p4:38cg+3(nbSyfVcXKJf/+g"b113WS0=S\h|8k/1
                                                                                        2023-09-15 03:49:53 UTC2451INData Raw: 93 2f 66 f3 f3 55 a7 fb 80 9c 05 d4 61 7d 7d df 90 8e b5 4d a9 8d 4f 01 88 4e 40 63 41 92 90 d5 bd 4c a9 97 5c 92 b7 43 50 15 d0 a2 47 7b 83 fb ca dd 54 f0 97 59 fe 14 a9 4c 43 df 50 10 ef 19 31 f8 87 13 3b c0 87 12 cc b8 86 89 7d 5f 72 c7 1d 8d a3 fb 46 5d 6e 83 39 af 6a 60 61 e8 bb 41 88 71 87 b4 02 47 be 07 74 ef 5f 21 62 dd 71 72 5d 99 4f e3 b7 0b e3 03 09 93 ec ea 58 bc 1b 11 53 f4 19 12 08 a2 7e 3c 04 3e ae 33 df 99 6e 73 9f 9c 6e 79 b8 8c 76 60 8a 4d e2 60 8a ad 76 1f e9 55 d3 10 c8 09 77 91 e9 48 65 62 b8 b8 ad 08 28 59 e6 46 68 08 b3 f0 a7 f5 7a 6b 60 55 eb 23 a8 23 dc b3 eb 4e 7b 88 3d 44 7b 37 47 a9 22 c3 d0 7d 9b 07 18 61 3f fb e0 03 94 07 68 4f 7b 65 9a bd 68 e0 ac 55 2e 14 28 9c 1a 00 68 95 87 d5 4e 5c 66 cb 5a af bf fb 66 c5 6e 37 08 b5 8d
                                                                                        Data Ascii: /fUa}}MON@cAL\CPG{TYLCP1;}_rF]n9j`aAqGt_!bqr]OXS~<>3nsnyv`M`vUwHeb(YFhzk`U##N{=D{7G"}a?hO{ehU.(hN\fZfn7
                                                                                        2023-09-15 03:49:53 UTC2467INData Raw: 0f 52 f8 18 47 a2 90 0c 47 a2 f0 ec a3 42 62 ec b5 42 62 ee b3 1c 65 ec b3 42 90 18 47 b6 90 18 47 b6 90 18 47 b6 90 18 47 b6 ec ec b3 48 6c 42 33 71 87 1c a9 81 3f 5e 40 55 88 83 90 d7 fd 13 05 80 5d 0a 40 ca 6c ee 92 42 fc e3 bc a9 39 13 31 f0 83 98 f5 51 87 5d bd 9c 7e e3 29 bd cb 1a b8 bd 54 13 48 ce 72 98 fd b5 3f 79 fa bc 7f 12 33 ec 67 41 39 bc 24 12 e9 b9 22 ff 31 fc 67 f8 9b 3d e4 46 b0 ef e2 56 40 7d fc 1b 54 55 8c 13 bb 36 27 17 e9 e9 e4 03 98 bc 9f 31 b9 fd bf 17 e6 fe 33 87 4a bb 73 9a f5 59 1c 10 5c f9 87 b8 c5 be 8b fb d0 94 6e fb a5 9f 6e 66 39 b4 de 18 4a be 4b 9a f5 fd 8f 98 fd b1 3f 9e d9 ad 22 13 58 55 48 d1 4d 42 e2 46 ba 51 9f 1a 58 55 24 af 4d 42 2e 92 b9 55 ed d4 4d 42 3d 8d cd 37 45 f2 b8 0e 8f 13 e8 55 62 c2 b9 f5 e4 5e b4 df 6c
                                                                                        Data Ascii: RGGBbBbeBGGGGHlB3q?^@U]@lB91Q]~)THr?y3gA9$"1g=FV@}TU6'13JsY\nnf9JK?"XUHMBFQXU$MB.UMB=7EUb^l
                                                                                        2023-09-15 03:49:53 UTC2483INData Raw: a2 b5 eb fb eb 9e 62 f8 c1 56 67 92 bf db db d2 b9 1d 6a fb 43 dd 4b d1 b1 9f 5e d3 b1 ed 87 9f 38 3e 8d 0d ab fd 2c 92 f9 1c 64 23 7e f8 a4 f3 b1 76 6e b5 b3 37 22 ec e9 30 3a d3 9d 1f 7e 5f 5d b6 9c 53 5b b6 76 f8 b8 aa a9 56 07 bd e2 56 07 5e ce 19 d8 ad 67 fb 60 fe 6c 75 fc 51 5a 13 d2 42 07 3a 87 ee 6f 77 ba 1c ce 48 e8 3e 83 73 ee 1c 2f ab 0e e4 6f 20 7d fd 28 e7 bc d9 cc b2 ba 34 22 8f 35 f0 e7 1f 50 c2 ef 05 e8 55 b6 93 cf bc 4c a5 87 d5 a7 fa eb bd e2 13 f5 1d 90 06 50 09 3c 13 a0 7a 2a ef 39 b8 8f 12 e9 30 22 13 04 55 5e 12 4e 42 07 c3 bc 6b 38 53 d9 01 3d fb 1d ce b5 15 b9 b9 90 13 b8 bf 69 f7 b8 bb 0e 19 1a 96 0f 19 31 f8 9f 52 b9 3d 8d 07 e2 4d 0a d8 19 3c eb 93 0b d4 89 1e a8 f0 8d 11 11 5f 6d 93 22 56 2e 31 3a 24 14 f2 b9 9d ed 52 5a b9 0f
                                                                                        Data Ascii: bVgjCK^8>,d#~vn7"0:~_]S[vVV^g`luQZB:owH>s/o }(4"5PULP<z*90"U^NBk8S=i1R=M<_m"V.1:$RZ
                                                                                        2023-09-15 03:49:53 UTC2499INData Raw: b8 85 6f 66 be 42 7a 47 0d bd 3c 13 8b 74 1a ef 33 e8 6f eb 33 ff 6b 43 50 f4 fc 13 47 42 60 ad b0 38 a6 67 ea b5 ac 12 53 c2 ca 12 c6 1d 6e 98 a8 b5 3e fb 9e 9f 6d 03 3d 6f 6b 66 a4 bc 67 5b bc ec 87 70 f9 1c 6e 03 ea 55 b4 89 49 b7 97 b3 31 fc 6b f8 f0 d8 6c 24 da be ee 72 b1 e8 93 41 50 54 fd d2 bb 9d 6f 96 78 c8 71 73 b2 ec 87 15 91 6c 6e 83 ba f7 6b 28 b0 c8 6d 18 29 bd 2a ef 31 ff 6b f8 7e 7c 0f 17 b8 be e6 42 bc 95 63 e1 b3 bd 63 9a f5 49 e4 56 4c 36 ff 1b 33 ed 6b b3 b4 34 3a e3 b6 05 9b fb e9 7d 78 63 a3 7c 68 1b c9 be 53 43 bc 6c 6f da a9 42 60 ec b7 ed 87 c5 b1 7d c2 e0 b7 8f 4a 12 fe 9d 6e c2 b0 0b 7f d2 b0 b9 60 f1 08 22 5d 03 cc 89 6b 7f 51 27 fd 35 6b bc 9b c3 b9 5c 7f af b3 ef 6d d2 b6 a1 6e 17 e9 b9 3d fb 7a 64 ce 12 b8 ed 87 b2 9a 2b fd
                                                                                        Data Ascii: ofBzG<t3o3kCPGB`8gSn>m=okfg[pnUI1kl$rAPToxqslnk(m)*1k~|BccIVL63k4:}xc|hSCloB`}Jn`"]kQ'5k\mn=zd+
                                                                                        2023-09-15 03:49:53 UTC2515INData Raw: 8e 19 8e 13 28 bf f3 f3 c4 88 51 a3 13 a2 2e 41 f9 ae 2d 41 39 bd bc 0a 48 55 3a 80 d8 bf b7 48 5e 11 41 3c f5 59 cf 47 94 cd 14 b0 ec 41 aa 1b 7a 7e 6b 20 f8 7d 84 7d 33 f8 77 a3 be a9 6a d3 12 ad ef ac b4 ed 87 18 dd b0 2e 6e a8 e8 a8 52 ba f4 e4 5e 98 a0 6f 11 a4 bd 6d d8 ba 2c a3 fb 6c d9 4a 12 bb a1 1a a4 a8 30 7f f7 50 76 f4 51 b9 7c 6c 1f 59 3c ef a8 f0 f9 1b 91 ce a1 92 54 6a 32 f5 10 bb 42 f9 e1 5b eb e6 12 b3 c9 69 51 53 b8 86 5c e8 ab 2f 90 c5 a5 6f 6d a4 fd 67 98 b8 f0 77 28 f0 95 10 02 3b 9d 12 0f b8 c3 64 e3 73 36 2a 13 a4 86 2d 3f c6 b8 86 3b a9 df 6d 03 b8 c1 8f e3 a8 be 22 9e 00 bd 77 98 ed b1 54 59 90 c3 6f 16 51 b2 6d 13 b8 3e 12 13 ac bd 13 1d 33 f8 7b 10 b8 f8 73 98 f5 b1 54 52 94 bc 6f d3 4e bc 6f 13 33 e8 67 13 33 f8 63 98 f2 b5 54
                                                                                        Data Ascii: (Q.A-A9HU:H^A<YGAz~k }}3wj.nR^om,lJ0PvQ|lY<Tj2B[iQS\/omgw(;ds6*-?;m"wTYoQm>3{sTRoNo3g3cT
                                                                                        2023-09-15 03:49:53 UTC2531INData Raw: 3c f0 f6 c9 bf 08 0e dc 9d 70 4a d2 5b 74 4a c7 8b b2 a5 36 8c 46 6b 76 4a b9 a0 36 c2 b0 04 11 86 df 6d dc 9d ba 6f e3 9d ec af 9a f5 41 e4 56 44 0d 4e de b9 14 99 34 a2 eb 97 bf 74 dd 6f 45 87 95 6e 73 7f f8 ef 90 c0 e5 6f 1c b0 38 90 16 fb 9f cf fb f5 f9 c4 a1 ec ce c6 b3 78 ab ef 62 9a 6a 3f 12 30 35 2a b4 3e b7 cf fb 1d ad 6e 06 18 9f c8 c3 d7 99 2f 11 50 18 95 12 09 ad 9f 90 c5 4d 6f 6f b6 ba ce 38 68 13 0f 12 26 49 90 ec 51 8b ce c3 bd 39 6b dd d8 be af 72 1f fa c5 13 e8 d8 1a 81 bb d6 fd 10 54 8c 0b 5a 2a be 22 ff e9 ba 87 77 29 be 08 06 2f be fb 80 bb f0 2f 41 3d 7d 60 5f 3d e8 df 35 0a 2e f3 41 bc bf 1c 8e bb bf 03 13 ba e9 bf 41 b8 34 ea b2 cb ce 2a 8c eb 28 17 48 aa bc de 1f a8 be 45 5f d4 43 3f 11 79 d8 e4 9e e9 bd e6 47 f5 6d fd 16 20 28 6a
                                                                                        Data Ascii: <pJ[tJ6FkvJ6moAVDN4toEnso8xbj?05*>n/PMoo8h&IQ9krTZ*"w)//A=}`_=5.AA4*(HE_C?yGm (j
                                                                                        2023-09-15 03:49:53 UTC2547INData Raw: 38 b9 df 69 51 0f cd 55 60 58 ff 2f 47 8d 15 5e 60 aa 53 23 bd ec 54 00 48 32 3f 8b 50 ec 2e 10 9a ef 9c 55 47 9c 77 a2 8b d7 6e 7b 68 bc 2f 3e d9 b2 54 a3 bc fd 27 cf 9a f3 b7 9a 5e ff 8f 76 ba b8 1a 3e b8 b8 db 2c fc 86 36 f2 ba 51 a3 21 b4 28 67 ce 58 bd e4 43 fd 5d 84 38 5a b7 63 22 a3 7a c3 56 64 dc 6f d2 ba 02 a4 11 08 7f 6d 95 64 62 db ee 0c fd e6 5e 78 1d 46 10 1c ba 8e 73 d2 85 e2 56 70 ed 7f 79 ba d5 85 a2 e2 f0 af fb 39 ad ce 13 3b 45 90 67 ab 7d 6f fb 7f fc 7f 90 bf 79 0e 13 29 d5 cd 10 60 36 2a d7 47 b8 90 16 58 fc 6c ed bd a3 7b ec bd 42 6a ec bd 45 6a 10 00 b5 2a d7 b8 bd 6f d4 fd 5d 6d 12 b8 dd 05 2b 35 f8 a7 43 d2 bd 6d 7b 52 be 6f 13 33 f0 67 d3 50 09 6f 2b 3b 45 90 67 9a ae 6f 23 7f fc 7f 10 10 79 6e 0a b8 a5 84 14 b8 9d 6e 2f 33 f8 ab
                                                                                        Data Ascii: 8iQU`X/G^`S#TH2?P.UGwn{h/>T'^v>,6Q!(gXC]8Zc"zVdomdb^xFsVpy9;Eg}oy)`6*GXl{BjEj*o]m+5Cm{Ro3gPo+;Ego#ynn/3
                                                                                        2023-09-15 03:49:53 UTC2563INData Raw: 93 17 c5 11 b1 bc 6a 27 93 b9 66 14 b9 89 89 f1 b9 94 2e 23 6d aa 6d 35 78 c2 ad 0f 0c 4b 95 57 9c 80 2d 37 ba 89 d9 1f 8c f5 e2 56 70 3f 67 59 4e f9 c9 12 2b 3d 61 d3 8c 57 96 d7 e7 c8 47 52 bd 67 44 11 ac 18 6d 07 f9 a7 04 52 a2 7c 62 47 5a 4f aa 69 e7 bc 71 10 7a b4 92 32 79 ad 67 42 50 78 af 12 b7 03 4f 03 3d 6f 1b 31 7d 8c 8d 14 ab be 54 d7 89 de 7d d1 89 56 2d f8 da 9d ac bd 40 55 af 51 b0 7b 8f 52 1d f9 67 33 3a f6 3a af 7a f5 d3 11 a0 35 e4 43 bc fd 69 9a b0 34 ad 12 38 36 8a 4e 7a ad 6f df ba bd 6f 46 33 51 ec ff 9c 34 22 03 64 30 2a eb f8 ac b3 fb 83 b7 9a d7 2d af aa 26 cc 8a e2 46 9a 4d 6f 00 64 55 20 d0 be a9 87 85 4e fd 88 d0 8a a6 8e 11 7f ad 2e 36 39 5c 7b cf 50 46 9b ec 47 1c 7f c3 f1 56 28 9e dc d1 67 31 b1 1f 33 79 d2 5d 26 fb 5a e1 1c
                                                                                        Data Ascii: j'f.#mm5xKW-7Vp?gYN+=aWGRgDmR|bGZOiqz2ygBPxO=o1}T}V-@UQ{Rg3::z5Ci486NzooF3Q4"d0*-&FModU N.69\{PFGV(g13y]&Z
                                                                                        2023-09-15 03:49:53 UTC2579INData Raw: 7e f8 93 12 33 bd 22 8f 33 2c f3 13 b8 bd ef 41 33 f8 f3 98 30 25 6f 5b b8 ec 05 13 d2 bd e2 5e 74 bd 87 7c e9 4e 90 98 ed b5 6f 9a ed 09 e4 56 b4 34 2a 13 00 36 22 ab e9 36 3a a7 ba ef 6e 7f db d1 9c ec e8 42 6f 06 4c 04 3c 13 3d 7d 1a f3 92 7a 2a a3 47 bd 6f 13 1a bd 1d 9b 54 55 fa 13 02 7a 2a ef b9 99 6f 9e f5 61 87 d5 b5 48 90 73 33 f8 df fa 0e bd d5 13 58 3c 6b d2 00 bd 7f fb c8 9b 6f 13 b8 3e 87 12 31 f8 87 f8 b1 b5 e4 56 50 be 65 90 c5 55 6f 33 c4 d1 e2 5e 04 bd 06 fb ea b8 68 3f 3b bd 43 98 b0 55 d3 c2 ba 42 6f 5a b0 34 2a bb 33 f0 ef 1f 31 f0 c3 98 ed 11 6f ab fc 15 3f 13 88 55 bf 78 b0 2f 1b 93 9e 36 22 fb 31 f0 cb 16 29 b7 6c 18 29 89 6d 82 1c 56 48 f8 28 38 a8 56 18 b4 32 c9 40 b7 7b 11 b3 bf 7b b3 33 f0 9b 77 31 bf 62 13 fc bd 36 98 5d e0 ad
                                                                                        Data Ascii: ~3"3,A30%o[^t|NoV4*6"6:nBoL<=}z*GoTUz*oaHs3X<ko>1VPeUo3^h?;CUBoZ4*31o?Ux/6"1)l)mVH(8V2@{{3w1b6]
                                                                                        2023-09-15 03:49:53 UTC2595INData Raw: 98 0e 77 fb 33 c3 8e 40 e8 bb af fb 88 cb 92 b2 d7 cd 7b ab 78 b7 3d 1e b8 9a 8f 32 9f ad 67 fb 06 c2 77 19 b4 55 ed bc 58 bd e4 56 58 54 21 23 bd a6 1b 2d d9 bc d7 73 b9 0d 75 cf 50 22 6d 44 09 a7 db 98 ed 09 e6 46 fa 0d bc 85 08 55 c5 4b dc 9c 5e 71 ed df 4e fb 50 b5 9f 32 db 9c b3 ff 50 51 4f 10 89 bc 1b 23 b9 dc 4e 42 b3 94 0f 32 7f ed 0b 32 6c 6c 4a 90 c5 9f bb 71 99 b1 87 5e 1b bb bf fb 82 89 cd 15 14 2d 43 63 90 1c 4c 98 f5 bf ab 71 99 79 e4 5e 10 55 59 b2 8b ba bb fb 95 a7 0e 32 1c dc 4e 69 1c de 4e b7 d8 e7 4f 1e 98 ce 0f 32 60 96 fc 6c db 9c ab 77 99 79 0f 32 68 55 41 40 b8 bb 7d 60 d8 9c a3 2a a9 17 11 de 82 ac f4 f3 b8 4d 4a f8 85 ec 3f e1 a7 3b 7e c3 98 2d 70 fb 50 1d 39 82 a7 10 ff d9 48 5e 42 f1 bb d6 84 10 e4 5f 6c bd 70 f1 70 14 7d 4e 71
                                                                                        Data Ascii: w3@{x=2gwUXVXT!#-suP"mDFUK^qNP2PQO#NB22llJq^-CcLqy^UY2NiNO2`lwy2hUA@}`*MJ?;~-pP9H^B_lpp}Nq
                                                                                        2023-09-15 03:49:53 UTC2611INData Raw: 94 ed 92 33 bb ed 8c 00 b8 a0 6f 17 33 38 8e 11 7f bd 0b 29 ee be af 00 1b b9 ee d2 08 bb 6f 13 18 55 ed 8b ba bd ef 18 bc 38 6d 57 c0 b5 ef 11 e3 ba 9e 32 b6 b8 27 d4 fd 5d ae 19 d0 9d 8f 1e d2 ad 6e 9e 35 7d 2f 17 e9 55 a2 09 ec 7c 64 5f 9a a9 ce 13 31 28 27 02 9b a9 69 98 3d 9c 6e 43 35 f0 cf fb e9 55 88 9f da b5 67 b0 be 70 8f 34 49 5d 7b 33 bb 55 51 33 b9 3d 04 53 58 0f 3c 13 d0 89 6f 18 35 fd 22 ff 50 77 6a e1 39 b8 66 53 35 e8 83 41 d0 f5 ee 11 3d ff d3 32 b1 55 5e 01 4d dd 62 57 9b 7f 49 b2 b8 34 e2 53 db b0 65 98 7e 28 4e 12 18 20 87 fb 94 9d 4e b1 bf bf e2 92 be 55 d2 15 49 42 e2 93 fd 55 3f fb cc e2 92 77 b6 2b a5 53 ba d8 61 5f 78 b6 07 77 ba b2 4f fb e9 30 fa ab 19 b5 87 2a 89 1d 7a 9a 3d 81 ad 28 19 bd e6 96 9a 85 8c 1f b3 36 e2 32 b9 ec e2
                                                                                        Data Ascii: 3o38)oU8mW2']n5}/U|d_1('i=nC5Ugp4I]{3UQ3=SX<o5"Pwj9fS5A=2U^MbWI4Se~(N NUIBU?w+Sa_xwO0*z=(62
                                                                                        2023-09-15 03:49:53 UTC2621INData Raw: b8 d8 cd 86 39 bc e4 31 bd 3d 4f ee db 1f aa 76 1a 5f 45 72 b3 5f 44 73 24 3f 6a e4 1a b5 af 09 db 1f a2 7b 1a 93 48 f1 bd ff 63 e8 58 8b 0c b1 6d de cd 70 e2 7f 4e f3 8f 7f 4e e4 58 8a e5 02 db 1f aa 70 1a 1c 33 7d a5 df cd f7 fd 19 8e 5f fd 19 6c 75 7a a1 ed 66 e1 3f 2e 90 52 9d e1 11 cd 38 2e 3e 3b e3 87 33 ea 3f 1b 2c 1e 8c c9 b3 3a ed 7f 9b ea d7 6e 43 32 ed e4 86 a9 83 2c e3 e8 bc 2f 43 50 56 82 62 be ad 29 42 78 bf 00 55 ea 36 e2 a2 87 ec 2b 98 2d fc 2d 41 50 03 af 11 51 99 b9 e9 49 b1 77 43 a8 be 22 0b b8 3e 83 1b 65 fc 77 ce a4 a3 4b 13 bf 1d 6c a3 ef 0f 6c 98 f0 81 6c 53 bb 2f 6f 51 80 ed 87 35 56 94 ff 03 25 15 2d 73 a0 2c 20 46 a0 dd b6 fb 64 df 4f c2 bb 1d 6c 56 21 1d 6c 56 ac 9a 34 55 bc 85 3e e1 b1 e5 b2 8e a0 cf 0a f3 b7 c9 ad 07 b4 a5 e6
                                                                                        Data Ascii: 91=Ov_Er_Ds$?j{HcXmpNNXp3}_luzf?.R8.>;3?,:nC2,/CPVb)BxU6+--APQIwC">ewKlllS/oQ5V%-s, FdOlV!lV4U>
                                                                                        2023-09-15 03:49:53 UTC2637INData Raw: 38 eb ec d2 bc f9 3e 93 d2 36 25 2f 50 5b fd 31 b8 f4 ea 6f 38 6a ec ae 39 bf 0f 13 b7 31 28 12 38 ff 6d 15 b9 39 11 01 bb b9 6c 1c 3c 5b ef 53 fc 54 43 13 b5 30 2a b7 b2 8d ab 11 f2 3c db f7 93 75 e6 5e 78 99 1b 43 39 a8 2d 5f b8 a4 af 42 18 d7 6e 9e ed 21 25 38 21 3d 65 53 e8 42 7a 0f 0e ee ef 2a a8 bd 56 56 78 c9 4f fb 1d a5 22 d2 fc 25 6b 9e fa b6 8b a7 f8 b6 2a 0b 20 54 9f 93 a4 bd 36 d5 f8 fc 6f 12 33 f0 83 9e ed 56 54 9b 72 c9 71 93 de 34 2a 87 37 b6 67 87 51 7c ef 18 3b c0 af 13 a8 cb 6d f8 82 fb 2b 90 40 9d 7b 60 b7 fb 3c 63 f8 b9 84 0e 50 b7 5e d1 a4 2d 60 02 28 56 10 f8 32 d5 eb 60 32 7d 25 fb cf 89 2a 62 aa b6 2e 62 2d c5 af 18 53 b6 87 3f 48 aa 2e 5e b9 be e4 51 b9 34 2a 91 34 b2 7c 9f 53 8f 87 d4 b9 b7 6b 56 30 b2 68 9b 53 a8 86 38 a0 43 90
                                                                                        Data Ascii: 8>6%/P[1o8j91(8m9l<[STC0*<u^xC9-_Bn!%8!=eSBz*VVxO"%k* T6o3VTrq4*7gQ|;m+@{`<cP^-`(V2`2}%*b.b-S?H.^Q4*4|SkV0hS8C
                                                                                        2023-09-15 03:49:53 UTC2653INData Raw: b8 1d 22 6c e8 bd cf 73 b8 44 0f 13 98 e5 ef 43 b8 0a 0f 13 ae 3c c7 43 b8 c8 0f 13 69 dd 6f 38 78 32 6f 13 b9 bf 6c 17 bd bb 63 82 bc bd 68 1b b1 5f 6f 19 b3 5a c8 91 e9 1c da 5e 44 55 8e e4 d8 a5 ef 56 b0 3e 8f 12 cc b1 8f 12 b8 ec 87 45 0c bc 6f 90 7c 0b 6b 32 01 5d c1 17 5a 13 8c be 80 5a c2 1b 3b 51 77 83 15 61 e4 56 64 b5 ec d3 a8 7d 40 ff 50 54 08 17 42 42 4b ba 33 f0 b3 90 c1 bd 63 13 cd a6 a8 56 50 43 ec 73 a5 fb 71 ff 50 ae 07 e9 18 b2 6f fb 53 eb 07 5b e0 eb 6f 13 33 e8 b3 98 fa b1 3f ec b8 a8 fb a1 eb bd e6 56 48 15 ec 6e 48 1f 69 f7 14 bb b2 73 b3 bd e4 56 5c 56 4f 98 f5 b1 6e b3 6b b5 3d ec ed 4d e6 56 52 5d 47 17 03 9f 6b f3 13 94 e8 db 5b a4 d9 7b 47 a4 88 0a a1 42 76 b3 bc fe 8d 1d 95 5c 76 4f 47 a4 c9 15 b5 43 76 f8 de 14 90 0a d0 7d 86
                                                                                        Data Ascii: "lsDC<Cio8x2olch_oZ^DUV>Eo|k2]ZZ;QwaVd}@PTBBK3cVPCsqPoS[o3?VHnHisV\VOnk=MVR]Gk[{GBv\vOGCv}
                                                                                        2023-09-15 03:49:53 UTC2669INData Raw: 51 af 8e 18 ba 3d 4b ba 9b be 64 0b 39 b9 2b 53 b9 ec 4b 11 ba c4 4f 11 33 75 87 f1 dd 42 5f ec 31 38 0f b2 ae df 7b 98 3a 1b 37 d1 8e dc 6e 10 39 5c 7a 2a 1a be a5 60 98 b3 2c 3c b6 2e 7e 32 b6 bc 6c cf 51 1d ed 53 11 b5 6a 0a 36 7d 79 30 b2 b9 e4 82 99 b7 ec d1 b9 ef 87 97 5d fd 8e 53 bc 34 ea 2f 9b 9b 1b 98 35 bc 6e 9a 18 2a 0f 50 da b8 e7 96 d9 b8 e6 93 5d b1 e4 11 e8 9d 64 52 98 26 7e 41 50 d2 2c f0 ff f8 db 1f 33 fc 15 1b d8 be ab 1f bf 7d 63 3b 7e 38 54 53 b9 bc e4 07 56 ad 30 92 ac bc 6c 3a 85 51 e2 f3 83 5d 86 28 5c e6 6f 3b 5d c2 ea 12 9f 14 53 03 d8 f6 a8 2f fd 4d ee 12 fd a1 4e 12 fc a1 a1 60 dd ff 73 47 09 ba bd 07 f0 a1 7d 12 98 92 0f 0e fb a1 18 52 3a bc 28 73 b2 54 a2 04 88 f0 1c 08 8a bc 3c d3 ba 30 e2 37 e3 0f 5e 00 b9 7c 7f 12 c8 a6 45
                                                                                        Data Ascii: Q=Kd9+SKO3uB_18{:7n9\z*`,<.~2lQSj6}y0]S4/5n*P]dR&~AP,3}c;~8TSV0l:Q](\o;]S/MN`sG}R:(sT<07^|E
                                                                                        2023-09-15 03:49:53 UTC2685INData Raw: 61 bd 02 bf 63 e0 c7 ca d5 0f 27 99 f5 15 6f 72 30 b7 67 9f 1e b8 6f 16 1e b9 6a b3 61 d0 cf c8 b8 e0 f3 ca d5 1b e5 56 24 e4 6e 9f f9 bc 2f 51 9d b8 f5 33 bd 27 6e 37 bd 29 b6 7e 2c 66 32 83 f8 64 02 89 32 e8 ff d3 d6 35 5d 43 e9 d0 e0 ed f6 d0 88 20 a4 42 7f 06 e4 0a 3c f3 96 ad ec fa 08 ad f6 e4 41 dd 5d 36 ba a9 4a 11 ba 41 4c 11 9d ba 6f 13 38 c4 6f 16 f0 3e a7 eb f8 7c 8f 15 bc 9d 11 e7 ba 51 e4 46 a8 d6 2d c1 d8 b2 97 d4 fd 55 6b 2d fd bf 87 31 1b 55 ec 6e 50 ad 60 57 35 94 2f 2e 7f f8 8b 77 bb f0 67 f7 3b 7c cf 28 5c 3e 12 f7 bd dd 6c 1b 79 fd 3a e7 bb e8 8b 30 d8 b5 ef 09 bb f8 87 53 fc 45 6c 33 fd b5 60 a5 bc 5d a0 e3 bb b9 22 f7 38 2d 6c 46 50 7c 8d 13 bf b2 d9 9f a9 15 cd 45 38 bd 60 bc 79 24 d6 ec 78 b4 eb e4 41 da 68 5e 44 be 22 73 bf bd 22
                                                                                        Data Ascii: ac'or0gojaV$n/Q3'n7)~,f2d25]C B<A]6JALo8o>|QF-Uk-1UnP`W5/.wg;|(\>ly:0SEl3`]"8-lFP|E8`y$xAh^D"s"
                                                                                        2023-09-15 03:49:53 UTC2701INData Raw: 78 bf af 9e fd 4d 3f 81 64 f8 de 13 04 5d 6e 14 d0 8d 2f 10 35 bd 22 e3 50 f1 7f fc 47 d7 0e 81 b8 5f e1 fd 47 ed 64 41 bc 21 74 47 bc cc 6e b9 c8 bc df 13 b9 30 22 0b b4 55 f1 a0 b8 4d 6d 03 50 2f 68 a3 b8 ed 60 33 af 42 e2 5e ac 55 4d 90 58 bd e4 56 64 3d 0e 77 31 d7 62 52 a9 e4 2e 07 a0 51 2c e7 ac db a2 e4 ac ec b0 07 7a c5 a8 13 c9 b0 aa 65 7c f0 9f 72 b1 e2 e3 fc 9d ba 7f 12 14 55 2f 93 a8 46 69 d0 4d a0 d7 62 60 bc 99 7c fc 34 22 af 3b c0 67 43 b8 b2 eb bf 7a b9 d3 d2 bc 1b c5 0d 39 98 8f c7 b8 19 bd 13 5c 2c 63 47 51 39 4e 04 50 1c 6f ed 1a bd 83 5f d2 bc 1f 45 08 ac 87 42 58 10 3d 12 09 1e e2 5e 78 ec 87 93 4e bd 95 ec 33 ad e6 46 68 36 67 5b bc 34 8f cf e8 b5 e6 46 a8 65 e4 53 b4 fd 52 98 f5 6d 32 91 20 69 2d 6e 88 a2 2f 4a 64 cc 48 46 b2 a5 9f
                                                                                        Data Ascii: xM?d]n/5"PG_GdA!tGn0"UMmP/h`3B^UMXVd=w1bR.Q,ze|rU/FiMb`|4";gCz9\,cGQ9NPo_EBX=^xN3Fh6g[4FeSRm2 i-n/JdHF
                                                                                        2023-09-15 03:49:53 UTC2717INData Raw: 18 bc 63 af b8 a9 64 d3 cd a6 e4 5f 9c bd 7b 98 fc 99 7f 20 6a 4a 65 e2 b8 85 63 13 90 7f 5c c1 f7 fd 16 5d 53 ee e4 cb ba cd 3b 17 9c ad 6e 73 69 56 be ca 69 3d 85 c2 60 b6 b4 66 4c bd ff 53 70 4a 0b 37 a0 2c 6f 1b ac 9d 6c c2 ca b3 54 13 f0 ca 67 10 b8 b3 6f 43 ce b5 44 57 9c a9 3f 08 ec 99 77 13 b6 b1 6f 1d a8 bd 20 6a bf 4a b5 e4 60 3e 6f c9 b8 e2 34 d1 a8 bd 90 43 9d 09 da 40 b8 b7 d7 11 bd 01 3a 11 bd 7d 6d 16 7c bf 6a db ba b8 a3 46 ba b8 bf 11 bd 69 6d 16 60 bf 6a cf ad bf 6a f3 ba b8 8b 11 bd e1 d8 40 bc bd a3 15 b8 ec e2 5f 9c b5 6f 38 70 3e 8e 1c bb 7c 74 13 71 b6 ae 4a 51 67 93 ec 92 42 69 06 bf b8 7a d7 b8 a8 90 36 12 55 ed 33 54 3f 6d e3 3a bf 9b 91 ba f7 97 91 ba 41 ed 11 b8 0b ee 11 bc e8 ed 11 b0 3f 6d 1f 3a bf 7f 91 ba a9 3a 91 ba a5 ed
                                                                                        Data Ascii: cd_{ jJec\]S;nsiVi=`fLSpJ7,olTgoCDW?wo jJ`>o4C@:}m|jFim`jj@_o8p>|tqJQgBiz6U3T?m:A?m::
                                                                                        2023-09-15 03:49:53 UTC2733INData Raw: 5b bd 65 31 3a 7c 7d 9e b4 43 ef b2 a3 7b fd fd 38 bf e7 eb 38 bf bf d4 b8 9c 47 9e 44 40 ef 11 7d 3f 6d 67 41 14 2f 12 62 1b 6e 17 18 bc 6b bc 1a bf b5 97 f9 bc cb 53 b9 db 59 7f 98 bf 8f 18 1a 8f cf 19 33 f7 8b 33 b9 95 4e 1e 22 85 4e 1e a0 9d 6e f9 c3 30 1f 73 82 e9 86 76 9a b4 07 52 b9 e7 46 1a e8 d4 6c 2d 50 28 4e 1a 54 5c 70 33 b9 05 75 b7 99 b4 a1 33 b9 5c 2a cf 51 95 e4 92 bf 9d 0d 33 5a bd a7 fa a0 95 67 47 f2 05 ef 15 11 3c 69 f3 39 bb f6 40 98 bc ee 35 bd 3b e3 35 3e fc 6b 1f f2 59 2f 17 ce fc 6b 9e 68 7d 21 fa fc 72 a9 12 b2 51 86 d4 59 bd e2 b9 74 fc 6d af fa bc a7 52 b9 0c 2f 12 0d bb 7a bf 7b e9 50 11 ad fc 71 26 b9 b7 25 43 b9 b7 4a 11 b2 39 95 53 be c3 fa b1 bf 3d 2e 12 cb ff 6e 77 43 fd 6e bf 30 18 2d 3d 19 bf 32 b1 ba c5 2e 12 22 ef a6
                                                                                        Data Ascii: [e1:|}C{88GD@}?mgA/bnkSY33N"Nn0svRFl-P(NT\p3u3\*Q3ZgG<i9@5;5>kY/kh}!rQYtmR/z{Pq&%CJ9S=.nwCn0-=2."
                                                                                        2023-09-15 03:49:53 UTC2749INData Raw: 9c 7c 63 0c 3a bf c5 5b f9 b8 7b 91 ba 95 ee 11 b1 7c 5c b6 bd 91 cf 10 94 5a 78 12 94 49 ae 6c 91 fd 6d ab 24 bc 43 de f8 bf e2 5e e8 09 86 ca e1 f5 12 b7 38 b5 d5 5e ba b6 b3 d2 c7 bc 64 23 d8 bd 64 b3 bd fd 6d df b8 bd e4 56 5c ed 87 59 35 bd 6c 4a be f8 25 fb f8 b7 e9 66 f9 b7 33 52 b2 cb 2b 19 bb bd e5 80 d9 a8 6e 1a 78 bc 66 42 bd b4 e2 5e 08 7d 90 36 5c 09 3c 13 be b7 ae 9a 6a 85 6e 19 ac dc 6f 19 90 f7 7c d2 b3 15 63 fa 90 b4 43 e3 38 b6 66 92 b3 cf 2f 92 b3 44 79 98 b3 7a 70 12 91 5c 06 53 bf 05 f7 d2 b1 6c aa 1a 72 ba ae 06 79 ba 9f d2 bf 0c a9 14 f5 4d 86 1b a0 54 99 52 59 3e ae 1f 51 2b 42 92 ba 34 8f 9d 39 b1 4b 71 79 c2 3c 53 ba fc 64 f9 50 31 67 78 39 b5 3f 06 39 b5 34 33 b9 30 2f 17 0f fa 82 46 ff b9 83 53 bc f5 2e 17 c4 fc 6b 2b bd f9 6b
                                                                                        Data Ascii: |c:[{|\ZxIlm$C^8^d#dmV\Y5lJ%f3R+nxfB^}6\<jno|cC8f/Dyzp\SlryMTRY>Q+B49Kqy<SdP1gx9?9430/FS.k+k
                                                                                        2023-09-15 03:49:53 UTC2765INData Raw: ca bd c3 fa 7f cf 6f bb 51 9f d0 61 b8 19 86 a4 ca bd cf fa da 12 1d 13 24 54 c8 63 b8 7b 7e 4b ed 9e 42 26 e9 ba eb 42 bf 98 3d 14 48 f9 86 92 6a bf 83 fa c1 cf 6f f7 ac 54 1e 47 bf d4 1d 13 64 54 0e 56 6c b5 36 61 b8 69 86 42 ca bd bf 57 51 f4 1d 13 74 54 2e 61 b8 75 4b fa 81 65 69 59 38 1d 69 d9 18 08 6e 33 5b 1d 69 a9 28 bd 90 0c b0 3f 6c 44 48 a2 1d 13 48 a2 be e0 af 4d 1d 13 54 39 86 fb ca bd 8b fa a8 a9 93 04 d2 cc ee 16 c4 3c 6a 72 28 bd 4e 10 55 17 7c ef af f3 4e 11 60 9c 6d 2d 28 bd 42 72 b6 27 be 17 41 f0 44 32 ba b9 8b 96 98 bf 74 fd b1 71 e2 9e e4 ac 48 8b dd d3 93 0b ac 2e 13 e0 27 68 0b c1 51 2d 6f ab 88 ac 6b ca 28 bd 4f 10 11 9d 79 fa ba 94 6c 27 fb aa af 92 ba e7 33 92 ba 0d ee 11 a8 cf 63 a0 b6 3c 0b d2 d0 3c 19 ed 68 05 66 f2 b3 32 da
                                                                                        Data Ascii: oQa$Tc{~KB&B=HjoTGdTVl6aiBWQtT.auKeiY8in3[i(?lDHHMT9<jr(NU|N`m-(Br'AD2tqH.'hQ-ok(Oyl'3c<<hf2
                                                                                        2023-09-15 03:49:53 UTC2781INData Raw: e7 2f 30 75 15 6f 60 67 28 b3 18 12 cb 2d 6d 66 08 bf 34 62 f4 cc 6e 71 28 bc 7e 02 d9 ed 7f 77 64 bd 2a 4b bb 8c 6c 02 ad d8 50 1c c0 b1 79 57 ca b9 fe 11 d7 ad 64 13 b8 ff c4 43 ba ac 78 74 aa bc 1a 03 ba d9 1d 15 09 42 6c 29 b8 f1 7f 11 c9 ba 3f 21 b4 53 1c 21 a1 2c 3a e2 ed ee 1f 13 89 9b 7e 10 ee da 1f 12 0d ac 2e a1 b1 d4 7d 32 ec 02 5d 1e 4b af f8 16 87 bf 5e 11 47 ba 55 23 be 03 0e 21 ba 42 68 ec bf c8 76 6a be df 1f 1d 17 e8 26 20 1f 4c 6f ca 89 bd bf 07 ca ef 73 b9 dd c3 fe 13 08 ba 06 c3 b7 d8 3f 12 47 6c 44 22 a7 e2 6d 12 b8 84 6b 6a b9 42 6c 08 ba 42 16 10 c7 3c 50 17 8f b9 b0 11 45 b9 3a 1c 47 be 90 ca b9 82 67 84 a9 02 6c ac bf 82 68 ea e7 82 6b ec 43 ba f6 11 c1 b9 16 12 47 be 72 11 87 b1 d0 5c af c2 6b ac b4 86 6a 77 8a 81 0e 13 e4 d6 3f
                                                                                        Data Ascii: /0uo`g(-mf4bnq(~wd*KlPyWdCxtBl)?!S!,:~.}2]K^GU#!Bhvj& Los?GlD"mkjBlB<PE:GglhkCGr\kjw?
                                                                                        2023-09-15 03:49:53 UTC2797INData Raw: a9 7e 67 e9 98 fd 6a 7c f8 bc ae bf 7b a6 ae 1f f5 b8 19 47 7a a6 ae 10 df 7d 6f 52 a9 7e 4e 63 6f fb 70 d8 91 74 7c 40 78 c9 06 d7 9d 78 6d 78 71 ba ae 6c 98 ff 61 67 78 bc ae f0 d7 56 8f 22 d3 b0 53 33 b8 9d 4f 58 1d 9d 4a 12 d6 9d 0f 3a 19 94 8c 56 90 df 58 72 b0 d8 02 77 8f d9 8d 11 99 b8 02 77 b1 5e 2f 3a 1b 42 61 f1 b6 ff 6f 46 d8 a2 3b 73 8b 17 21 f7 af e9 0f 3d ec dd 72 50 5a bc 31 19 48 85 02 44 55 bc 02 19 40 dd 16 43 28 5e 26 13 38 dd 6f 57 22 dd 6e 73 5c f4 6f a3 1e 5d 6e 73 b8 79 aa f3 b9 4d 8f 11 ee 87 3d 71 b8 b8 6f 13 36 b6 65 a6 da ce df 5d b8 2a 00 f7 4f 6c 64 81 bf bd a4 8a 97 6c 4b 1f e5 f6 6f b3 fc 21 b0 27 cc 58 02 13 98 e7 32 a1 75 00 dd 5b b8 0b 43 c5 e7 b9 4d 57 9c bd 6f eb 9f ea ef 7a 73 f0 6f 80 fe 46 3f 85 37 f9 88 13 5f b3 b5
                                                                                        Data Ascii: ~gj|{Gz}oR~Ncopt|@xxmxqlagxV"S3OXJ:VXrww^/:BaoF;s!=rPZ1HDU@C(^&8oW"ns\o]nsyM=qo6e]*OldlKo!'X2u[CMWozsoF?7_
                                                                                        2023-09-15 03:49:53 UTC2813INData Raw: 3e 6a 3e 49 c9 ad de 11 e7 2d 65 76 c8 bd 9e 12 56 ca d5 96 87 be 58 10 da 89 20 ec ba 42 6d a8 49 bf da 56 d6 a5 6c ec ba 4a 6d 63 08 bd b1 7d 28 bc 90 16 47 bf 9e 11 ce 8f 72 62 ec 63 1b 2c bb 82 6c 21 bb 6c 22 72 2a bf 10 1f 43 82 6c 20 bb ca 3f 06 69 bd 76 10 47 bf 14 01 67 6e 45 ec ba 4c 6d e2 bf 2c 6d 7c 28 bc f0 0b 47 42 6d e8 ba e2 77 ac ba 08 6d 0c a0 00 61 e8 ba 42 70 0b 07 bf da 11 67 aa 90 11 41 bf f0 04 47 bf b0 ea ba e2 78 ac b3 c0 7e 4e af bd 57 a5 07 0a 38 60 b9 2e 6f c4 f8 e1 79 7c 34 4d 02 d3 1e 51 90 7e 45 d0 8f c3 88 d1 bd 23 b8 93 bc a3 ba 8d 6f e2 d5 ed de 13 6c f2 6f 13 18 68 20 13 22 24 76 13 86 32 ad e6 85 70 a3 df d8 80 09 75 5e 83 1f 13 b8 bd 83 01 07 c9 6f 2c 8b bf 6f f8 07 3a af e2 15 9f d9 dd 02 48 6f 67 b8 bd 8c ac 4d 0b c3
                                                                                        Data Ascii: >j>I-evVX BmIVlJmc}(Grbc,l!l"r*Cl ?ivGgnELm,m|(GBmwmaBpgAGx~NW8`.oy|4MQ~E#oloh "$v2pu^o,o:HogM
                                                                                        2023-09-15 03:49:53 UTC2829INData Raw: b8 a1 0a 0d 21 0c bf 02 3a bf 7d e3 bf 7e 43 56 b8 30 d2 1f 75 2e 9f 33 4d bc d8 41 79 41 4f 61 4b 6d 7e 9d 58 d5 20 c4 b8 7d e4 33 fe 31 f4 09 94 bd bf 02 3c 2e 6f b3 9c 85 6f be f0 72 aa 70 41 e4 c9 13 2b f7 f9 2b 72 4e a2 34 b8 c0 7c 93 5a e5 a3 b2 32 ad be 02 0b 4c 9c 4d 18 d6 6a 13 43 bf 4a aa fd 33 e9 38 b8 fd b1 97 15 94 d9 f7 c6 bd 40 e6 d7 09 21 a1 f2 96 6f ef f9 ac 1e 62 6e aa 0b 93 b7 a5 ac c3 a9 19 50 e3 be ed 4d 22 2e 3d 93 56 18 41 1f 92 ed 41 6e 91 44 bd ec ef b8 39 93 13 f5 bd 9f ff 7f 3f 2a 7a f0 27 6f a8 07 08 4c a5 96 62 6f b3 f4 f0 fb 41 65 4d 6e 1d 4c ec 6f 7b 76 e4 97 bf 77 ac da 11 d6 4d 52 d7 0e 37 1f e8 32 99 2e ab 48 ea c5 d5 49 f8 f6 b0 b8 fd b9 cd d9 af 86 dd a9 b9 cf 8a 48 bf 28 89 e0 0d f1 1b 6b 8b 1a eb bb 0d 83 c3 a3 bf 8d
                                                                                        Data Ascii: !:}~CV0u.3MAyAOaKm~X }31<.oorpA++rN4|Z2LMjCJ38@!obnPM".=VAAnD9?*z'oLboAeMnLo{vwMR72.HIH(k
                                                                                        2023-09-15 03:49:53 UTC2845INData Raw: ec ca 32 6c 1f bd 44 3d 7b f9 c9 b1 13 1b 6f 12 bd f7 3e d0 eb e6 0d 13 f0 16 ae 5d 02 a2 ce fc b8 fc 29 ef a1 3c af 43 16 bd bd f8 32 fe e9 46 32 b4 6f 3d 8c 25 15 7f bb 3e e6 13 78 9a 24 53 37 b5 7f 3e b8 ad b3 ee cc 6d f5 c0 45 bd e0 30 17 fb c2 a7 d4 38 6f 5b bb d4 a8 72 4f ca 78 13 15 d5 e5 5e 3f 00 5f a4 b8 e4 95 20 65 ee d0 b8 7d bd 10 f2 99 fc e6 13 3e df 6f 7c 7a 74 1c 9e 05 c9 fd 13 69 72 ac 52 0b e3 de 2c b8 e8 c8 4b 4c 55 fc 21 1e bd 21 75 63 f5 cf 6a 67 c8 6f 8d bd b4 98 26 52 18 ed 13 75 64 aa 54 2e 94 8e 4e b8 92 1e 5d d6 f3 bb 2a b9 bd 91 79 4a f4 e9 83 85 12 6f d9 5e 42 d7 0a ef ac cb 13 96 6b 72 5a 12 c1 88 58 b8 36 8c a3 df b0 5b b9 7c bd 60 e1 db f5 c0 fc 40 c3 6f e1 5e 07 4a 91 e5 16 0d 13 79 40 ac 5e 11 60 68 1e b8 a0 26 4e 2f 5a 58
                                                                                        Data Ascii: 2lD={o>])<C2F2o=%>x$S7>mE08o[rOx^?_ e}>o|ztirR,KLU!!ucjgo&RudT.N]*yJo^BkrZX6[|`@o^Jy@^`h&N/ZX
                                                                                        2023-09-15 03:49:53 UTC2861INData Raw: d6 ef e9 14 39 92 ee 42 84 3d 7e 92 ad 95 d8 93 bb 30 40 92 ad ed ef 0a b9 bd 37 93 bb e6 ee 0a 39 90 17 9f ad 30 76 93 3c a4 e7 a6 30 a4 c3 cf b4 0d ab 19 79 be 8f cf b2 2f 8f db b2 b1 a0 f0 ff ea 54 d8 cf c5 2d 29 f9 7b 2d c6 b9 7c 77 d2 c8 e5 b0 d3 a0 7f 10 df a2 7c 77 de 3a f5 ab 19 79 bd f4 d2 ef 7c 6b 2b 78 b9 ae 07 88 2d a8 3e 16 79 b7 3e 7a 07 a7 19 48 61 65 83 70 b7 bb 0f 68 66 65 d3 70 b7 27 cb b2 bc 6f a7 f8 dd ac 87 3c 7d 66 d2 8b 2d af 12 da c1 ab e3 f8 ea 36 d5 13 7c 6e 1f dd bc 6e 81 73 e5 ba 42 77 e5 82 36 14 66 0f 19 dd f9 d3 73 b9 dc 6d df 54 af 02 2a 1c 18 3d ec b2 b9 be f4 b2 a9 0f 12 f5 dc 6d 37 58 bd 96 19 cf ea 90 19 e4 28 87 19 d4 59 65 6f 44 b7 e8 4b 47 b7 05 a7 50 b7 ab f7 b2 69 9f 19 59 ba 1f b9 29 55 30 c1 43 80 cf 7b bd 85 17
                                                                                        Data Ascii: 9B=~0@790v<0y/T-){-|w|w:y|k+x->y>zHaephfep'o<}f-6|nnsBw6fsmT*=m7X(YeoDKGPiY)U0C{
                                                                                        2023-09-15 03:49:53 UTC2871INData Raw: 97 38 46 82 bb 3c 5e 92 e9 41 eb 7c f8 f3 14 9c d7 30 1a ff 3c a8 ee 12 39 cc ee 1a 64 88 eb 7c 18 35 34 7b 34 98 fa 48 99 b9 19 5a 3e b6 ea b2 2c 3d 72 96 e9 bc 6f c3 0f 7d 7a da 94 7c 72 ab 78 b5 ae 19 1c 6d 43 3a 71 aa 1e 14 77 aa 9b df af bd 7d 7a 77 aa 77 5c 7b aa 6b d3 b9 64 78 12 e2 b0 a0 04 ec 7d 63 da af 8d bf 04 c0 f8 ab 04 dc 61 78 9e ab f4 a5 10 df 89 7d 5a 5e c8 bb d3 ae 7c 4b 0b e8 10 b0 66 7c 79 65 da cd 09 ab 22 38 7d 40 ae 7d c8 2f df aa 74 7e d1 50 75 65 7f 60 b7 b6 da 8c 4e 4b dc 8c 70 48 8b d8 b4 8e 19 d5 5c 7c bb d8 bc 0e 11 00 4d 75 f9 b2 9b ca ec b2 4d 87 19 b8 ec 8c 19 a8 5d 6f 7a c9 a6 4f 00 df a6 27 7f bc c8 7f 00 e2 8d 10 03 cc dd 66 76 a8 39 0b 03 2c ee 1f 03 51 b7 db 26 47 b7 a3 fb b2 61 fa f7 b2 51 1b 08 28 d5 74 37 ea c6 53
                                                                                        Data Ascii: 8F<^A|0<9d|54{4HZ>,=ro}z|rxmC:qw}zww\{kdx}cax}Z^|Kf|ye"8}@}/t~Pue`NKpH\|MuM]ozO'fv9,Q&GaQ(t7S
                                                                                        2023-09-15 03:49:53 UTC2887INData Raw: b3 03 4c 66 a4 0e 6f 2c fe d1 cd 7a b5 ad 30 5d 88 0d 6e 40 8f a3 6d 21 f6 a3 38 27 f1 d3 1b 76 f8 cf 1f 7c d4 dc 1b 23 82 f0 6f 76 cc d5 00 77 f8 8c 2f 13 ef 89 20 65 dd cf 09 7f 0c d2 18 35 b9 ec 8e 33 ca b5 09 e3 98 f9 00 63 13 97 37 52 fa 5f 6e 22 ba 8c 3e 02 80 bd 50 52 d4 cd 43 7b d9 de 4c 0c 93 1b 5f 06 cf dc ad 63 88 b3 5d 51 ff ef e4 17 89 a4 c1 67 89 92 3e 06 17 89 24 e2 b6 b5 f0 03 bd 29 6e 9c 6a a7 3d 76 cc cf 0a 53 d1 cb 0a 52 d4 d1 20 20 fd e7 37 41 b4 b8 51 17 98 b1 5f 36 b4 de 2b 6b d1 3c 6e 70 ca c9 0d 59 b8 fd fb 13 cc d4 02 76 38 9f 3b 0a d8 bd 6f 85 6a bd ef 15 fd cb 0a 13 d6 c9 6f 13 ef f4 21 5e fa f0 ed 11 f1 bc 0c 65 c9 bc 1d 17 ca f0 8f 18 b8 bd c5 13 db 9f 19 b2 a1 bd 6f 6b 28 bd 2c 7f 30 d2 01 76 aa ba 6f 13 9a 2d 6d cb ea d8 03
                                                                                        Data Ascii: Lfo,z0]n@m!8'v|#ovw/ e53c7R_n">PRC{L_c]Qg>$)nj=vSR 7AQ_6+k<npYv8;ojo!^eok(,0vo-m
                                                                                        2023-09-15 03:49:53 UTC2903INData Raw: bf ec a3 14 fb d2 02 d7 bf fc be 14 87 9d 4b 50 f9 c9 03 50 b0 e9 2f 8c 36 b6 69 1e 73 a1 2a 1f 6a a9 3a 4c f8 b8 6f 4c f5 f2 2b 46 f4 f8 58 15 88 39 67 d9 b7 ef 0a 74 f7 df 3f 79 dd de 1b c0 b7 f4 af 14 d1 bd 1c 67 ca dc 1d 51 d9 ce 6d 76 68 ba 3a 7d d3 d3 00 64 6e d3 28 f8 78 ee dd d0 53 fd af 12 79 56 d9 4f 78 bc ae f8 c4 7d 6e d2 53 1d af 12 d5 7c 84 ab 58 bd 8e 66 68 5d 6f f2 cd 51 bc f3 b8 5c 1a 1b 0b 5e 1a 3f 58 bd 8e 66 0e ed 8f 13 59 c8 17 f3 b8 5c 1a b3 58 bd 02 f2 cd 05 8f 13 59 c8 a3 f3 b8 5c 1a f7 6b 5d 6f f2 cd bd db f0 cd a1 8f 13 59 c8 d9 2b 58 bd 8e 66 e0 5d 6f f2 cd c5 8f 13 d5 5c 1a 87 58 bd 8e 66 08 5d 6f f2 cd 6d f4 f3 b8 5c 1a e3 58 bd 8e 66 a8 08 8c 66 0e 8d 8f 13 59 c8 3b f3 b8 5c 1a 6b 58 bd 02 f2 cd 29 8f 13 59 c8 c3 f3 b8 5c 1a
                                                                                        Data Ascii: KPP/6is*j:LoL+FX9gt?ygQmvh:}dn(xSyVOx}nS|Xfh]oQ\^?XfY\XY\k]oY+Xf]o\Xf]om\XffY;\kX)Y\
                                                                                        2023-09-15 03:49:53 UTC2919INData Raw: 47 49 ba bd b8 42 9d c2 1e 42 9d dc 1b bd 90 e1 76 1d 90 e2 74 20 6f ec 49 77 f5 ec 48 74 f8 13 47 58 d3 9a 47 79 f5 75 b8 42 ab 84 d9 42 84 ac 3e bd 90 fd 79 35 90 e6 5c 6b ae 53 d1 f2 90 d8 33 ec 99 04 dc a5 e1 23 d9 14 0e 5b ad bd 88 f0 65 df 77 10 d9 a4 8e 5f 5c 66 ba ec 66 6e cf df 47 01 c3 b2 58 14 11 71 a1 be 8e 13 d9 f6 b8 d8 7a 42 b3 c3 b8 77 90 cb 77 77 90 d7 0c bd ce ec 0e 1d 10 ec 52 60 cf de 47 40 97 e1 d8 bd 9e 70 b8 bd 98 e3 47 40 96 e0 47 40 6f e5 56 42 94 fc 59 42 95 13 54 66 90 fd 6c 08 90 e1 b8 65 d8 ec 4b 69 c2 ec 40 b9 8b d9 78 3f cd ec 76 29 37 d2 78 0f 5c ec 49 27 53 e5 af d9 77 2b d8 60 b7 68 a0 dc 78 f3 bc 42 85 d7 5e 5c 0d 0b 51 5f b1 71 a0 db 6f 10 58 f7 0e 58 66 69 a1 ec 67 65 6d c6 d8 93 ed ec 25 df 47 ec 38 0d 01 27 47 72 ec
                                                                                        Data Ascii: GIBBvt oIwHtGXGyuBB>y5\kS3#[ew_\ffnGXqzBwwwR`G@pG@G@oVBYBTfleKi@x?v)7x\I'Sw+`hxB^\Q_qoXXfigem%G8'Gr
                                                                                        2023-09-15 03:49:53 UTC2935INData Raw: f5 82 7f ea 8d ad 78 12 4b 81 50 03 87 ad 50 03 87 ad 32 24 a8 e7 3f 26 87 ad 94 1e 3e 89 6d 11 4f cb 51 ec f3 08 6d 9d 28 88 d0 03 07 ad d0 03 b9 0c 7f 79 0e bd 0c 13 d7 bd 0b 13 dd bd eb 70 b8 bc 6f 12 b8 42 90 11 f8 fc 6f 13 70 bd a7 93 bb bf 27 b1 ac bd 3e 11 a4 fc 6f b7 dc bd 4f 07 b8 f3 6f af cf bd 73 56 b8 db 64 13 bc bc 19 67 b8 87 67 13 28 bc 4f 13 b9 f0 6f 40 b8 8f 3c 13 32 d5 6f 3d d4 bd 6d 33 b8 f9 6f 19 be da 6a bb bb 77 3f 2b b8 81 6f 33 8a bd 61 13 ba bd 75 ec 47 3d ef 13 fb bd 0e 13 d6 bd 28 10 b9 8e 64 13 38 ed 67 13 9b bd 6d 81 b8 96 f1 17 b8 bd 02 13 b2 ce 6d 7e d4 bd 68 4c b8 cd 6f 39 ca bd d2 74 b8 b8 0a 13 b7 ce 6f 55 8b bd 3c 1e b8 bf 3f 19 b8 86 fa 9f b8 ae 6f 74 b9 bd ed 13 e8 bd 52 39 dd bd 00 60 b8 b8 4f 13 7f dc 6f 49 d1 3d 47
                                                                                        Data Ascii: xKPP2$?&>mOQm(ypoBop'>oOosVdgg(Oo@<2o=m3ojw?+o3auG=(d8gmm~hLo9toU<?otR9`OoI=G
                                                                                        2023-09-15 03:49:53 UTC2951INData Raw: 8b 5b 9d ea c8 85 7b 19 3d c5 53 6d 57 5b a2 57 ba fc c8 c0 0b 64 83 de e3 0b 2b b0 e9 af f6 97 2d 99 10 b3 10 64 9a 79 64 9a 51 ae e5 92 f8 de 6a 54 9b 60 5f 73 62 1e e6 46 80 ec 4f 62 e3 9f 34 09 db a7 3c 7e 0e 25 33 78 8a e2 de da 08 a2 6a e1 f7 30 8d a7 e2 05 b2 c4 45 86 9e ad 67 c5 25 af 9c e0 cb d1 79 88 fc 9b dc ca 54 ff ce 43 96 2a ea 51 d9 0c 37 67 82 a0 13 ad b8 3f 4f 3d 2f 86 55 29 12 eb c4 a2 42 61 86 67 3e f3 c8 80 f0 19 ba 86 ad 18 25 96 b5 b9 04 95 7b 5c 29 55 fe d9 5d 3a 2d f7 ac 9f 4f d6 41 04 2b 74 bb f8 4d b5 ed df 74 71 a7 f6 ca 51 53 fe 6a 5f 4d 80 7d 6f 84 e6 29 f5 eb 5b 98 ed 06 a7 3d 44 16 8a e4 e3 a7 f4 21 91 09 3f ae 72 8a 61 95 90 42 ca d4 ab e8 d0 65 9c ee e8 f5 cb d2 2c 42 1e c0 22 21 91 67 91 f2 18 7d 1d 3f 76 8a a1 cc 87 6c
                                                                                        Data Ascii: [{=SmW[Wd+-dydQjT`_sbFOb4<~%3xj0Eg%yTC*Q7g?O=/U)Bag>%{\)U]:-OA+tMtqQSj_M}o)[=D!?raBe,B"!g}?vl
                                                                                        2023-09-15 03:49:53 UTC2967INData Raw: 2f c7 d5 09 61 27 cd 2c 9d 32 3e c4 5f 34 50 be 69 19 c9 c3 67 50 6c 69 56 00 c9 cb 4a 34 ed f9 86 03 cb a8 37 12 78 e5 56 df ee 76 b7 46 0a d4 97 06 3b 5d aa 46 37 a6 7d ab ee eb 1d 19 d7 eb 6a 27 b4 ea 7a 4e 13 7b 85 f4 69 a9 7b 58 dd ef 68 de 1a f3 ca 2b da 0e 78 15 09 52 77 b9 3d 81 65 ce e8 38 8a 26 b8 17 cf 6c 33 e6 bb 2f 7a 5f 42 e6 7e ca c6 66 4a 08 77 e2 7a 7c 1f 26 24 2b 6c 83 d3 0b 72 88 8a 4f b2 87 df a8 01 b7 59 2c a7 06 d2 eb f6 5b 27 eb 00 22 e8 2b 2b cd 1b 72 90 5b 5b df 75 23 da af 70 86 88 6a a1 63 de 9f 50 44 14 43 77 f1 e6 99 c2 86 d3 9e 66 66 64 28 ac c7 42 14 87 f7 bb e2 70 9e 5a f1 93 17 2b f2 91 af cf c9 b9 c2 1a 13 95 e7 d3 60 f7 5c c3 0a 7f f6 db d4 f2 06 38 ee 11 8b 8a f3 9d 7b 35 c9 73 03 cc e0 f6 ee 9b 14 f6 ec 24 02 f9 a4 e6
                                                                                        Data Ascii: /a',2>_4PigPliVJ47xVvF;]F7}j'zN{i{Xh+xRw=e8&l3/z_B~fJwz|&$+lrOY,['"++r[[u#pjcPDCwffd(BpZ+`\8{5s$
                                                                                        2023-09-15 03:49:53 UTC2983INData Raw: 0a 74 c3 03 e3 a1 ff f0 70 6c b4 2c 30 5c 37 09 57 6b 1b a2 b7 76 1f f7 86 21 bd 11 f7 ce dc da fb 20 a3 c8 de 71 3d ae f5 1f f9 7a 37 06 39 ea 01 46 57 00 54 37 50 e9 77 52 d5 eb 77 76 33 15 0b db 79 f6 54 2e 30 ec 95 6b da 8b 55 21 e4 28 f1 59 d9 e4 24 ce e7 7a 96 5b 3b ea ed 2c 52 aa 35 4a 3a e9 3d 16 fa f8 45 74 33 14 8d c9 b1 04 2c a5 37 ea 95 41 d3 d8 a7 d1 ae e7 f0 22 09 9e 15 27 cb e8 30 2e 30 89 6b 43 d9 68 b5 27 3b a1 15 39 d4 3f da 63 fb a7 8d c4 d8 13 70 3a 39 ec 55 62 50 ae 55 ad 7b ee 76 6b db fb 66 73 cf 62 38 f2 52 ef 20 fe 9a e9 3d 22 e8 39 fc 06 96 27 fc 73 0b ed 71 3e c8 eb 20 3a 52 a6 b1 af 8e 23 6d e1 9e 37 54 14 df d8 b2 63 3f ea b4 26 1d ae 88 26 d4 5d 30 66 ff 6e b5 29 5f 61 b7 61 fb 7f fe 77 1b 80 74 26 d3 62 25 06 a3 6b 99 77 b1
                                                                                        Data Ascii: tpl,0\7Wkv! q=z79FWT7PwRwv3yT.0kU!(Y$z[;,R5J:=Et3,7A"'0.0kCh';9?cp:9UbPU{vkfsb8R ="9'sq> :R#m7Tc?&&]0fn)_aawt&b%kw
                                                                                        2023-09-15 03:49:53 UTC2999INData Raw: 1f 37 8b bc 20 2e 33 5b 01 96 9a af 51 56 58 eb b1 36 5a 2c 7d 22 db eb e1 a7 1e ca 39 6e 8a bb 00 fe 4b ea 77 16 7a eb 45 29 5e af 85 d9 d9 14 35 2e cb 68 8c 2e a7 fa 75 4e 61 e0 75 26 33 af a9 27 6b e8 39 02 cf 68 b1 22 50 eb 19 02 c7 6a 88 26 5b eb 75 26 a6 e3 f4 db 89 ad 75 86 db 95 60 4e 60 aa 77 39 9a e9 7d 4a ff cb f1 24 e8 2b f0 ef db 95 7c ae 9f ef 5d 66 e0 e3 b4 5a 2c 9b 25 cb a5 af ff e6 9f cf 5d ac 57 d5 24 6d 9b ba e1 16 db eb 75 ae 3b bb 4f ee 9b e8 75 16 af fa 34 ac 0b 61 31 a6 d7 c3 fd 72 d7 c3 4d 47 d2 eb 9a ae 57 dc a7 6a db eb e5 61 e0 16 fd b6 d8 97 b1 57 d2 cb f0 ef d4 65 da a6 d8 66 e3 92 eb 72 25 26 5d ea 7a 86 d5 cf f4 2a de 8b 25 16 fa e4 46 d9 e8 22 c8 64 fb ab 77 a3 1b 95 37 e4 8d 2b 75 ac df e1 4e e1 a5 e9 fe a6 23 d0 b0 5b d9
                                                                                        Data Ascii: 7 .3[QVX6Z,}"9nKwzE)^5.h.uNau&3'k9h"Pj&[u&u`N`w9}J$+|]fZ,%]W$mu;Ou4a1rMGWjaWefr%&]z*%F"dw7+uN#[
                                                                                        2023-09-15 03:49:53 UTC3015INData Raw: 29 df a2 e9 29 2e f3 c0 8c ad db 3a fe d1 50 16 b4 cf d9 eb 86 83 50 21 f6 c7 d8 a8 21 d5 7f eb c6 36 db 82 61 26 5b 87 65 b8 27 9f 55 26 22 cb f8 32 db 6c fe 22 5c 6e b5 52 c9 eb f8 2a 45 68 b7 22 52 ea 77 65 db 9a fe 24 5e 2b 00 d7 7a 6b 7a 0e 1c ef eb a6 b7 eb 75 36 eb e2 22 ce 88 eb 4b 26 e6 60 39 26 ff f7 fe e5 86 b0 fc 17 d6 e8 e2 b6 d1 eb f5 3c cf 68 99 3e 5b b8 20 70 e8 1d fc 16 5a ca 55 a3 1b bc 00 28 db f1 45 79 db b5 28 af da b0 f6 e2 c3 6b b6 ad d3 6e bc af 97 eb e5 ae cb 60 21 a5 d0 e1 46 e6 58 e7 75 27 e8 14 f0 e6 d4 6f d3 a6 de eb 75 ad 1a 60 25 27 5e c9 32 a7 63 68 8a 27 5b 22 55 29 9f 67 f9 a7 d7 bf 51 6a db e1 7c 66 58 14 77 29 57 90 74 2e 9f f3 51 66 1c 6a 21 a7 df af fe 3e 8a 6b 77 12 52 b7 f5 75 f3 6b 71 1e 9b 60 75 a5 23 12 fc 26 97
                                                                                        Data Ascii: )).:PP!!6a&[e'U&"2l"\nR*Eh"Rwe$^+zkzu6"K&`9&<h>[ pZU(Ey(kn`!FXu'ou`%'^2ch'["U)gQj|fXw)Wt.Qfj!>kwRukq`u#&
                                                                                        2023-09-15 03:49:53 UTC3031INData Raw: 61 26 a7 ff 60 2c d1 c9 95 67 9f d9 06 d6 33 55 59 57 79 8f 20 ce 6e 69 75 76 4d 78 44 73 57 03 d7 f6 ca a9 29 73 33 72 cf 27 9a 17 ff 32 88 be 23 71 3b ee 59 86 e8 30 22 15 36 8b 14 3a eb eb 7f 02 1b 9a 61 36 93 14 9d 8d 0e 3e 14 2c df 8b 72 0b bb a4 5d e6 59 3e 5d e6 c9 b8 23 ce 66 f9 37 20 aa ee 4d a5 1f ff e5 87 59 e7 d4 26 8c 03 3d 73 e3 ea 85 59 9c 15 e4 21 13 eb f6 ce d9 d0 ba 50 d4 8d 15 a5 e3 c4 01 2f 4b 80 95 26 0c ab 02 d7 56 9b 77 a3 4a b1 13 aa 1c ed 85 5f db a7 01 2e bd da 03 2e bd 62 7e 36 95 c3 fe f8 89 92 34 27 33 fc c5 0d 8b ef 94 4c ab e3 71 76 e0 1c 02 87 5b 97 59 36 ff 81 95 09 8d 03 a1 61 88 8f d5 33 8b ea 2d 3e af c1 a7 22 1b ea 23 c6 db f7 6d ce 15 dc 54 3a 0b ba 59 76 33 6d b7 96 db 6b 77 ab 5f ec 74 b6 ed 6f 9e 34 6b ed 5d 77 33
                                                                                        Data Ascii: a&`,g3UYWy niuvMxDsW)s3r'2#q;Y0"6:a6>,r]Y>]#f7 MY&=sY!P/K&VwJ_..b~64'3Lqv[Y6a3->"#mT:Yv3mkw_to4k]w3
                                                                                        2023-09-15 03:49:53 UTC3047INData Raw: 51 32 a5 85 75 39 9b e9 ca 77 a0 60 61 a7 58 22 8a 26 e8 2b 87 88 2c 3a 5e df d3 60 82 99 7a e8 fe ff 50 04 74 76 da 19 db ad 10 a4 b4 cf db e9 86 83 50 20 f6 c7 d8 db 86 82 50 11 27 27 48 e9 fe f7 ef 60 88 65 d9 21 31 24 4b ee fe ec 9e 6b 77 66 4b e9 39 02 87 7a 73 1d 5b 2a 09 b2 50 3a ca a2 7b e3 ec 4c dd 60 ac a4 dd a7 73 ad 19 3b 76 67 ba e8 86 82 e0 7f 51 b6 81 eb 89 5b b4 74 7f b9 d1 74 7f b9 d1 74 7f b2 d1 cd f9 a4 dd 2f 7f b7 b3 ba 70 4c d7 a7 9d 64 2b 6f 25 79 7a 2f d7 31 af 21 27 06 d8 b3 05 26 91 4a f4 87 fb d8 3d 67 b3 47 e5 27 b3 9b f5 2b 33 7b 03 e0 24 14 65 39 74 cf 6b 39 0a ba 69 76 30 5b 85 22 49 29 74 bc f5 cb 31 02 e3 60 60 47 ff 60 48 75 fa ce 15 5d 1e 9f c4 09 ff cb 7a 0e db e0 b4 53 c3 60 ba 2d 11 88 94 a1 aa c5 01 2c 1c 1b 77 a7 c7
                                                                                        Data Ascii: Q2u9w`aX"&+,:^`zPtvP P''H`e!1$KkwfK9zs[*P:{L`s;vgQ[ttt/pLd+o%yz/1!'&J=gG'+3{$e9tk9iv0["I)t1``G`Hu]zS`-,w
                                                                                        2023-09-15 03:49:53 UTC3063INData Raw: 00 02 50 e6 64 25 8a 83 1d 36 c6 4b 2d ee db f1 44 5a c9 e2 71 4b 5a 2f 44 23 18 81 77 4c db 14 1d 26 db 15 8a 76 33 4f 13 1d 0f 48 00 30 ce 99 66 06 da cf 56 e4 68 cf 00 15 29 9d 26 75 4b b8 25 ce e0 4e 77 52 c5 3e 0e 3a a5 94 a4 5d da ec a1 5d 32 62 6b ad 6a 8a 74 bb cf 8b 45 76 33 bd 17 31 6a 9b eb 29 5e 42 e4 01 5f e8 30 a6 d8 dd d4 87 9a 89 73 27 08 e8 07 79 ae a1 1d 4e 37 f7 d5 2d d6 4b 7e 15 5f 53 d8 c7 db 15 85 4a 38 eb fd c7 db 04 93 26 11 83 94 26 3b 39 1b 06 63 6b db 5f d5 7f 1d 16 1a ea b6 90 d9 13 6e c6 db 41 c1 c0 db 2b 94 26 7e 49 76 3e 76 e8 d4 e3 cb ed 4f d9 24 ab 6b 3e e3 e6 d4 36 a7 cf 9d 58 26 8a 76 2a 1a d4 9c 13 d6 30 4c 86 d9 bf c5 4b 79 e8 c7 24 f9 b9 d5 25 fb 03 27 93 d9 9e a1 33 eb cf 6d f6 a9 ff 46 24 88 bb 24 7e 89 03 91 46 d8
                                                                                        Data Ascii: Pd%6K-DZqKZ/D#wL&v3OH0fVh)&uK%NwR>:]]2bkjtEv31j)^B_0s'yN7-K~_SJ8&&;9ck_nA+&~Iv>vO$k>6X&v*0LKy$%'3mF$$~F
                                                                                        2023-09-15 03:49:53 UTC3079INData Raw: 05 36 a3 0b f6 6b df 8d 4c 7b db c9 01 3c 50 ae 35 ad 96 69 31 56 c8 e7 25 ce fb e6 27 0a 5f 62 28 56 4e b6 57 1f c6 5a 4b 0e d4 6f a0 27 bc f6 74 66 af aa 55 4e f3 91 36 26 5a f5 b6 e0 38 9a 18 c5 8f fb 25 87 9a c3 c6 27 8b fc 23 81 6a ea 32 06 cf a9 55 d1 69 d5 65 bd 7a f4 a4 38 f0 28 76 a4 d8 bc 23 66 d8 67 37 d7 1b 6e 37 25 8b 83 75 34 d8 89 b0 34 d8 f7 9e 62 fb c9 8a 24 c9 42 8d 24 37 ca 84 24 4e 1f 77 32 48 b9 b1 4e 07 bb 74 74 33 94 27 27 c8 ac 31 af c6 6a 33 76 33 4e 06 28 e2 2f 68 76 eb f8 7a a2 56 7a 32 50 d2 d9 78 57 dd 60 60 a5 dd cb 55 8f 2b f3 8a d9 8b 79 37 54 d2 bb 9d 0b c0 90 7c db d9 92 82 24 aa e2 25 ce 26 f1 64 53 d2 e6 27 27 aa e2 24 ce 3c ac 27 27 8b b6 44 27 52 f6 0d a6 d2 b9 39 ce d7 68 7c 86 fd d8 b5 54 fd b8 71 73 8d 9b 39 36 8c
                                                                                        Data Ascii: 6kL{<P5i1V%'_b(VNWZKo'tfUN6&Z8%'#j2Uiez8(v#fg7n7%u44b$B$7$Nw2HNtt3''1j3v3N(/hvzVz2PxW``U+y7T|$%&dS''$<''D'R9h|Tqs96
                                                                                        2023-09-15 03:49:53 UTC3095INData Raw: 4e e5 af d5 1f 0a 2b df a2 27 0b eb 4e e5 82 9f 45 66 50 e9 bd 36 1f e5 f5 1f e0 9e 71 2e 53 f2 9e 94 d8 19 1f 2c 88 f3 25 ce 25 3b 62 34 f7 e9 01 3b d8 6b 43 d7 90 ea 01 35 56 ae 89 2e 8b 03 ed b6 de 6b 08 da dd ab 2c 3d 1b 68 b5 25 ab c0 46 26 1b 81 75 1f 9f cf 7d 4e d9 eb 15 36 d4 7f b5 76 24 fe 67 3e 99 fb d6 c6 bb ce 01 10 33 cd e6 36 d8 ab 71 85 3f 0b 75 53 d6 ff 1d de 0b a0 9d 56 16 eb 2c cd 5a fb 24 24 ae f3 9d 78 d0 fb 3d 06 1b 9e 7a d9 ee fa 76 d9 ce a5 61 c6 d8 3b 69 67 c6 83 35 56 d4 81 3e 06 fc 78 74 1e f9 a9 d6 fe 4a ef 74 64 18 6b e6 22 58 ce a5 e6 db eb 7d a5 fe 3f 14 26 b1 ea d6 ea ca 9b 75 af d6 37 25 26 1c ee b1 65 8b eb 35 2f db b3 b6 87 3a ea f8 2e d7 6b d4 87 d8 66 79 ae e0 e3 b4 55 cf db e2 22 f0 bb 79 22 5a 11 95 6d db 99 72 a5 1b
                                                                                        Data Ascii: N+'NEfP6q.S,%%;b4;kC5V.k,=h%F&u}N6v$g>36q?uSV,Z$$x=zva;ig5V>xtJtdk"X}?&u7%&e5/:.kfyU"y"Zmr
                                                                                        2023-09-15 03:49:53 UTC3111INData Raw: d4 41 df df 25 4c f4 d9 74 ba 9f e9 2d 3a 8b 81 35 66 db ea fe 22 da d3 5d 76 b1 af 77 27 a1 ef 74 1a 8b ff 1f 63 d9 ea 1c 41 df ab 25 4c d1 ad 47 27 8e af 77 62 8b 81 32 a3 d9 ea 31 22 da a3 25 4c 93 e9 74 64 e8 ef 74 6a 8b 81 3c 24 da c9 d4 41 df bb 25 4c 91 d9 74 28 9f e9 e5 72 8b 81 3e 24 da 16 42 25 da bb 2d 76 b1 a7 77 27 37 ef 74 7a b3 bb 1f 6b d9 ea ae 26 da 8f 71 46 f3 bb 1f 68 e9 ea b2 62 d9 8f 25 32 b1 a4 77 27 6d ef 74 4e 8b 81 7f 1e d9 ea d0 22 da 87 25 4c e2 6e 77 27 4f 8c 71 56 8b 81 4f 14 da a9 f5 62 d9 9f 25 4c e0 e9 74 49 7a ef 74 5e 8b 81 49 24 da b5 71 27 8b 97 25 4c e6 e9 74 6b bd ef f3 77 5a 8e 25 4c e5 89 74 10 a8 e9 f3 97 da d6 25 4c e4 18 7a 12 da 63 47 27 8d ab 86 29 ef ea f9 14 da aa 47 27 21 05 43 00 de 0b 37 46 da a9 86 39 bb
                                                                                        Data Ascii: A%Lt-:5f"]vw'tcA%LG'wb21"%Ltdtj<$A%Lt(r>$B%-vw'7tzk&qFhb%2w'mtN"%Lnw'OqVOb%LtIzt^I$q'%LtkwZ%Lt%LzcG')G'!C7F9
                                                                                        2023-09-15 03:49:53 UTC3127INData Raw: a8 10 d4 ed 71 20 d4 6f df 96 cd 6b fe e0 30 bc f8 69 25 5a 6d 72 96 fb c6 3e 9f 9f 69 52 ab f7 11 23 a9 f7 7a 16 c8 81 7d cd be 62 21 73 3b 2a 79 23 fa e3 83 06 d8 e4 f1 aa 29 09 6f 1f d4 64 9c 24 a9 ee c4 31 d5 fa 57 2f b1 e2 2d 69 d7 02 cd 76 7e ea 76 62 30 2a f6 06 a6 cb 75 52 f1 7b 70 ab 94 ed 8a e6 de 2b 73 52 cf a3 3d 29 df 6e c1 77 8b a6 9d d9 b1 ec 2d 7e 32 62 95 24 aa eb f4 57 db e1 75 69 83 68 8d 2c d4 6f e0 2f db e9 9c 49 3a 42 08 36 32 63 44 e6 db 2c 30 c6 3b e3 d5 7e 58 d6 64 e7 d5 ea 0b 29 eb e6 1f 22 8b a3 9d d7 ee 5a 7b cd d4 62 7b a5 df 0b 71 87 cf e4 cb ed 56 ef 75 90 56 9f 34 f6 5a 15 25 36 cf eb 75 59 f9 e7 cb 98 8a 3a c5 26 52 9e 91 bb df 4c ea 22 4f ef f4 54 d8 3b 3a cd d9 60 8c a6 98 eb f6 5b 2b eb fc 1e d4 6f 77 ff fa c5 6d 7e e2
                                                                                        Data Ascii: q ok0i%Zmr>iR#z}b!s;*y#)od$1W/-iv~vb0*uR{p+sR=)nw-~2b$Wuih,o/I:B62cD,0;~Xd)"Z{b{qVuV4Z%6uY:&RL"OT;:`[+owm~
                                                                                        2023-09-15 03:49:53 UTC3143INData Raw: 75 be bb eb 29 46 db f7 11 24 69 e7 95 26 03 37 95 34 bb eb 35 46 db 59 75 46 db 5f ae 46 fa 8b 75 6e bb eb f3 22 bb eb 17 3c 01 a8 75 9e bb eb 5f 4e bb eb 59 46 db fb 15 26 13 32 5e 46 e8 8b 75 62 bb eb 71 46 db 3f ad 73 bc fb b9 46 da 43 91 27 83 0f 75 32 9a 0b 75 f6 0c a8 75 ae bb eb 39 ed bb eb 14 24 e3 0b 75 ca 0d 0b 40 46 db c1 f9 46 db d7 15 26 df 8b 75 e2 0e a0 95 22 bb eb 4d 46 db 1f a1 45 de 43 e0 c6 db 83 15 26 ff 8b 75 fe 08 0b 70 8d bb eb 94 24 5b 0b 75 6a bb eb 71 46 db c7 b1 f4 bb dd 15 26 ff 8b 75 fe 0a bc 15 30 bb eb 14 22 b7 0b 75 16 bf ea 99 f0 0b 8b 69 46 db 9b 15 26 9b 8b 75 44 96 b2 95 26 33 24 15 30 bb eb 29 46 db e7 dc 46 db 33 bb 45 d8 23 95 26 a3 8b 75 ec 87 8b 75 16 bb eb 95 eb bb bc 15 26 69 a3 15 26 27 27 15 74 bb eb f5 46 db
                                                                                        Data Ascii: u)F$i&745FYuF_Fun"<u_NYF&2^FubqF?sFC'u2uu9$u@FF&u"MFEC&up$[ujqF&u0"uiF&uD&3$0)FF3E#&uu&i&''tF
                                                                                        2023-09-15 03:49:53 UTC3159INData Raw: 5c 47 9a ff 43 06 91 9e 55 7e 1b e0 47 a5 3b ec 74 3e 8e b8 34 06 ae cb 4b 25 da d4 17 33 fb ae 0d 45 be 9b 64 44 dc bf 26 73 de 62 20 08 88 21 5b 06 d8 9b d5 0b db e2 54 e2 fb 38 6e e3 75 ea 68 49 98 42 54 e0 a8 cb 13 ee a9 84 18 64 ab 88 1a 86 e2 aa 2b 8d 9d 4e 94 3b d2 eb 73 0a 7e 45 17 66 71 ea 37 b2 ae 99 55 4d b5 84 02 d3 db 26 12 c6 fe 88 15 1b bb 6a 36 93 5a 59 00 22 7d 8f 94 21 ab 4b 08 46 cb 08 5a 44 20 8b 59 a6 3c 86 55 9d 1a 66 94 a6 7b da f5 03 d8 cb eb 06 91 cb 02 54 b2 9f 01 25 9b 87 75 20 9e 9e 07 49 ab 8e 7d 26 d2 bf 75 21 be 85 16 54 65 92 b6 3a 19 2d 90 11 3b 60 55 96 b6 4a 41 89 db 3f b2 1f 7a de 95 3a b2 cb 43 63 9c ec ca 45 03 eb 37 47 d5 2b fb 65 13 2b 80 1d 3b ad 74 66 42 9f 01 56 e1 c4 5a 51 cb 9c 02 08 b2 6a 4c 5c b2 9b af 08 6b
                                                                                        Data Ascii: \GCU~G;t>4K%3EdD&sb ![T8nuhIBTd+N;s~Efq7UM&j6ZY"}!KFZD Y<Uf{T%u I}&u!Te:-;`UJA?z:CcE7G+e+;tfBVZQjL\k
                                                                                        2023-09-15 03:49:53 UTC3175INData Raw: 64 47 db ca 74 2d d2 be 74 2b 9f f6 75 15 bc eb 76 23 80 ea 10 76 db c4 30 24 de b8 77 65 b5 eb 11 2e f4 b9 20 26 de 87 75 83 b2 eb 62 41 db e4 25 71 db ca 74 11 5a b0 34 a6 d3 99 f5 29 be bf 75 4b 5b ea 1b a4 fd 9c f7 78 b8 9e f5 24 fb 6b 6e 4f 5b e7 f4 77 58 ee 14 da db 89 f5 24 5a ef f6 39 5e de f4 0e 5a de 8e a7 ea 6a 18 54 5b 8b f4 24 58 9c f4 36 5a ae ce a7 ca 6a 65 06 5b c9 f4 38 5a ec 13 a2 d0 ea f6 53 f5 db 7e 20 d2 8b f3 26 93 ea f3 db b7 e8 60 16 db f9 73 25 8e f6 66 27 da cb 8a 22 d3 db 73 26 d8 e9 74 2e db db 0c 23 18 ea 74 22 b6 fb 45 4d eb cf f0 21 eb ea f3 64 c3 ef 9f 49 b8 98 05 ac 31 db 57 65 5d f9 77 a0 ec 6f 67 45 ba be f4 21 a8 60 0a 62 db e8 36 26 d8 aa 75 55 a8 9e 07 43 bf a2 31 26 89 84 1a 52 98 aa 5b 45 fb 99 01 16 5a 6a b4 05 c4
                                                                                        Data Ascii: dGt-t+uv#v0$we. &ubA%qtZ4)uK[x$knO[wX$Z9^ZjT[$X6Zje[8ZS~ &`s%f'"s&t.#t"EM!dI1We]wogE!`b6&uUC1&R[EZj
                                                                                        2023-09-15 03:49:53 UTC3191INData Raw: 37 24 17 af 77 0c e7 d9 74 66 e9 ea bd 54 d9 fb 9d 8c f3 d9 74 1a e9 ea b1 62 dc ff 47 27 71 bf 47 27 1b 9f 77 26 e9 ea 19 14 da 61 c9 d2 df 07 d5 63 52 6e 01 14 da 41 cd 52 dc 33 47 27 87 d9 74 92 2f ef df e2 e9 ea 05 14 da 5b 01 24 6b d9 74 8c e3 d9 74 8a 2f ef e9 14 da df 47 27 71 43 01 21 53 d9 74 4e e9 ea d1 52 d9 e1 01 14 da 8f 45 27 61 76 6b 4d f1 88 61 23 85 b9 74 46 8a ea bd 4f 8f a6 80 92 d9 a3 27 27 83 ba 74 2d b3 f7 11 54 6f e9 47 74 da 6b 1f d9 7b 51 f3 67 a6 31 c1 24 c7 b9 74 20 8b 5a 73 46 d9 be 7d ad 99 e3 79 af 5a 3a d5 c3 db fb fc a7 3f da 90 26 7b 62 e4 37 ee a9 38 ba 52 ed fd 74 ee db 77 63 43 62 f7 ca fa de 77 b2 52 7a 85 13 d9 7b fc a2 53 1f 40 24 57 62 f7 da ee e9 45 ae 52 7a 71 96 90 d9 77 a2 52 e7 fd 2e 6a eb 44 24 5b 62 f7 2a 50
                                                                                        Data Ascii: 7$wtfTtbG'qG'w&acRnAR3G't/[$ktt/G'qC!StNRE'avkMa#tFO''t-ToGtk{Qg1$t ZsF}yZ:?&{b78RtwcCbwRz{S@$WbERzqwR.jD$[b*P
                                                                                        2023-09-15 03:49:53 UTC3207INData Raw: 6d ea d9 4a 15 e6 d9 cb b9 24 fa 8c b5 24 35 c3 b9 24 da a6 b5 24 eb 27 77 87 93 2b 77 c8 e3 27 77 47 8d 2b 77 4e 17 e9 f4 65 1b e9 9b 56 17 e9 b4 64 1b e9 0d ea d9 0a 34 e6 d9 04 34 e4 12 e9 d4 7c 1b e9 c5 ea d9 0a 36 e6 d9 69 cd e6 d9 51 56 2b d7 f3 df 75 57 2e 99 26 9a 4e 4e af 5a 2b f4 22 cb 34 9d df 78 63 71 16 33 4b f0 ad df 23 f4 22 55 b6 58 71 51 ef 7f 5d 50 ef a5 a7 df 71 f8 1f f8 ba fd 22 e3 03 23 ad df 33 f4 22 cb 43 d6 85 dc 61 26 17 50 ef 95 a7 df bb bb 17 b9 76 ff 22 d7 60 71 d6 cc 67 6b 27 5c 6b 6b 8e ba ec 81 d4 04 39 aa 4c dc 3b 9e 4c dc 13 19 21 59 89 f6 e6 f0 eb 9c 9c 96 42 c1 e2 b1 ec 7f b2 b0 ec 65 a7 df 11 20 e7 c7 fe df 0c b4 60 71 16 5a ef ef f8 94 c1 10 0c d2 a1 fe 22 e3 6a 71 75 ff bf d9 ff 91 e9 50 6d d9 ab 34 24 6c 43 43 c3 09
                                                                                        Data Ascii: mJ$$5$$'w+w'wG+wNeVd44|6iQV+uW.&NNZ+"4xcq3K#"UXqQ]Pq"#3"Ca&Pv"`qgk'\kk9L;L!YBe `qZ"jquPm4$lCC
                                                                                        2023-09-15 03:49:53 UTC3223INData Raw: 9d bb dd ce 24 c6 d9 da 20 04 9d eb 76 af 9e 03 96 71 2f b9 7d ce 8f f8 c6 2e 96 1b f6 e7 ba db b1 d2 33 02 6f c7 d3 7b 7c ce 77 03 19 87 db a9 23 32 fd f9 59 f4 d2 89 79 df 9a 6a 99 b6 69 83 56 3a cb f6 c7 29 4a cb 6c 86 f2 a8 6d fe 58 29 23 24 9b 3a d2 19 2b c2 6e 3a ea c3 99 31 28 f1 27 2f 0b f2 30 f5 cb cf 8a f7 aa 2e 6f ca 33 35 a5 43 7f fc e5 97 8e a9 91 07 d9 bb 9d da d2 18 f7 73 6a 3b 39 c2 33 b2 c5 32 09 f0 01 67 d3 fd 79 66 dd ba 74 2a 2b fd fe 73 3f b4 65 1f 2a f9 d4 5a 9b f9 87 3a 13 69 69 2c 9b 9b 92 3c 56 ae bd a5 c7 d0 8e 4f ed 68 69 e2 f9 c3 24 52 bb eb 57 1b 25 e0 53 de ce ea b3 10 3b 53 64 77 5e 2b 7d 29 5f 0e 67 48 0f e8 38 fa fa 19 22 ce 89 03 85 74 85 ef fc 26 9e 3b f6 5b 0b eb 00 23 d7 02 b7 24 cf 3b 6e fa 56 bf 74 00 da 5b 0f e4 d8
                                                                                        Data Ascii: $ vq/}.3o{|w#2YyjiV:)JlmX)#$:+n:1('/0.o35Csj;932gyft*+s?e*Z:ii,<VOhi$RW%S;Sdw^+})_gH8"t&;[#$;nVt[
                                                                                        2023-09-15 03:49:53 UTC3239INData Raw: 3d 25 da 39 17 70 b9 b9 c6 53 a8 8b 6b c9 dc 9e e7 be 7e 9d 45 3d 57 f9 00 d7 9a 68 c7 53 ef 4f 05 26 e2 a3 90 3c 24 ec 87 21 b3 54 a5 20 18 e9 81 21 db 91 e1 5e c9 82 bd 72 dd 14 52 9a e8 e1 62 57 8b f1 f6 4d bd e1 24 4c bd e1 8a 23 d7 89 7f 27 d7 8a 7f e5 69 ee ce 25 a6 2b 7f dc 83 2b 7f 4e 24 6d 4f 48 78 99 85 4e 2f e1 a8 64 b1 db f3 2e d9 fb f0 53 a3 0a 59 86 f0 15 21 02 cd cb 73 36 e1 15 1c 1c fc 79 0c 44 c5 30 86 23 d9 cd 55 c4 d7 ca 70 4e fa ee b5 17 24 2a 7f 77 d3 cb 70 c5 f0 14 71 d9 df 17 71 79 df c4 8c 04 70 09 75 7c 0b c4 15 52 8c 8f a6 22 fa 20 14 a3 9f 7f 9a 24 d0 aa 05 26 b3 c8 41 a1 fc 9b 75 4a cb 39 8f ce c2 1a ed fb 51 75 f7 a8 ab eb 39 76 85 df a0 56 db cb 25 b9 cb 80 30 56 db bf 84 96 69 83 8d 9c fb 8b 27 31 63 ab 70 2a 33 3e e6 23 ab
                                                                                        Data Ascii: =%9pSk~E=WhSO&<$!T !^rRbWM$L#'i%++N$mOHxN/d.SY!s6yD0#UpN$*wpqqypu|R" $&AuJ9Qu9vV%0Vi'1cp*3>#
                                                                                        2023-09-15 03:49:53 UTC3255INData Raw: ef f4 e6 3f 9b 4b 89 52 b3 46 f8 66 a1 b6 0e 94 1f a3 f5 34 a7 79 2a 7b 17 09 6a 08 6d 37 96 48 03 de be bf a4 70 01 99 16 02 84 c2 7f 6c e5 0f 99 4a 6d be 23 31 66 e9 13 52 e7 fd b3 bf de a5 0d 67 07 c8 b9 40 22 fe 5f 48 9a 78 c4 ea 0d f1 30 d9 d0 e6 ce 3a 66 ec d7 e1 92 a3 1d d6 8c 8f d1 0a 04 86 6b 68 10 fe 6a 64 dd 2a 10 ca ea 16 3c 6a 12 8c b7 47 9c 23 93 b7 39 2a c4 98 b6 f9 60 b5 23 aa 74 f9 38 4f d7 5e 39 95 63 c3 92 89 19 0b 1d 62 25 3e 80 4d 19 2c e6 d6 23 21 e6 65 c6 95 54 02 0b 7a 42 a4 65 e3 4d 99 0f 39 70 7d 0b fe 60 b5 3d 0d 39 ab 6b a6 a8 04 55 3b 7c 94 21 67 75 68 f9 a8 00 66 c8 a3 51 ca 64 e2 39 5b 2d a6 71 a9 49 3c 8f 4f ec a3 f5 57 f8 93 88 8e 63 31 be 9d 85 94 2b 87 7d fb ca 6d 03 89 c1 22 d5 7d b4 d5 81 a3 6e ff 9a fd ce ca 17 52 ac
                                                                                        Data Ascii: ?KRFf4y*{jm7HplJm#1fRg@"_Hx0:fkhjd*<jG#9*`#t8O^9cb%>M,#!eTzBeM9p}`=9kU;|!guhfQd9[-qI<OWc1+}m"}nR
                                                                                        2023-09-15 03:49:53 UTC3271INData Raw: a3 4c 3f 0e b6 5f 5d 21 42 9b 34 2f 4f 4a e3 df 9f af a5 a6 15 d0 75 07 bd a4 b6 bf 01 11 f3 5f 5f 7b 85 8f c1 34 e2 3c 2e cb d3 d9 e4 72 4d 54 84 de ce 75 48 ea b7 9a 18 b6 c2 58 ce ed f4 52 eb db 4a bd aa e7 5a 16 3d 6c 75 ce 32 f3 44 f8 c8 ba 5a ca 64 ed d8 cd 7c 46 90 ef 49 2b 2d b0 1f d7 b7 f3 73 a1 60 63 58 09 1e 4e 0a e3 36 39 e3 91 be 7b d9 4e 2e aa af 85 fb d5 f5 e5 a9 2b 6a aa 39 85 17 26 5d 55 c8 a1 84 4b f4 0c d9 d7 7e 13 1c 05 51 0c 3b bc 10 e8 3b 7e 4d 93 2e da d2 96 5b 3d 99 ef a4 a7 46 82 e5 0e 20 2d 07 ff 50 19 b9 79 7c a7 53 34 82 cd c0 65 ed 41 2c 1b a9 6e cd be cc 37 ce 77 36 a1 20 45 8a ec 86 92 15 a8 23 d1 24 c1 27 e5 b0 be 97 b8 1b 71 4d 62 16 8a d6 34 49 b9 f7 67 9a 97 75 96 07 b9 a7 6d 96 82 24 2e 1b f1 04 01 a3 0f 4a 94 51 67 78
                                                                                        Data Ascii: L?_]!B4/OJu__{4<.rMTuHXRJZ=lu2DZd|FI+-s`cXN69{N.+j9&]UK~Q;;~M.[=F -Py|S4eA,n7w6 E#$'qMb4Igum$.JQgx
                                                                                        2023-09-15 03:49:53 UTC3287INData Raw: 83 89 4b 2a e2 a3 64 f0 8d 1b 6a b8 a4 fd cc f1 e5 29 93 ca d6 7f 02 9a f2 37 8c ed f8 7c 2c fe 2d 9b e0 5b 01 b7 56 da fb 56 5b 3d 4b 3d b3 f7 1d 09 00 bb 73 59 f8 b8 b4 6e d8 49 7c b0 eb cf 7d c1 60 f1 8f a9 53 38 00 c6 2c cb 27 fb 17 77 37 31 d4 3d e6 db 86 ee 6b 9b 51 19 db fd 4f b7 3c de 2e 47 c6 b1 21 ae c9 68 18 41 32 86 08 bd 94 37 49 3d c8 c2 0a 2c b6 95 df ad cd 7a 41 a4 e2 3d 4d 99 09 3e 7f 7e 24 17 65 5a 5a ef f4 52 0e e3 7c b7 fa e0 5a 55 a9 6c 75 c7 d1 8f df 70 20 4f af df 48 f7 f7 94 46 96 53 d7 4e 90 04 7e 98 6a 7f bf da dd ac 96 00 fa 91 3c b9 4a 32 f5 be c9 42 f4 ab fd 55 94 1a d2 ca ee c2 68 e5 0f b1 c3 d6 a9 ea d9 d0 4a b9 fb 3b dd 71 a7 26 5a 72 0a 48 cc 17 0c e3 75 a5 ff 82 03 fe 48 65 e9 25 1e b9 99 1b f7 97 12 18 e1 90 e0 e2 29 87
                                                                                        Data Ascii: K*dj)7|,-[VV[=K=sYnI|}`S8,'w71=kQO<.G!hA27I=,zA=M>~$eZZR|ZUlup OHFSN~j<J2BUhJ;q&ZrHuHe%)
                                                                                        2023-09-15 03:49:53 UTC3303INData Raw: 39 1e 16 a5 24 f1 fc 7d 39 8d 45 71 1b 47 f9 be 09 b6 7b ee 3d 0f d8 52 6b 6f 95 04 55 e0 3f 31 11 7b 6a 5c 46 dc 9f bd ee f4 b9 ca 64 b4 3f d9 0d e7 74 41 0d 0f 04 94 be 42 38 e7 08 1a 6d d3 2b 7c a0 c7 85 91 f5 20 1e 44 73 86 54 86 ca bf 40 02 45 c2 8c 69 e5 0f f9 8c 64 dc 27 d9 d0 19 b9 26 80 b6 bf 0b 70 d1 87 3f db 53 da f5 3b da a0 17 c4 78 07 3c 1e 36 65 e8 4c ef 12 4e 68 e3 dd 7d 1e bb 25 28 07 47 bc e2 88 6c 7c 86 9a 30 82 77 ea a1 e3 a9 99 49 ff 39 cf 13 d4 65 17 fa 7b 9e ce 5e 73 17 7a df b0 bf 0f aa 00 3d 5b 5b d7 69 8e e6 1d d9 30 48 ed 80 29 40 e9 75 08 4c e6 0f 49 11 34 40 c6 69 39 3a 04 e4 17 f1 de c7 96 0f 05 61 af 98 7e 6c 2c 21 49 e6 33 3f c6 44 08 60 b0 b2 52 4f 4d f6 95 b7 82 c7 31 2b 27 54 ea e3 af 93 8f a1 e4 1f f2 e3 37 8d 45 93 13
                                                                                        Data Ascii: 9$}9EqG{=RkoU?1{j\Fd?tAB8m+| DsT@Eid'&p?S;x<6eLNh}%(Gl|0wI9e{^sz=[[i0H)@uLI4@i9:a~l,!I3?D`ROM1+'T7E
                                                                                        2023-09-15 03:49:53 UTC3319INData Raw: 94 d8 5b 4f 4b 7d 6a 98 e2 e1 0a a1 1c d6 8a ca 8d df 03 86 7c c7 6a ce 7d c1 a1 49 12 be d3 a0 0b c8 ba 24 b1 30 93 07 84 ea 20 3c ca ed 86 9c d5 2c 21 aa 00 5d c2 ae a2 51 5c 35 c2 c1 92 75 01 53 27 ca 32 f4 0e 71 e4 84 92 f5 03 c5 1c 9a 4b e7 04 db e4 0e 61 f1 9e 19 b2 14 dd 6b 06 41 af d5 84 13 48 00 3f df 77 53 a7 04 42 17 43 82 26 1e 07 4b 45 dc 30 de bc ed ae 35 e9 39 76 68 3a 91 9b 38 b8 3d 04 e6 6d 84 c6 40 a8 79 0e 7f 16 09 6c 4e d2 3b 81 2e 1e 5a b0 7a ab 8f 87 b6 bb 76 b4 c2 7a 99 1b f0 ff cf 5e c9 17 26 38 7c 1d 53 93 b8 d6 bf da a5 0d df d6 f4 af f3 5e 8c 94 eb 3b 0c e9 f8 a7 cc 99 ab 29 de 3a 4e 68 8f 59 f8 fe ac 6f a4 03 bb c6 dd 14 40 65 c6 64 bd 0f a0 d7 2a 10 a9 02 b9 01 c6 c9 56 e8 46 e8 05 93 36 39 2b c4 9e f4 ad a3 bf 23 bd e7 44 e2
                                                                                        Data Ascii: [OK}j|j}I$0 <,!]Q\5uS'2qKakAH?wSBC&KE059vh:8=m@ylN;.Zzvz^&8|S^;):NhYo@ed*VF69+#D
                                                                                        2023-09-15 03:49:53 UTC3335INData Raw: de e3 09 41 b4 39 fe b0 b5 86 f1 68 b7 3c a2 e0 30 a3 f4 57 11 9d 77 71 b1 9c 9e 7a de 2c 38 d1 1e 32 9c 7a ab 8f 46 ee 17 61 61 98 f4 97 68 43 56 7a d2 14 5a 27 2f 94 a0 89 4c dc 4e 0c d9 a5 a5 ba c0 21 49 e4 29 06 a0 17 4f 3b e9 6d e7 cc 99 a5 48 da 4d 7d c7 8f bf da fe ac 0a c7 01 47 39 a1 38 61 19 74 bf 24 06 8c 58 ec b9 a9 fe 4f ff 39 c7 37 24 30 5b de 57 9e 3c 6f 5b f1 3f 11 08 12 8b bd 43 b2 1c 5f d7 7e 5c f4 b2 4c 85 94 28 7e 29 6d 46 a9 08 83 f1 88 ad e3 34 6d 88 18 2f 98 de d9 e4 a6 61 d5 68 e7 4d 1a bc 7f 70 72 00 d5 f6 50 48 00 da d1 83 af 58 12 d2 b1 b2 7c 8e 1e c6 b3 a1 cb b5 31 20 1c db 02 8c ee 03 6a 3a ed 9f b1 c2 0f ab 83 c2 fb c4 40 bf 96 8e 8e e8 75 25 db cb 8b 5a c5 72 e1 35 bd 02 ea 58 cd 47 89 c8 c6 12 e5 a9 2b 5e c9 ce 8f 88 3b 96
                                                                                        Data Ascii: A9h<0Wwqz,82zFaahCVzZ'/LN!I)O;mHM}G98at$XO97$0[W<o[?C_~\L(~)mF4m/ahMprPHX|1 j:@u%Zr5XG+^;
                                                                                        2023-09-15 03:49:53 UTC3351INData Raw: 3a 0e d8 36 3b 3b 8f ee 0b aa a3 d3 23 50 72 00 06 fd 4f 19 2f 42 50 0e e9 80 d6 65 46 b1 6b d6 cf 7b 6d 96 13 6d 67 be b2 61 77 ad cd 7a 44 a4 22 18 b2 66 09 ec 38 55 55 85 65 1d 49 00 ed 0c de f4 9b ad 21 41 39 30 fd 9b 62 6d 44 23 cf bd b6 98 50 ca 64 e5 39 d8 e1 62 9b fc b0 c3 fb 32 be eb 6c 34 a6 c6 bb 71 63 78 f1 c2 46 c7 fb 18 82 30 a9 34 1e 03 0a 43 f9 99 4a 2a 0a e1 5b 1b 73 42 3a be 66 c1 d1 19 ec 28 a5 41 4a 1b b3 10 f3 37 05 bb 49 0d d3 01 29 a9 d8 f2 01 b7 dd a4 c2 26 a4 c2 4b 37 37 67 1d 09 50 d8 2c c1 c8 b9 c6 dd 71 ff d8 39 9b 30 09 82 7c bf e0 1b c4 f6 01 c6 bb 82 65 e2 49 39 2d 9e 39 5e 75 17 fc d8 2c 45 34 05 b5 b4 1c dc 3a aa d1 e6 55 6a e6 7b 01 e4 22 cb 32 4a 51 c6 d7 93 73 e3 34 cb 69 ab 2e 07 df d9 e4 49 89 4d 6f e7 2b 1c d6 73 f8
                                                                                        Data Ascii: :6;;#PrO/BPeFk{mmgawzD"f8UUeI!A90bmD#Pd9b2l4qcxF04CJ*[sB:f(AJ7I)&K77gP,q90|eI9-9^u,E4:Uj{"2JQs4i.IMo+s
                                                                                        2023-09-15 03:49:53 UTC3367INData Raw: a7 73 d2 41 f0 a1 a5 ec e2 2c f8 df 06 b8 be b4 bb 9b 8c d0 a5 d0 31 12 96 43 f0 11 fb 50 78 0e 57 79 c2 1a 47 93 06 47 48 a4 1e 9a da c9 ca a7 81 a5 53 bc 17 42 50 48 bd a9 fc 79 94 b8 e7 14 a2 4c 59 aa 64 ca b4 4b ff 39 2e d1 66 55 72 e8 7b 15 43 3d be fe 0d 2d d3 0d d8 d6 9a b1 1c d6 10 8a c5 50 b7 c2 92 75 62 cc f2 24 40 2d a7 6d 1a b5 85 02 78 cb 1d ee 92 4e 00 4c 1f af d8 c1 23 c3 55 71 f0 9a 04 41 09 b8 f6 97 f2 74 f6 76 97 26 1d ff 21 dc 96 6c 32 ba 85 20 77 ae 9b 12 00 1f 9d 22 8a 06 4d 6b 4e 3a 57 89 18 4e 70 f3 e3 28 3a 57 77 91 88 8e b1 75 19 c2 33 d4 14 d3 ae 22 b1 e2 6f f5 78 18 74 49 a0 2f b2 d0 1b f0 8d 1d 64 68 b3 80 89 da b9 26 80 64 d8 96 da 5a a4 60 07 fc da fe 56 fe d5 10 7c a0 fe 48 a9 d9 32 ad ab a8 cc eb 7f db 0c 09 00 d8 34 78 82
                                                                                        Data Ascii: sA,1CPxWyGGHSBPHyLYdK9.fUr{C=-Pub$@-mxNL#UqAtv&!l2 w"MkN:WNp(:Wwu3"oxtI/dh&dZ`V|H24x
                                                                                        2023-09-15 03:49:53 UTC3383INData Raw: d3 94 47 91 0e 0a d1 af 65 c8 de 90 a9 d0 f2 ea da 30 45 41 11 fb ec b9 71 aa 82 f5 09 85 83 79 79 25 3e 06 1b 9b b3 96 9b 34 5b 53 69 3b 12 43 60 0b 1b ad 58 d1 5d b5 87 13 da b4 91 c8 30 f8 c9 92 c8 d1 79 81 de 70 7d 15 08 2a d5 67 90 27 9f 43 dc c5 c4 42 50 89 62 41 3a 35 d8 ac c7 99 52 b1 6f 35 5b f3 53 54 98 35 d6 8e 9f e4 f0 a8 5f e8 41 33 74 a2 dc b4 76 25 a4 c2 e2 81 ab 77 68 0e c6 d5 fb 2a 07 47 33 11 3c 26 ca 65 c0 b3 46 60 ef 84 bc 14 7a c3 0e 6e 2e a9 66 b2 a1 44 4a 17 c8 d5 b2 6f 5d 01 b0 6a 54 aa 00 30 dc 2a 63 25 4f 54 96 3c 6d 01 3e 83 48 c4 cd 79 83 1c 73 6f 3c 90 a0 31 b3 ee 0b 82 84 ce e4 0e 0a 88 7f 67 f3 85 53 67 fb be 24 21 bb 5c 82 fd b2 52 0e f9 54 ac 21 7e 5a 34 3d 6c 75 ce 3c e3 bb 2e 7f 42 0d 91 3d 77 38 12 d5 6d 73 a9 6d f3 c7
                                                                                        Data Ascii: Ge0EAqyy%>4[Si;C`X]0yp}*g'CBPbA:5Ro5[ST5_A3tv%wh*G3<&eF`zn.fDJo]jT0*c%OT<m>Hyso<1gSg$!\RT!~Z4=lu<.B=w8msm
                                                                                        2023-09-15 03:49:53 UTC3399INData Raw: 73 e7 45 3b 6c 9f 4a 2d bb fe 35 87 90 6c 11 83 a5 f0 41 96 4c 15 21 c6 eb f1 3c f1 76 b2 0c 87 d5 fe 20 5c 49 20 88 ab 4a 47 6e c8 d3 32 cb ca 17 ab c0 b3 2a 0e 74 59 5f 93 81 9d 32 07 3c 2e 01 11 dc 5c 20 c7 de fe 7c d9 0c c3 36 33 f9 b9 7c 88 cc d4 b6 67 55 46 1e c3 86 c9 2c 9b cb b7 f9 0d a6 14 61 fe 54 01 8f bd 1f 95 65 d2 85 ed d4 6c 62 08 ca 42 50 39 a4 d7 51 ca 64 3f f6 b0 dd e3 7f b7 19 92 a9 e2 a5 20 d2 ee 92 91 88 05 ad fa 6a 8f 62 e3 f5 85 d2 1d 87 80 55 02 81 88 63 00 0e 2a 83 02 c1 e6 f2 42 3a 35 d4 58 df 9c 68 ad 6c 35 d6 b7 02 7a a2 df af e4 ae f3 8a 58 25 d7 cb 7b 9f b6 56 32 ed e0 2f b6 e2 a1 bc a1 77 19 59 50 1a c1 ff cd 39 22 77 91 11 d5 94 b4 ed 4d 2c d5 64 0d 08 54 be fe 01 df 3d bd 17 fa 93 c8 42 d5 3b 98 a9 98 0d 4c 59 87 f0 31 5a
                                                                                        Data Ascii: sE;lJ-5lAL!<v \I JGn2*tY_2<.\ |63|gUF,aTelbBP9Qd? jbUc*B:5Xhl5zX%{V2/wYP9"wM,dT=B;LY1Z
                                                                                        2023-09-15 03:49:53 UTC3415INData Raw: a3 50 5b 04 29 3a 12 2b 7f 6f 9e 6c 2c c5 64 79 99 35 bc d7 d9 ab 3f 58 b5 a9 9d 01 a9 7e 21 8f c5 d5 f7 88 9d 8c e4 ac 9c 84 5e 02 3e 2c e1 c8 8d f1 7f 24 57 5f 5f 88 bb 9b 0f 99 fd 7f eb 71 25 bf 86 a2 8f 23 53 15 13 5d d6 90 c5 b8 8d 60 1d 78 11 1f cb 85 ee 9b 5c 2d 0e 4f 59 ad ca 90 24 90 92 1f 18 ba 69 63 02 7b 39 ef fb e9 af 5e 97 75 eb 2e c0 55 ac bb 10 fc 52 b9 ae bf a4 3f 80 35 2b 4f ef c5 63 cf 12 16 41 19 4a a1 c8 21 84 36 1e d7 54 42 50 c6 4d 5f 51 36 9f 10 fe 66 92 4e 18 ad 97 d5 25 4c 6f e7 a5 34 44 67 fb 35 a0 b8 c0 ed 33 75 b6 52 83 24 ab 13 cf 43 4d 83 50 d7 3e f7 3c e3 c0 b2 4d 18 50 ca 22 37 4c 84 b9 87 fe fd 6d d7 70 a4 08 be 0a bf 57 1a 78 0b 1e f9 64 9f 42 c7 7e 5c ba 05 05 6c 11 11 0a ca cc 79 ce dc 05 ed ac 0b 72 42 b1 e2 00 be ee
                                                                                        Data Ascii: P[):+ol,dy5?X~!^>,$W__q%#S]`x\-OY$ic{9^u.UR?5+OcAJ!6TBPM_Q6fN%Lo4Dg53uR$CMP><MP"7LmpWxdB~\lyrB
                                                                                        2023-09-15 03:49:53 UTC3431INData Raw: e0 f8 14 42 da b0 d9 65 d8 70 e6 f3 21 19 74 ff 5f 93 81 e7 bd 63 05 d3 7d 4b 29 17 0b bd 93 8e 79 32 f0 d2 37 cb 11 97 a2 03 0e d6 12 c6 a8 1f cd bc 4f 40 68 34 c3 7b 3e 98 9e ae e6 04 53 7e 8b 3f 7f f5 73 51 f6 19 22 3d 04 8e f3 95 ca 3e 87 64 b3 65 61 50 16 2b a6 6d 9b 37 a1 89 13 ee 64 45 a4 0f b7 2a eb a7 c9 e8 51 66 2c 40 25 8f 96 19 6e 21 9f 9b d5 ae d8 a0 c9 4d fa 92 5a 3f 08 dc b4 bd 8c 42 e8 e4 80 6c f1 43 7a 32 a8 d5 7f f3 47 42 00 ac bf 51 c4 8e 29 e6 0a 44 34 53 06 2a 57 9c 81 d9 f1 50 ab 10 b8 cb f4 a1 06 4c f8 28 bc 1d bc 42 50 b5 74 43 a9 1d ec 41 2c c3 63 1d 18 d9 3c bd 2e 7e 5f 71 ca d5 3b 66 32 9a 8b a8 3b 56 ff b5 97 af d9 58 de 3d 08 3f 6d 8a 2e c4 f2 28 6c 89 c1 4d f2 36 56 f3 b6 28 69 a0 4b 16 04 7e da 11 8d 4f 97 cc b8 12 9f 8f 72
                                                                                        Data Ascii: Bep!t_c}K)y27O@h4{>S~?sQ"=>deaP+m7dE*Qf,@%n!MZ?BlCz2GBQ)D4S*WPL(BPtCA,c<.~_q;f2;VX=?m.(lM6V(iK~Or
                                                                                        2023-09-15 03:49:53 UTC3447INData Raw: e5 81 50 98 cd 4a a6 61 93 9a 04 8c 79 67 b8 cb 44 70 8b d6 f5 01 79 c7 1e ab d9 fc 5f f2 b4 ec 98 b1 55 64 89 9c c5 95 8c 19 19 f7 e1 36 35 58 8e 78 f5 ff c0 d4 0a 8c 2b d7 30 9f c7 9a 90 da ac 3e 38 b2 38 d5 e8 ca 50 20 60 ff 96 df 99 d7 cd 3d ec 8e 9b b3 4f a8 0b 8f 0a 28 0b 7a 45 50 56 46 be e7 a6 db 4b 36 fe ef 0e 28 21 f3 31 a0 b6 4c 69 92 dd 24 f9 3b 08 77 1a b4 41 1d cd 55 65 42 9f 36 59 04 78 e6 f1 b3 14 5d 9a 89 5c e9 04 aa 82 e1 3c 82 f1 28 4d 7b 2b 8d 46 c5 34 e7 0c 88 e2 4c ee 4f 02 f3 64 82 68 19 4c 4e 7a 8a be 46 0b 42 57 4a 7e 03 5c 37 cb 42 50 f6 74 73 7d 29 e9 f6 87 6b 27 23 93 e2 e6 05 40 ac c3 d7 2f ec 37 f4 c7 42 50 39 e3 1a bc de 59 78 f6 55 45 36 ea 3e 92 7e df 67 9b 52 38 84 07 34 96 12 69 91 64 41 07 b3 14 89 1c 7d 0a 35 67 fb 73
                                                                                        Data Ascii: PJaygDpy_Ud65Xx+0>88P `=O(zEPVFK6(!1Li$;wAUeB6Yx]\<(M{+F4LOdhLNzFBWJ~\7BPts})k'#@/7BP9YxUE6>~gR84idA}5gs
                                                                                        2023-09-15 03:49:53 UTC3463INData Raw: 86 94 b9 55 65 25 ca 2a 6c 76 a7 cd 58 4d 06 a9 82 3f 0c b1 10 c5 d7 7b 9f 56 0f 2d 5c a8 1a 4b 73 b2 2c 91 93 e8 ff 37 71 10 97 15 d3 7f 36 90 5b 72 be 92 59 d9 66 79 98 05 0b f1 a0 55 2f a7 43 61 c3 81 c9 d6 de 70 69 fc 00 68 fd 8f 8f d8 e9 a4 22 b3 2e 5e d0 c8 bc 64 4a 63 f8 c2 2b fc ce 97 de b5 4a 02 da 66 d8 6f a6 91 c4 ef 28 e7 48 00 15 4c 0a 70 3a dd 7b 3f 47 48 cb 8b ce 22 17 89 43 0a 98 e1 6e b5 2b a3 2d 60 4e 1e de 9f f7 0f 3d 19 fc f6 5d f6 18 2a ef 20 36 6f 6f cf 2f f6 af b5 24 a6 b5 f6 7e e1 ac c0 bf e3 01 59 07 2c 19 93 cf 2a bd ef 03 19 da d5 d0 38 bb 31 31 75 f7 9f 2e 0b 92 0c f6 0d 0c 2b 5a d1 78 a2 b1 c1 80 cb 58 15 71 91 e9 38 7b da 20 ec a2 01 8e 21 78 e8 67 d3 7a 30 ab 39 6c f9 1d 6e f5 b0 f3 67 80 ec 23 42 50 1f 03 85 70 9a 89 83 a4
                                                                                        Data Ascii: Ue%*lvXM?{V-\Ks,7q6[rYfyU/Capih".^dJc+Jfo(HLp:{?GH"Cn+-`N=]* 6oo/$~Y,*811u.+ZxXq8{ !xgz09lng#BPp
                                                                                        2023-09-15 03:49:53 UTC3479INData Raw: 23 93 64 17 bf dc 7a e3 92 fd ca d2 c8 62 1e 7b f5 8e 58 60 bb 48 76 97 f7 22 d3 25 70 19 7d 1c 7f 24 4a 17 15 12 ac ec 9a bb e3 38 22 bf 8f ee 80 86 38 9e 34 fe 0f 94 06 16 41 19 ef 2c bb fc 74 8d f2 2f b9 1c 31 12 ba a5 1c 9a 35 23 c9 1e 08 77 74 a0 a1 1d c7 a2 ec bc ca c5 a9 d9 f3 71 b2 1a 0b 10 3e 96 0e 5f a4 84 f4 6b 99 39 0d 57 07 67 61 3a 1c 92 91 89 44 16 be 7c 5e fc 65 c8 27 c7 be 62 9b 35 dc 84 66 e1 8f 88 5e 46 04 9b 44 61 f7 52 ec 83 56 89 15 ea a3 a3 6a a4 13 e6 9e 07 32 c7 46 ab c3 69 1b ef 3a 11 3c 47 4f bc b4 2c 44 52 46 32 7b b2 9a f0 6d b1 6e af 88 cc 03 a2 a3 15 7e e9 b9 60 7b 6c 11 1f c3 0d da f8 5c 18 68 44 5b 16 bb 07 c7 54 af 82 1f c8 66 14 ac 42 4d ff f4 62 ca 97 93 75 60 4e c8 d1 77 ce 05 93 a5 50 51 40 48 ee 1d fb 28 1b 23 d8 51
                                                                                        Data Ascii: #dzb{X`Hv"%p}$J8"84A,t/15#wtq>_k9Wga:D|^e'b5f^FDaRVj2Fi:<GO,DRF2{mn~`{l\hD[TfBMbu`NwPQ@H(#Q
                                                                                        2023-09-15 03:49:53 UTC3495INData Raw: bf e1 73 6f 42 50 36 28 8d 30 9e 6d 46 c5 be c0 d5 f9 6a 03 5f 20 b4 1e 0e 34 c8 ec 69 0a 2c 67 cd 84 7c 53 1a 64 9c 27 9c 84 ee 06 6c 62 2e 13 b8 10 d3 21 ef 00 c4 fc 44 10 7c d8 07 80 36 66 2e a3 d0 4a b3 52 88 46 e4 85 8f 02 41 6b 61 d1 50 aa 4f 42 83 42 35 f2 5c 11 68 6e 4f 14 11 73 e7 1b 8f 5a 80 52 99 2e 37 b7 f4 23 37 2a ab aa 2b 8a ad 13 c0 5b 28 39 1f 7b ec 3e 42 b7 80 40 57 df 2c 90 8f d5 8f 25 86 69 41 92 87 a4 21 2e 01 ef 15 0e 68 c7 a8 5e be 97 7a 19 d5 b4 77 47 0f f7 41 3b 7a ea cd 1c 73 de 25 c9 2c 80 04 ae 59 b3 27 51 65 88 66 82 63 5d 72 b0 39 f6 0a b6 19 1d 6a a8 98 e7 f7 b2 ba e4 ac 1a 65 4f 1d 19 98 23 f8 e6 28 e1 51 05 0d 6e e6 bc a7 5f b2 3c 12 65 e4 6c 40 ea 83 8f 96 a9 6f a0 00 70 b4 cf 1e 2d dd c6 da ac a5 ec ed 18 fb 7b c4 3a 6f
                                                                                        Data Ascii: soBP6(0mFj_ 4i,g|Sd'lb.!D|6f.JRFAkaPOBB5\hnOsZR.7#7*+[(9{>B@W,%iA!.h^zwGA;zs%,Y'Qefc]r9jeO#(Qn_<el@op-{:o
                                                                                        2023-09-15 03:49:53 UTC3511INData Raw: 1f 11 88 24 f7 48 76 bc e2 8e d7 e4 34 fe 0f fc 07 16 41 11 52 45 31 aa ba 9b 1a d7 d7 0b cf da 3e 35 1d 9a 35 48 f9 c5 83 cc 4f b7 5f ed 3d 9c 9b 37 87 42 69 00 04 eb ed 4d 6e dd dd fd 54 01 0c 2d 71 01 6a 5d a0 3c 5d 39 ee f0 38 98 f8 27 46 9a 7a 9a 84 0a 74 cf 1a ce 91 da e5 94 c8 f3 f5 ee f5 2b 35 22 c0 28 3a 84 85 96 56 80 aa d2 8a a1 ce 8c 5c 9f 28 bd d9 84 d2 43 ef a1 a5 ec 69 52 30 f2 d2 b7 3b 03 30 e6 94 6e 07 a2 76 12 06 bf d1 f1 fb da 67 d3 72 a2 a3 11 69 c4 4f 77 8c ef d5 03 c4 09 bf b7 3f ef 5b 78 2f 2e ee 9a 2b d7 43 7f 1c 9f 55 e2 ac 28 50 bb 6c a3 28 7f a9 7f eb 13 96 ab d9 a7 48 28 13 c8 be d5 ed 11 7e f3 c0 39 35 0e 74 83 c2 3e c5 52 ce ee 69 7d 69 ce 8d 92 54 0b da df ba b3 4a 65 40 d7 46 97 08 fd dc 35 3b 1d cd 41 72 cb 7a 36 d3 93 43
                                                                                        Data Ascii: $Hv4ARE1>55HO_=7BiMnT-qj]<]98'Fzt+5"(:V\(CiR0;0nvgriOw?[x/.+CU(Pl(H(~95t>Ri}iTJe@F5;Arz6C
                                                                                        2023-09-15 03:49:53 UTC3527INData Raw: f7 e6 c4 76 43 cc 6b 70 27 d9 00 00 20 00 49 44 41 54 dc a2 e4 30 67 dc 5b 2e 46 d7 0d 50 62 81 51 18 d6 90 c4 70 3c fd 9f e1 6c c7 e5 6c 6f 2c 92 21 b0 47 a5 8a 65 c9 f3 52 83 e2 68 f4 50 bc c0 bd 4d fb 13 50 06 68 6c b2 eb 1a c0 54 ac 53 87 55 13 42 27 8f 64 d2 5b 13 43 35 34 0e d2 eb 35 9d 3c 42 31 61 da a5 4c 72 91 d3 d1 e3 16 93 ba 45 58 92 1d 8b 65 cd 77 b7 d6 2a 5a d1 78 a2 81 df fe e7 d3 ef 40 93 fd 4c 61 51 8d a7 7a fe 70 d6 5d 1e e6 1a f1 d6 5e 12 2b 6d 43 13 ba 4e d8 57 7e 44 8d 2a bc 3e 5b 8c 7b 30 ef af 3b ee cd 85 c6 3f b7 65 93 a6 c9 ee f4 8d a9 f4 64 87 69 1a 6b 2f 89 64 90 7e 1f e1 21 c6 b9 e4 a9 67 ed 10 0f fc d1 76 c1 05 30 5d 0f bd ce 9f ed a9 d0 af 13 a2 dc e9 77 4f 57 55 fe 18 f5 97 e7 60 91 6c 11 1f 19 42 3a 4c d9 15 34 a9 2f 16 29
                                                                                        Data Ascii: vCkp' IDAT0g[.FPbQp<llo,!GeRhPMPhlTSUB'd[C545<B1aLrEXew*Zx@LaQzp]^+mCNW~D*>[{0;?edik/d~!gv0]wOWU`lB:L4/)
                                                                                        2023-09-15 03:49:53 UTC3543INData Raw: d1 a3 3a 93 08 ba 9d 54 49 26 12 01 8e 55 7d 1e 9a c7 e6 7c 18 39 85 98 9b 60 0b c7 97 ef b8 e7 4e 9f 00 00 20 00 49 44 41 54 f6 ee a2 3f 3e 1a e2 07 9f 6d 2c c5 bc c6 e5 91 fd c3 5f 54 35 d3 7b 9d 12 c8 f9 7c 21 8f 6b a1 66 f1 1e ef 6f 72 17 68 8e 4d 6f a9 f3 bb 85 9a 3e 77 07 84 c4 8e c8 83 db 0b 19 c1 a8 67 a4 22 fd a6 37 6f fe c2 1b de 12 15 08 27 ad 8a 73 6c a8 1e 41 c9 ca 2a ac f1 9e 2c 7b 56 9e 4b 6d d7 68 6d c6 9a 62 6a fd 3d bb 06 fa 93 dd 1a 18 6c ea 13 c0 ee ac ba 1f 7b 66 b9 97 37 8e af 88 11 29 6e 3e ae d5 5b 5b d5 ca 6d ef af d2 af ed ba 1d d7 54 42 c2 15 fc b3 2f 5f bc 8e ed 97 a1 03 b9 57 d3 67 50 b1 65 c8 d0 99 d3 66 83 6c f4 48 23 14 65 cf 8f be 8f 54 7d 1e e0 12 01 b9 ad 39 6e 8d 93 5b 7f 36 82 98 4d e5 9a 7a 29 07 d6 f3 14 e8 c2 3d c8
                                                                                        Data Ascii: :TI&U}|9`N IDAT?>m,_T5{|!kforhMo>wg"7o'slA*,{VKmhmbj=l{f7)n>[[mTB/_WgPeflH#eT}9n[6Mz)=
                                                                                        2023-09-15 03:49:53 UTC3559INData Raw: 34 5a a8 da 92 5b e2 27 f7 04 96 c3 80 a3 9c 2b 86 5a 3c 53 4b 5f a7 99 02 76 b2 5d 44 f1 c9 72 21 23 a7 bd 47 dd ab 0f e3 64 b7 d8 e7 5f 60 ef 11 2a af 57 b4 9a 0d 77 ee 13 00 00 20 00 49 44 41 54 71 ef 8b 1a 9f b8 ed 09 c0 8d 5a 54 9a ce 9d ba 9d 0a d5 0e 33 04 92 04 47 3f ed 00 f3 92 a1 ba a0 59 11 ff d7 c9 8b a3 bc 1a 11 d1 8d f5 55 cf af 8f 6c 9b 74 7a 97 92 72 1b 11 39 91 08 84 f0 5f 6d 2c cd 37 f2 ee 92 48 3d 09 ab ee e6 36 6e 91 69 fe c0 21 8d 96 2a a0 7a a9 47 11 dd 9c 85 dd c6 46 b7 9e 3b 99 90 04 a1 72 a4 36 03 b7 9b 8c b6 fd f9 25 91 5b ab 6d a7 09 af 73 b9 13 d6 07 98 63 9c b1 8b 73 18 1d 9e ba c9 ca a6 d7 88 33 8c 17 02 ec 87 ed 88 1d 61 8d 9e 55 e6 fb 0f 3d e2 fb f6 28 97 ce b6 60 ec 95 df 40 ed 94 0e f8 38 58 c1 9b b8 f4 8e 38 f3 a1 a3 74
                                                                                        Data Ascii: 4Z['+Z<SK_v]Dr!#Gd_`*Ww IDATqZT3G?YUltzr9_m,7H=6ni!*zGF;r6%[mscs3aU=(`@8X8t
                                                                                        2023-09-15 03:49:53 UTC3575INData Raw: 91 78 b5 b6 2f a4 a7 ba 79 52 d1 5f c0 2f cf 3b ca b2 1b 2d a4 34 87 2a fa fa b1 b0 8c 7e 90 84 86 4e bd a9 1a ba 40 2e 94 ce 15 3c 20 c6 09 6e 63 cb bc 99 d7 e4 62 e1 1d 64 9e 5a fb 2d d0 25 c1 16 56 fc b3 f9 36 8f 21 7a 62 f2 12 0f 9a 0b 90 01 00 00 20 00 49 44 41 54 82 2b c8 99 85 1a ed 24 ea 68 25 20 d3 78 96 22 55 41 87 32 3d a8 45 de 86 21 f3 88 4e 3d b2 29 59 f7 d7 56 b5 de bf b9 9b c3 e2 cd a4 db ef 5f fd 71 90 e3 af 3f b4 ba 9d 57 54 e3 99 3d 1b 6a e2 65 6c 42 54 3c 7c cd 30 06 db 22 c4 58 e5 3f 06 32 2c 00 87 93 93 4b d9 51 75 fc 54 ea 8d de be 4e 33 85 e6 a3 63 c6 91 0e dc 94 74 4a 78 10 fa 83 4e e2 99 85 58 1c 5c e4 69 39 b2 46 92 c9 fc 3b da fb 4a 9c c9 18 69 3e 41 2b f8 71 69 7c 6b fd 20 9a 6f a4 58 88 ee 30 64 5e d0 18 12 ee cf 20 ef 56 73
                                                                                        Data Ascii: x/yR_/;-4*~N@.< ncbdZ-%V6!zb IDAT+$h% x"UA2=E!N=)YV_q?WT=jelBT<|0"X?2,KQuTN3ctJxNX\i9F;Ji>A+qi|k oX0d^ Vs
                                                                                        2023-09-15 03:49:53 UTC3591INData Raw: a2 55 a5 48 63 25 d2 ad 44 ea 47 88 cd 17 ec ec e8 03 c6 69 0c 9b 5e 77 61 b7 16 03 e1 41 7c e7 7e 60 94 66 05 6f ed 88 e6 d5 93 97 14 57 33 6a 4c 9c 9c 88 35 6c 5e f8 29 45 e6 a7 be 35 87 1d a0 47 d2 ad 80 01 bc bc 7c 60 18 b6 c2 35 87 71 48 5a 58 f8 29 c7 b3 c9 7c 60 81 8c 39 94 d2 ad 46 fb 71 a6 b2 45 c3 2e eb b5 00 00 20 00 49 44 41 54 31 4f b8 07 2a e9 5f 8b a2 92 f1 24 64 2e 01 9a 71 88 53 64 04 c9 51 b8 54 71 0c 57 9b 06 cc 09 2e 45 4f 45 75 91 ab 1a 63 1e 7e 15 a2 c9 56 10 aa 93 b4 4c 3b 88 d5 01 1b 32 85 a7 b2 23 0c d3 a5 1f a0 f0 f3 f4 b4 45 a7 e8 d1 3d 98 51 2d 01 a2 1a 65 3a 70 c0 ca 07 b3 88 e9 2c 22 53 02 a4 f6 da 0c f2 90 ed bc 95 d1 a0 71 45 43 2d 36 a1 a5 67 63 49 a2 ac 94 64 de 27 9c 84 a9 88 42 1a 46 a2 68 ed 7c 5b 0c ba a9 7a e1 ce 70
                                                                                        Data Ascii: UHc%DGi^waA|~`foW3jL5l^)E5G|`5qHZX)|`9FqE. IDAT1O*_$d.qSdQTqW.EOEuc~VL;2#E=Q-e:p,"SqEC-6gcId'BFh|[zp
                                                                                        2023-09-15 03:49:53 UTC3607INData Raw: 1e 0f 2c 53 0c 09 74 45 17 92 82 2f 63 45 63 79 7e 15 e3 c9 59 19 a2 93 e1 4c 12 51 15 fc 35 88 85 a8 b2 3e 9a 5f 35 4c 0c f0 de f4 b6 40 d3 55 37 55 98 66 2d 2e 62 b9 d9 0d 66 89 cc d0 82 08 ea 4b 34 dc 4b 45 15 bf 69 b1 72 c1 24 1e a2 69 84 7f 47 8f ff 2a ed 8c 28 f8 60 1d 17 0b 9c 6c 78 41 c6 1e ce 74 48 03 bb 9b f9 88 d9 cb 13 0f 1d 12 4c d9 08 6f d9 4a 6f 50 33 68 d5 33 62 c2 21 6f 00 00 20 00 49 44 41 54 a6 88 01 85 c1 a7 80 4c 8d 53 0c fd 57 87 a2 e9 87 8c 5f 51 30 08 cc d0 3b 48 3d bc c5 17 08 e6 41 48 3d 6d 39 44 1d 28 a2 bb 65 7b 89 bd cd bf e7 98 6a 42 1c 67 cc 82 ec 00 6a 05 f1 0a 16 9d c3 70 cc 74 7d 88 53 6f 04 81 51 92 54 42 0c 57 bb 06 dd 09 2b 45 0b 04 62 4f 77 84 5d fa 47 85 c1 c5 4c 5e 20 81 a3 9c a7 4a 3d fe a6 1e 65 85 93 b6 70 e7 a7
                                                                                        Data Ascii: ,StE/cEcy~YLQ5>_5L@U7Uf-.bfK4KEir$iG*(`lxAtHLoJoP3h3b!o IDATLSW_Q0;H=AH=m9D(e{jBgjpt}SoQTBW+EbOw]GL^ J=ep
                                                                                        2023-09-15 03:49:53 UTC3623INData Raw: 14 ed 55 88 99 73 40 a8 37 2b 9e 7a 08 85 8d 79 14 0c a3 ad 0e fa 22 2f 88 72 2a dd c6 05 52 90 0c ff ce 85 1d c2 a7 09 c7 65 78 cf d6 57 35 78 14 55 e2 88 4c 2b bf 53 ff 06 df c1 04 39 f5 c2 fd 5d f0 e6 91 9b a2 06 bf 67 e3 e2 97 62 eb 89 fc 5d 3d 5e 39 ac 0c 6e 6a 05 ec 8a 0f f2 bb 8e fc 5d f9 88 a0 91 05 77 9f 20 18 dd 1c e0 1a e4 7b b5 ba ff 6f 9b a2 37 d8 d9 35 94 1f 5b a0 8c aa ab 50 c2 07 70 24 4d 27 05 69 12 78 bd b1 43 fc 5d 28 88 9f e0 08 2e 57 24 00 00 20 00 49 44 41 54 88 1a 52 ea 39 b4 1c 74 99 8d 65 b4 ba 6c fa 37 a2 95 bd 9e 92 f8 c9 ef 48 8a 19 b4 93 9d 60 94 a6 e2 c8 05 53 b9 ac c8 88 db fd 74 0d 88 99 13 ef 20 25 c4 96 54 04 82 65 aa fd 74 63 d2 76 08 a2 c8 43 ee 71 4e 0c 06 bb 89 fc 5d c3 e1 63 ea d4 d2 e4 05 2b 17 74 01 89 65 fc 5d b8
                                                                                        Data Ascii: Us@7+zy"/r*RexW5xUL+S9]gb]=^9nj]w {o75[Pp$M'ixC](.W$ IDATR9tel7H`St %TetcvCqN]c+te]
                                                                                        2023-09-15 03:49:53 UTC3639INData Raw: b8 af 2a 51 08 be 36 1d cb f7 ac a9 af 00 19 8c 14 62 1a 7f c5 6e 37 d6 56 d3 3b f2 81 da 9c 8c 14 2f a8 30 4e f1 51 84 5f b9 89 d5 51 87 28 88 e7 ce ac fe 68 f3 58 31 56 50 1f 4c d8 b3 3d a0 8c 41 f7 d5 90 9e 7b f0 6c a4 be 5e 24 9f b2 c3 c7 9c 9c 78 51 cc 43 9d 7d b5 15 e6 76 df d3 6d 04 4f a9 82 2f af c4 61 6b e6 ec 27 c4 8a 46 b9 3c 18 25 80 bf 33 a1 72 d7 d9 64 59 1e 18 db ba 91 ad 22 81 a6 c0 a5 db cc 40 01 ae c9 19 63 2a 45 ba d2 cf 9f 5a 63 03 38 99 58 8c 02 e8 9e 16 83 1c 02 73 ea ed 9d f6 7c 13 b7 24 e8 f5 97 40 cf 88 00 00 20 00 49 44 41 54 49 e3 13 ab 48 ed b2 00 48 ae 24 3b 3a 8b ee a4 8e 6f 4c db ce 17 fc e0 aa f1 3a 5a 85 92 80 2f 40 d1 37 51 66 2b 3a da 40 de 0d 46 e1 e7 10 1e 81 e4 a9 92 ae ff bc c4 49 22 b8 84 f0 ca d6 c7 5a 50 c4 68 dd
                                                                                        Data Ascii: *Q6bn7V;/0NQ_Q(hX1VPL=A{l^$xQC}vmO/ak'F<%3rdY"@c*EZc8Xs|$@ IDATIHH$;:oL:Z/@7Qf+:@FI"ZPh
                                                                                        2023-09-15 03:49:53 UTC3655INData Raw: c2 f1 56 79 3d f2 82 80 e8 9b 3b 78 14 f2 19 0f b1 45 ea 3a f1 f4 91 dd 5e ab a0 a8 7c 60 59 fa 41 09 f2 41 08 8b 3a 79 14 4e 71 c1 80 29 a3 f8 29 fc ee 06 f4 2d fe ec 08 96 02 78 14 0e 8c 7a 32 d3 a3 f8 29 e1 fe 45 68 28 61 07 8e 17 d3 ad 8a 34 05 72 29 b5 ba 88 a8 95 37 68 01 95 eb 97 4d b4 ba c4 ee 4d 7d e8 fc 5d e0 08 12 a1 00 12 46 3f 79 79 14 65 64 1a 5b e2 bc f8 00 4e a0 c8 7e 44 a3 cb a2 16 53 90 56 55 6e 0e 1c 9e d2 84 8e b3 a1 a8 24 ad ff d5 90 b4 c1 29 db 4d ce f7 b8 35 87 9a aa 37 76 a8 bd 13 0a 9d 6f b5 93 a1 99 4d 9d a0 3b b5 ba 25 48 8d 99 a8 09 39 3a e8 7d 35 87 4f 07 4d ae 1b 2a 66 00 00 20 00 49 44 41 54 99 6c 13 35 87 3b b0 1c 04 18 b1 96 5c 15 7d 60 f5 dc 75 49 86 4c 8f 34 ae ef de 3c ae e3 df 04 53 b9 23 6a 50 b6 92 33 ae 08 6e 0e d3
                                                                                        Data Ascii: Vy=;xE:^|`YAA:yNq))-xz2)Eh(a4r)7hMM}]F?yyed[N~DSVUn$)M57voM;%H9:}5OM*f IDATl5;\}`uIL4<S#jP3n
                                                                                        2023-09-15 03:49:53 UTC3671INData Raw: 0c d6 65 3c 25 cd a8 db 83 45 d4 52 80 14 c9 48 2c 9d 22 b7 34 1c d5 ce a1 59 97 4f 0c 79 47 a8 8c d0 ac 69 58 45 80 3f 5f 20 3f 58 36 6d a2 44 74 e0 df e6 8c df 32 88 c0 e6 73 56 d3 6d 32 b6 0c d7 6b b6 17 af 41 69 2d 45 d2 f0 07 48 d6 84 bb 64 a2 4b 5e b8 ec e2 9a 12 b3 88 c5 e8 aa 9d 34 f3 bd 6f 0c dc b4 05 2a bb 25 f7 da 45 fc 98 40 36 27 20 d7 02 a2 f2 84 99 f1 29 8f 62 cf 88 00 dc e2 ac 16 a8 55 49 0c 32 42 7f 50 22 3a 17 c3 45 06 94 c0 ab 53 22 1f 3c a7 05 6f a6 2e 4f 4d ce 9b f9 e1 45 b0 2d 3e 64 3a 95 54 06 a2 10 c3 c8 de 90 75 ef d8 88 48 f7 54 28 b6 4f e4 17 0c a5 48 67 be be a6 e0 d4 45 63 ad 8f f1 df e4 2e 6c a2 ce fb 9b c8 61 1e c5 69 88 3f 96 18 fe 1e 53 00 00 20 00 49 44 41 54 1f cf 92 1e dd 66 0c 30 38 23 55 89 8a 12 ea 45 09 c9 db 0d 38
                                                                                        Data Ascii: e<%ERH,"4YOyGiXE?_ ?X6mDt2sVm2kAi-EHdK^4o*%E@6' )bUI2BP":ES"<o.OME->d:TuHT(OHgEc.lai?S IDATf08#UE8
                                                                                        2023-09-15 03:49:53 UTC3687INData Raw: ef c3 98 6c 1f 56 0f 62 ba 81 b7 e1 8e 65 97 e9 9a ca 9c 66 a4 6a 86 1c ed 68 f2 9f 08 3a ff 94 95 3e 87 e0 06 f0 03 46 26 43 aa 95 09 18 ac 0b cd 4f ff c6 89 a0 0a d7 83 ad 11 53 64 71 83 24 51 0d 38 62 ef f8 c0 c3 97 e8 c1 c6 c4 04 8e b5 bd fe d1 7f fe 3b 4a bc 94 f4 5c ae 41 d4 dc 10 66 dc 86 65 05 86 4b e2 b5 87 2b 0b 1c ce 06 86 a9 6c 25 4a 42 c8 93 e4 e5 6f ac 87 19 dc 04 6d 47 65 de c6 7a 52 72 98 b9 e4 99 51 6d 5b 20 0e 5e 30 45 d2 1c 84 7e 2d 36 c6 e5 11 63 68 86 59 2d 8d 32 e6 f2 3a bc b5 e8 8a c6 69 d2 da 6d 85 ce d6 19 31 e2 79 47 63 8d d8 83 c1 d2 43 b8 a6 d6 ba a3 b9 24 03 03 33 e5 6c 92 c9 15 b4 05 82 b0 67 bd 1d 84 80 9d 02 90 53 96 f1 ae c6 8c ae e7 d8 f8 11 02 ad f5 09 9f 7d 8c a9 0d c8 08 b6 2c 66 a2 0a 07 96 1a bc 0e 12 00 00 20 00 49
                                                                                        Data Ascii: lVbefjh:>F&COSdq$Q8b;J\AfeK+l%JBomGezRrQm[ ^0E~-6chY-2:im1yGcC$3lgS},f I
                                                                                        2023-09-15 03:49:53 UTC3692INData Raw: 24 90 98 0b e6 64 28 2e b6 9e 81 37 a9 44 06 54 8a 6c ed c4 3a d9 4c 4d 05 56 b0 39 ad 84 ee 88 77 55 d3 74 da ad 11 cd 31 7c c5 4a 88 fe f4 e5 ef 87 b9 bb d9 e8 ac 1b 3f c7 f9 89 1c bc b7 8a 97 ed 57 b7 76 33 72 df 5c fc 48 75 c7 26 64 61 b3 8a 48 26 ed 30 27 9f 29 8a 78 0c 12 e5 7c ed 09 e2 8e 3c a9 00 4f 4b 38 e2 bf db af e1 1a 10 17 66 2e 1f 36 91 3b d4 3d 7a 05 49 27 2d 4c 4f 53 8a a9 52 5e fa 34 52 26 82 a7 a1 a2 e1 86 f6 0a 56 9c c6 49 e2 58 45 6a 42 1c fa a8 7e 21 a1 bc 4b c9 9b 2e 07 fb ec 92 b4 45 20 6a 09 3d fc 68 ef 6d 16 27 58 15 13 79 92 56 d6 e2 23 3c aa f4 ef e9 ed 74 21 ce e5 2e e4 92 1b ec 78 22 26 bc 9a 8b 37 a3 48 0c 4c 80 78 e7 34 30 25 46 a5 0f b2 ba 19 a7 a8 e4 b0 7d 61 d9 24 d0 f1 1b 85 3b 38 cf 0a 82 b2 fe bd e5 d3 b3 0b d4 54 a1
                                                                                        Data Ascii: $d(.7DTl:LMV9wUt1|J?Wv3r\Hu&daH&0')x|<OK8f.6;=zI'-LOSR^4R&VIXEjB~!K.E j=hm'XyV#<t!.x"&7HLx40%F}a$;8T
                                                                                        2023-09-15 03:49:53 UTC3708INData Raw: 08 82 4f e0 13 34 7c 51 b8 d4 ee e9 d9 dd 6c 13 c6 4f d7 62 e4 ac 3e 37 d8 a9 e2 57 f8 bc 4d 70 58 9b 7b 13 c6 50 d7 45 ed e8 3a e4 ba d1 2f 36 7a 7c 87 0c bb 6d 28 00 bb 5f 5c 43 f4 b2 e0 cb b9 dd 63 02 f9 cb 6f 98 61 0d 3c 03 33 29 5d 0f a9 bb e4 d0 e8 82 1f 3b 35 c7 ee 62 93 a1 ae f4 b2 36 ac 91 8b bd 53 24 93 7c ae f1 b2 96 cf 2f 8a 36 fb 17 2a bf eb 71 b8 bf 2d 53 b9 7c 8f 19 33 a9 5d 93 93 a9 5f 28 6f cb 3f e3 ba fd bf 38 69 36 fb 07 69 bc e6 10 0c bf 1f 14 93 57 44 d2 f2 86 d7 f9 c6 92 8e 12 ca f4 0e 11 24 df 6d 32 6c bf 2c d2 5b b7 8f 17 33 a1 5f 20 93 a1 5d 63 c4 dd 66 64 0a b6 3f 7a 79 8d 4f 73 b7 fa ee e8 44 84 ce 46 3c 11 dd 16 38 bc fe 18 b7 33 75 53 db ef 7b 77 96 bd 0c 1c 3d 46 34 b3 c2 0d 7c 9f ca ae cf 1f 94 8d 6f 0b 8d 0d 5b 3b 38 bf 47
                                                                                        Data Ascii: O4|QlOb>7WMpX{PE:/6z|m(_\Ccoa<3)];5b6S$|/6*q-S|3]_(o?8i6iWD$m2l,[3_ ]cfd?zyOsDF<83uS{w=F4|o[;8G
                                                                                        2023-09-15 03:49:53 UTC3724INData Raw: 3b bd 97 ec cc 9a 54 c2 b7 3a 6d 92 b8 98 1d 17 83 46 1c 68 b8 36 ac 38 7f a6 a5 9a f4 9d 4b 0f cd b0 52 12 ea ce 69 22 b9 af 84 16 00 bc 63 13 80 99 3e 93 e8 d7 6e 46 50 92 a8 13 d0 bf 9f 13 e0 38 99 67 9e 36 3b 03 9c 95 3d 45 b9 ab 61 d5 b9 bc 6f b6 a8 86 a9 66 fc 36 2b 13 9c a9 6c ed 3b 6d 6f 9a 99 bd 67 98 68 56 e5 13 a8 99 99 13 f8 b1 4f 67 ae e8 87 da cb 3d 3c 93 ea 05 64 13 84 bd 3c 91 e8 e8 cb fb 0b 3e 65 20 78 ba 66 b3 b9 d5 ef 1e 50 8e 29 13 d0 1d 6f 85 a8 ec 87 d1 0e 3c 7e 1f 00 b7 24 9b a4 31 e8 33 39 3a 5c e5 3a 35 e6 3b cc 99 43 93 b9 8d ef 12 98 55 4b b2 17 39 e1 28 56 37 e1 33 7b bd e4 1e 3c c8 2b 13 3b 75 6f ec 83 73 1b 01 81 88 77 32 b8 bb 1a 19 1b b5 6f 10 1b b1 6e 12 b4 80 af 67 fc bd 6d 66 b8 92 ec 6f 9c 89 91 66 90 bd 56 57 9c 85 1a
                                                                                        Data Ascii: ;T:mFh68KRi"c>nFP8g6;=Eaof6+l;moghVOg=<d<>e xfP)o<~$139:\:5;CUK9(V73{<+;uosw2ongmfofVW
                                                                                        2023-09-15 03:49:53 UTC3740INData Raw: 0a 40 5e 11 bc 4c 68 ad 39 fc 65 ed 3b 74 90 e1 16 ad 7f 13 9c 4a be 5a 33 67 44 ca b4 36 95 01 b9 6d 6f 10 61 36 a4 33 93 77 60 9b b5 cd 65 28 6b ad e4 e9 cb ab ac 03 ea ea 87 95 0b dd 43 f1 b2 86 94 61 52 6d dc 3f 3d 54 ef 1b f8 98 47 a3 fb f2 e4 11 7f 9d 71 0b 32 77 55 c0 cd bf 42 73 92 ab e5 45 b9 37 37 09 b9 4f 6f 0e 18 a0 1f 37 3c 74 1a 19 64 6c e5 96 58 b0 60 87 79 e0 6b 98 79 6f 66 08 78 e2 ec cb 8e 42 0e 12 f8 bc 31 46 b9 3d 62 8e b0 ba 2d 6d b6 be 4e 05 38 82 6f 67 96 66 1e 05 a9 ad 0b c1 b5 6f 7a 4a a9 b4 9a 19 9e be 9a 19 68 bf 1a c5 32 ae e4 1e aa 65 5c 0e 3c 07 de 9d 40 e6 60 97 3d 0c 0e 99 fc 99 4b 99 28 9d 4d 9b c8 33 60 97 b2 5d 6d 99 be fd 53 32 cc b1 53 4d e8 24 7f 2a b9 1f 1a 1b 29 bd ce 06 99 f0 6c e2 b9 4d fa fd 32 ab eb c1 cc 9f 6e
                                                                                        Data Ascii: @^Lh9e;tJZ3gD6moa63w`e(kCaRm?=TGq2wUBsE77Oo7<tdlX`ykyofxB1F=b-mN8ogfozJh2e\<@`=K(M3`]mS2SM$*)lM2n
                                                                                        2023-09-15 03:49:53 UTC3756INData Raw: b3 7d 6f c2 01 36 9d 3c ba b2 e1 6f 39 bd 6e 90 40 b9 60 9c cb 3c 6f 61 c4 2d 12 66 ff 22 da 8c b3 21 64 00 9c d5 47 e0 b1 19 88 a3 a1 c1 4b d1 a0 8d 65 44 50 0a 36 20 b1 fc 0f b3 40 be 60 96 b7 fe 64 7f 78 b0 bd 07 49 25 e6 57 98 b4 95 73 b6 a2 68 10 a7 ba 73 14 bf 55 06 43 b8 bd 2f f8 96 ea 87 d2 e6 af 4f 28 e0 7e cc 17 f8 d5 cf d0 b4 1c 67 17 24 55 76 b3 b0 9c 53 a1 d0 73 9c 51 ba fc 6f 05 a4 c9 49 98 b5 2c 6d 98 b8 a8 87 20 fe bd 3e 7b 4c 97 6c 92 1d 5d 9f 4c 19 bc 6e 43 50 ff 60 31 9d ad 56 0e 6c ec 19 4f a4 36 52 c2 ba 9f 4b e2 9b ec 87 c3 32 4f 0f 1f 68 9c 68 c0 31 a8 5d 11 4a a8 5a 14 1d 5b de 65 89 bc fe 14 33 be 6f 38 41 36 ae 98 4f 36 95 33 79 54 6d e0 1d ad 12 f2 bb 8d 9c b7 81 a0 fe c4 87 bb 87 7f 4f 84 69 21 ba 8b 69 52 8a bb 5e 12 87 bb 50
                                                                                        Data Ascii: }o6<o9n@`<oa-f"!dGKeDP6 @`dxI%WshsUC/O(~g$UvSsQoI,m >{Ll]LnCP`1VlO6RK2Ohh1]JZ[e3o8A6O63yTmOi!iR^P
                                                                                        2023-09-15 03:49:53 UTC3772INData Raw: 18 e9 4b 17 33 f5 ae 21 46 0f 6d 95 b0 b5 6d 73 3e b5 e4 52 e4 dd 22 33 bb 36 2e 43 e8 5c 6d 43 50 97 b8 74 ba ee 9e 47 b4 44 3b 90 79 1d 6b 42 50 d8 fb 34 e0 b9 be 7d bf c2 3b 26 0b cf 3b 99 bb 36 9c 97 b9 6d 56 93 86 e1 1a 10 7e bb 4f 3c 33 b0 9f 37 18 a7 39 fb b2 ae 7f 4c bb 8d 01 1b 38 83 6f 03 cd 5c ce db 7a 0c 1a 58 d2 9d 40 40 50 8c 25 b7 03 c8 6b 13 33 7e 84 12 f8 d7 41 43 7c 55 72 25 b9 95 d0 db 58 a4 e0 df c9 b3 a5 4c 33 7e 9f 1a 41 ad 8e 04 95 bc ef 1c a8 30 23 1b 44 86 ae 1b cb 9c 09 a2 a0 8e bd 99 c8 bd 6e 99 a8 db 54 c5 cc af 6e a2 b8 be e5 43 ba 30 2b 03 f2 b9 5f 2c 5c fa 7a 42 eb 5d a9 1f b8 e8 5c fe ee ea ea c8 31 ad 03 37 a8 c8 ae 10 98 38 99 17 cc f1 ef 12 9c 38 b4 67 fc ed 3c fb ff 2e 66 74 68 be 08 31 3a 3a 6c 74 73 36 92 98 79 09 7e
                                                                                        Data Ascii: K3!Fmms>R"36.C\mCPtGD;ykBP4};&;6mV~O<379L8o\zX@@P%k3~AC|Ur%XL3~A0#DnTnC0+_,\zB]\1788g<.fth1::lts6y~
                                                                                        2023-09-15 03:49:53 UTC3788INData Raw: 31 b0 43 43 b8 ca 5f 03 ca b5 ee ec 6a 1d 49 28 60 b9 18 31 28 84 92 ec cf a6 56 12 88 2b 18 06 ca ba ec 6f 9c 3d 5f ec cf b1 56 16 2c 3d c5 2b b7 39 ee e3 9d 41 e0 83 19 bb 69 0b 50 47 83 bb 36 de e1 79 b8 d7 67 3f 50 df 1e 9b ec 51 d5 13 9c 81 e2 57 9c 85 3d 9e b8 f1 4b 2b e8 ec 07 0d b3 bd 6f 13 50 a4 83 ec 47 30 47 47 9c f1 6f d3 f0 bc af 5b e8 9d 3e 79 95 55 6c 13 ec 3e ab 39 fc bd 0f 0b b8 dd 7b 13 e4 ad 3d 13 33 a8 6f 65 fc bd 3f 42 30 ef 87 86 b9 db 2b 37 90 bd 43 93 9c ed ce cf d4 fe 6f 13 e8 7d 4b 42 ea ed 87 68 b9 8f 6f a9 79 bd 71 27 e9 36 62 07 b8 dd 6f 43 f2 89 6f 65 a8 b9 19 ca 4b bf 54 5f bb bf 05 13 9e f5 3e 41 ee ea 87 b1 7b bd 7a 90 7c f5 6f 0b a0 bd 77 19 ac bd 78 03 b8 91 3c 46 50 17 ea 10 96 91 6f 06 90 ed ce 1f b9 f2 47 47 9c 95 6f
                                                                                        Data Ascii: 1CC_jI(`1(V+o=_V,=+9AiPG6yg?PQW=K+oPG0GGo[>yUl>9{=3oe?B0+7Co}KBhoyq'6boCoeKT_>A{z|owx<FPoGGo
                                                                                        2023-09-15 03:49:53 UTC3804INData Raw: 47 c8 59 90 85 a9 44 16 78 19 3c 12 33 c8 71 90 50 bd 6f 67 a8 f5 1b 1b f0 c8 7c 13 eb d7 9b f8 b0 ee 05 e6 b8 56 6c 40 d2 4b 90 06 04 bd 5f 50 b8 36 68 9a a4 8d 6f 20 78 e6 84 07 3b 98 03 82 78 f1 6f d4 bd 3c 21 1a b8 3d 2d 4f 70 42 af 4e b8 d0 ef 0e b5 3e 72 46 e9 bd 3e e2 79 45 ec 0e 3d 38 72 14 bc be a9 91 fc 8a ec 2b 47 c9 6d 21 fc a2 1a 0c 8b 7d 44 db b8 c9 7f 5a cc b5 26 66 ab 97 3f 52 a6 ed 2e 0d e8 fa 71 90 b4 cd 5f ec 8b 7d 38 0d b8 81 ac 28 cb fd 73 98 70 3e 8f 0c 78 86 e4 11 b4 bf 54 e5 fc 7c 6b 12 35 3d 6b d2 cc be e4 13 7b 2c 60 32 f9 12 ec 6e a8 bd ae 43 e5 7e 6f ec f5 ad e4 46 b4 36 22 53 b0 c9 79 75 33 bc 6e 5e b6 bd 09 28 ba c8 66 52 f9 ff 6d 51 d8 be 1a f9 b7 0a 6e 1c b8 0a 65 38 79 e0 ac b2 f4 bd 42 55 b8 ee 5c c8 83 7e 6b 66 91 bd 7f
                                                                                        Data Ascii: GYDx<3qPog|Vl@K_P6ho x;xo<!=-OpBN>rF>yE=8r+Gm!}DZ&f?R.q_}8(sp>xT|k5=k{,`2nC~oF6"Syu3n^(fRmQne8yBU\~kf
                                                                                        2023-09-15 03:49:53 UTC3820INData Raw: a8 c8 66 1c 0e b9 ec b3 38 9d 84 11 33 7e 34 13 71 7e 3c 20 63 84 72 8f 39 3d 68 66 a9 42 1b 37 b4 3c 6e 5b 50 92 40 12 f4 e6 ac 13 18 b5 6f 45 ef 85 76 67 eb 36 1b 13 9c a9 57 0d 33 7b 1b 3c 38 37 7f 1c 0e 47 99 94 3b f5 6f 0b 82 ac 1a 1b 32 ed 6e 13 82 ec 6e 67 ad 85 37 12 b8 30 3f 12 cc b0 e4 d1 53 bd 6b 29 a9 c9 6a 53 80 a5 eb 66 69 7d 6f 05 b7 0b 6e 96 88 b1 6a 52 f8 ae 6e 12 cd 0c e5 12 b8 e2 99 cb a3 7d 31 30 79 3d 34 d0 3b 80 47 3d fe 7d ed 3b b3 55 68 52 cf b8 2e 10 7b ec 6f 40 ed eb 38 20 55 3e a4 13 47 d5 53 2a fb bd 5c ec b8 34 42 63 95 fb 6f 9a a5 95 07 5e fc fd 6e 4b f8 bc 87 22 ba 10 2f 7d 48 e4 54 e6 b7 38 7d e5 f8 b3 07 6b b8 b5 90 06 70 bc ee 7a 7b b2 eb 01 ba bd 6f 31 19 3c 6b 98 b5 71 2f 12 d3 7d 4f 2f de 84 42 ad f8 bf 05 12 e8 e7 cc
                                                                                        Data Ascii: f83~4q~< cr9=hfB7<n[P@oEvg6W3{<87G;o2nng70?Sk)jSfi}onjRn}10y=4;G=};UhR.{o@8 U>GS*\4Bco^nK"/}HT8}kpz{o1<kq/}O/B
                                                                                        2023-09-15 03:49:53 UTC3836INData Raw: f5 40 ae f3 b0 be ae ec 1c f8 63 53 ae 56 76 9e 99 b5 ef 1b ba 3d ee 32 de 86 a9 66 ac db 6a d3 3d ab 2f 59 51 5e 91 ec 47 bf d7 13 ef c2 84 1a a3 7d 4c 03 7b f5 84 11 bf 0d 5c d3 81 2f 6a 12 e3 c8 60 17 e2 25 2c 12 db bd 32 d0 33 e8 67 40 ee 37 6f 09 b7 0b a4 1c 0e 4c 99 11 3e bf 5e 67 a6 37 35 12 fa bd eb c8 cc af 60 a5 4b 7c 6f f2 b0 b6 a1 2a f5 b1 1a 13 a8 30 2d ec 53 b6 ea d3 fc 56 6c 52 bb bf e4 d1 f8 b5 1a 3b 7d e3 34 04 16 b5 2f 62 eb 36 6f 4e b0 38 b4 67 ea ee 87 0d 02 3d 69 0b 16 7d 46 13 f3 3d 0a 18 a1 bd a1 96 40 3d 5d d3 77 b5 ef d0 bc fd 07 91 1c 35 32 1b 7e f8 6f 1a 82 7b 2a 19 96 42 7a 09 cc fc c3 01 fc b4 ad 14 47 a8 af 82 fb 6b d8 53 85 7c 6c 64 17 7e c3 51 99 78 c3 43 50 aa 52 22 ee 3a 62 3e ee ce 4d 45 9a b6 3e fb 7b 7f 22 31 ee dc 4c
                                                                                        Data Ascii: @cSVv=2fj=/YQ^G}L{\/j`%,23g@7oL>^g75`K|o*0-SVlR;}4/b6oN8g=i}F=@=]w52~o{*BzGkS|ld~QxCPR":b>ME>{"1L
                                                                                        2023-09-15 03:49:53 UTC3852INData Raw: bb bd 8f 41 bb bd c5 2b 08 bd 3d 23 b8 df 5f 13 ca 8d 6f b9 3a 8d 6f 83 88 bd cb 23 b8 c1 5f 10 d2 7d 1f 13 76 8d 6f f3 89 b3 5f 13 b6 ed 20 10 b8 9b 5f 13 80 8d 6f 59 ed 8d 6f 4d 88 bd 1b 23 b8 33 5f 13 26 e8 5f 13 14 8d 6f a9 88 bd a7 23 b8 65 3a 23 b8 51 5f 13 40 8d 6f 19 48 bb 75 46 88 bd 43 23 b8 81 5f 13 74 0d 68 99 e8 ec 6c 13 dc 0d 6f 65 88 bd e7 46 88 bd cb 23 b8 0d 5f 13 78 8d 6f c1 ed 8d 6f f7 88 bd 95 23 b8 ad 1f 11 a6 e8 5f 13 8c 8d 6f 55 88 bd 39 23 b8 cd 3a 23 b8 a7 5f 17 1a cd 6f af 88 bd a7 46 88 bd 8f 23 b8 57 5f 13 4e 8d 6f 1b ed 0d 6e 7b 88 bd 5b 23 b8 fb 5f 13 ee e8 5f 13 c6 8d 6f 9f 88 bd f5 23 b8 09 44 23 b8 bc 6f 95 88 af fb a7 a3 b8 6c 11 d4 fd 17 70 c8 c4 01 52 b8 99 6b 12 a8 96 2b 61 b8 96 3b 6a 98 cd 0a 52 b8 ca 9e 13 ee d2 3d
                                                                                        Data Ascii: A+=#_o:o#_}vo_ _oYoM#3_&_o#e:#Q_@oHuFC#_thloeF#_xoo#_oU9#:#_oF#W_Non{[#__o#D#olpRk+a;jR=
                                                                                        2023-09-15 03:49:53 UTC3868INData Raw: a1 6d 1c e4 be ce 1b 77 b9 d6 ad 1b e7 d8 6d 25 b2 7a 77 a0 98 6c 78 22 7c ab 13 ee 6a bd 5d 64 cc dd 6b 82 a4 be 62 13 fa 4d 6f ac c8 8b de 8a a8 3e 7f 42 69 b4 0d 35 98 7d 76 12 ac 9a 4f 3e ea 9d 4d 39 96 41 0c 31 50 b9 ee 12 98 bc ab 4a 63 c9 8d 3f 17 7e 64 f0 99 9c 6c ac b1 90 9f 54 c2 6d 6a 6c 0e b4 0b 31 48 8c 0c 11 08 be 0f 12 ba d8 15 1e 19 8d 01 c3 f9 1f 0b 50 ea 9d 23 e9 fe 4d 6b 40 be af 7e 14 69 97 d8 9f ba b8 97 7f dc e2 89 35 ba 15 4f 8a ad bc 1d 11 47 0d 78 51 a8 cc 68 b0 b4 2c 6b a1 ba ac 68 33 86 42 9f 38 6e ff ae 01 48 98 a9 b9 c7 bb 1e 15 da be 4c e0 aa f3 68 33 95 c5 af 43 d7 93 9d 70 08 be 3b 7c 70 1a ac 14 a8 d8 0f 11 47 4d 63 b2 ad ed f3 29 1c ef 27 23 c6 6f 20 22 bc 72 d5 1d 48 d8 74 1b 88 c4 1b 76 28 89 1a 13 70 93 41 3d ed 05 1a
                                                                                        Data Ascii: mwm%zwlx"|j]dkbMo>Bi5}vO>M9A1PJc?~dlTmjl1HP#Mk@~i5OGxQh,kh3B8nHLh3Cp;|pGMc)'#o "rHtv(pA=
                                                                                        2023-09-15 03:49:53 UTC3884INData Raw: 5c 7d 6e 5d f4 f9 6f cb f9 7d 6e 5b f3 fa 6f df 79 be 35 7b f4 bd a7 d7 b9 01 af 12 79 b2 df 46 7c bc cb d3 b9 ed af b5 24 7d 6e 40 08 eb 24 13 34 7d 6e d2 31 3d af 12 18 f6 20 41 b8 cd ab 10 dc 59 6e 91 e8 5d 6f 47 ec f2 6f 3f 5c ac 35 53 5c b3 5f f3 b8 5c 7b 3b 5c a8 43 b1 fb 5c 21 46 b8 a5 8b 13 bc 59 6f 07 40 ff 8c 6e 48 5d 6f 5d f4 ff 2b 13 5c 5f 6e 50 b8 5d 8f 13 e2 ad 27 5b b8 61 8d 13 f1 bd bb 52 58 bd 2c 5b eb bd af f7 ba 11 7a f7 b9 25 8b 10 3c 5f 6e 47 b8 c9 2a f7 b0 dd 8d 1b ed bd 3b f7 b3 f9 78 f1 b8 dd 58 f7 b3 99 8d 13 fa bd 77 02 5a bd 26 13 b0 5f 6f 59 b8 41 4d 52 59 bd 35 13 5c 5f 6f 40 b8 9f a7 f1 b8 e9 6f af 5a bd 28 13 1a 0d 8d 13 ed bd cb f7 b8 29 8f 13 fd 5c cf 97 5a bd 2c 13 c8 5f 6f 5f 0c bd 0f f1 b8 ee 8f 62 db 22 53 f1 b8 35 2c
                                                                                        Data Ascii: \}n]o}n[oy5{yF|$}n@$4}n1= AYn]oGo?\5S\_\{;\C\!FYo@nH]o]+\_nP]'[aRX,[z%<_nG*;xXwZ&_oYAMRY5\_o@oZ()\Z,_o_b"S5,
                                                                                        2023-09-15 03:49:53 UTC3900INData Raw: b8 cf 0b 72 cc dc 6f 13 9b 8a 0f 0c b9 bf 0d 17 aa 56 6b 53 af fd 41 8d c8 5e 6b 71 af dd 77 72 9d bd 79 e3 bc 4d 1d 60 ca de 0f 12 da a0 ee 55 59 b9 91 0b 57 b9 50 0b a7 bd 70 13 a7 bd 70 13 a7 bd 90 0c b8 a2 6f 0c b8 a2 6f 1c b8 b2 6f 1c b8 b6 6f 83 f0 3c 83 6b 98 a6 d6 9b f8 fd 6b fb d7 7d 5d 5b 31 f9 4b 5b 9c 04 3f 73 99 55 0f f7 b8 95 27 93 33 f1 4b 5b 50 9c 6a f0 b8 bd 4f 52 00 bf d3 38 67 f5 ab 98 ec 2e 6e 33 50 da af 10 29 bc ef 73 f9 05 25 b5 69 84 f7 12 1a f0 fb 12 e0 05 02 d3 be db ff 13 30 8d d7 60 2c bd 5d ab ce 29 6f 9f 8c 05 4e 37 29 bd 59 ab ca 29 6f 9f 80 05 8e 3f 29 bd 55 ab 96 29 6f 9f 84 05 5e 2d 29 bd 51 ab d4 29 6f 31 f8 2b 6f 51 8b 7d 0e 13 fc fc fd aa 89 90 2e ab d9 8d d5 19 78 b0 2f 20 71 42 3b 37 e0 dc 67 43 98 f5 e2 47 9c 8d ce
                                                                                        Data Ascii: roVkSA^kqwryM`UYWPppoooo<kk}][1K[?sU'3K[PjOR8g.n3P)s%i0`,])oN7)Y)o?)U)o^-)Q)o1+oQ}.x/ qB;7gCG
                                                                                        2023-09-15 03:49:53 UTC3916INData Raw: e6 1d 53 e2 3e 0c aa 0b 3b 7d 47 21 d9 0c 6d 15 81 e8 67 ff c5 c0 5d 5c a8 bd 1b 7c 59 3f c7 37 ea 55 d2 d1 93 9f a7 57 be ad 97 10 f2 b1 cf d5 7f f8 87 3a 6a a4 2a fb 18 b2 8b b2 b7 36 2d 89 a8 7d 76 f3 99 a7 8c 3b 09 64 48 96 18 c8 72 9e f5 55 3f 11 5c ec 73 3b 33 f5 7f b3 b8 5d 77 07 51 d8 e2 13 8d d7 9f 01 2c 39 e4 42 e0 df 7a 14 88 fe 5a 3d 2c 37 e4 51 e0 42 bf 94 ac f7 be de ab f7 b3 98 ed 61 7e 59 ec c9 51 76 b2 61 be 5a 6c 9d 23 98 e2 f5 8f 19 4c cc 32 85 fc 49 4f 44 cc a7 7b d3 be bc 3b 76 ca 70 90 c2 53 3f b4 62 e1 c7 47 13 cd b7 ad 2e 3c 54 a7 d6 ad e1 e6 5e 68 cd 67 93 3b c7 3b 13 b7 38 c2 46 b9 64 49 2d bf 52 4d 0e d8 b3 7e 31 b4 3f 65 07 3a 4d 5f 17 47 8c cc 42 50 5b 6d e8 da a9 ec 6e 68 bd 1a 47 6d 8a 27 52 48 aa 9f 71 10 d8 5f 16 b8 bf 8b
                                                                                        Data Ascii: S>;}G!mg]\|Y?7UW:j*6-}v;dHrU?\s;3]wQ,9BzZ=,7QBa~YQvaZl#L2IOD{;vpS?bG.<T^hg;;8FdI-RM~1?e:M_GBP[mnhGm'RHq_
                                                                                        2023-09-15 03:49:53 UTC3932INData Raw: b7 78 39 d3 87 1b 39 cc bb 8f 73 51 95 5f ef 52 b9 36 2f c3 bc 3e 8f 03 48 b0 5f bc 30 1f e7 81 80 3c e5 60 a8 db e2 73 7e bd 42 c3 53 61 84 1d a2 b9 4f 71 f8 0d 7a f7 c0 7e 91 07 39 51 de 02 1d ad b8 5a 70 31 4b 8b 49 de 02 86 48 a4 fd 80 ed 1d 6e 73 ed aa cf 40 af 88 7e 18 d0 46 48 04 28 14 7b 10 86 cd c4 53 be 2f 63 60 b9 c3 69 93 c6 5c 7e 33 04 fb 6c d0 a0 f8 6c 4b 87 f6 6c 62 b9 fb 6c c2 b4 5c 67 31 b6 f5 44 6c 39 91 ce 05 f0 22 9f 28 ab b6 a8 8d e9 b9 53 6c c9 a3 0e 0f 0a 8b 57 7c 28 1c ed 0b 6b d1 87 e7 9e 79 6a 28 89 7f 6e 93 a3 ad 6c 9c a3 71 a8 d2 ba 96 ca 7d 28 2d 6d 49 dc a6 ba d2 10 85 29 09 80 ff 75 2b 59 b9 2f 09 0e 85 2c 09 ea d1 1f 50 a2 da 66 57 d9 fc 9e 4c b1 55 ff d0 ed b4 0d b4 ef b4 6b 10 5f f2 66 55 b1 ae 70 92 7c 7c 72 19 8d e6 2a
                                                                                        Data Ascii: x99sQ_R6/>H_0<`s~BSaOqz~9QZp1KIHns@~FH({S/c`i\~3llKlbl\g1Dl9"(SlW|(kyj(nlq}(-mI)u+Y/,PfWLUk_fUp||r*
                                                                                        2023-09-15 03:49:53 UTC3948INData Raw: 8b 74 87 bf 94 40 cc 1a 60 ad 6b 40 de 2c 6f c3 b3 2f ca 15 be 28 6e 32 f4 be 75 c3 fd bf 87 13 fd 32 5f 66 9f fc d6 c2 b6 ad 07 5b 7f db ad c2 b7 ce 60 fc 80 ff 6a f4 28 07 fd 21 bc 8e cf 1b 48 be 0f 2e 98 ab 05 0d ac bc 0f 02 b9 f3 7f 12 ff ba 73 fe 3a 8f fb d1 ba 6c 62 b3 68 b0 b8 12 59 e6 a4 91 e9 69 6e 91 68 bc d5 31 78 bd 65 08 02 1d ae 0e 96 96 a7 d3 f1 77 62 91 8c 2a 7e 40 b9 75 87 2b 28 b9 2e ab a8 82 5d 3a 68 ba 9a 95 cb 85 3e d0 fa c0 27 78 9e 7d 1d 12 db a7 eb 12 69 b7 ec eb 00 87 1b 5a 67 bc bb 12 38 a1 43 02 bd 5a ae 00 09 bc 8e 3b 50 66 2e 1e fe b3 2b 12 38 0b 24 13 b8 56 77 5b 08 27 81 b1 da bc 5d 04 2a bc c3 21 a8 8a 6b 72 92 c1 87 84 f4 bc 3e 39 4a ad 98 02 2c bf 32 1c 38 b8 7e 96 4e b4 be 1e b7 0a 6b 12 51 ed 4c 97 34 cd 6e ab 38 30 fd
                                                                                        Data Ascii: t@`k@,o/(n2u2_f[`j(!H.s:lbhYinh1xewb*~@u+(.]:h>'x}iZg8CZ;Pf.+8$Vw[']*!kr>9J,28~NkQL4n80
                                                                                        2023-09-15 03:49:53 UTC3964INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                        Data Ascii:


                                                                                        Statistics

                                                                                        CPU Usage

                                                                                        Click to jump to process

                                                                                        Memory Usage

                                                                                        Click to jump to process

                                                                                        High Level Behavior Distribution

                                                                                        Click to dive into process behavior distribution

                                                                                        Behavior

                                                                                        Click to jump to process

                                                                                        System Behavior

                                                                                        General

                                                                                        Target ID:0
                                                                                        Start time:05:49:49
                                                                                        Start date:15/09/2023
                                                                                        Path:C:\Users\user\Desktop\VqBVE8dJEA.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Users\user\Desktop\VqBVE8dJEA.exe
                                                                                        Imagebase:0x400000
                                                                                        File size:3'742'080 bytes
                                                                                        MD5 hash:297DC90D62648D3F034DB5EBB2E583F7
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:1
                                                                                        Start time:05:49:54
                                                                                        Start date:15/09/2023
                                                                                        Path:C:\Users\user\AppData\Roaming\wininet\ManyCam.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Users\user\AppData\Roaming\wininet\ManyCam.exe
                                                                                        Imagebase:0x400000
                                                                                        File size:1'756'232 bytes
                                                                                        MD5 hash:BA699791249C311883BAA8CE3432703B
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Antivirus matches:
                                                                                        • Detection: 0%, ReversingLabs
                                                                                        • Detection: 0%, Virustotal, Browse
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:2
                                                                                        Start time:05:49:54
                                                                                        Start date:15/09/2023
                                                                                        Path:C:\Windows\System32\pcaui.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To function properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\wininet\ManyCam.exe
                                                                                        Imagebase:0x7ff7df150000
                                                                                        File size:155'136 bytes
                                                                                        MD5 hash:54CE7125F4149F2BA28ED251E51794E4
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:3
                                                                                        Start time:05:49:54
                                                                                        Start date:15/09/2023
                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                        Imagebase:0xc30000
                                                                                        File size:232'960 bytes
                                                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000003.00000002.246155492.00000000036F0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000003.00000002.246155492.00000000036F0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:4
                                                                                        Start time:05:49:54
                                                                                        Start date:15/09/2023
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff6bab10000
                                                                                        File size:625'664 bytes
                                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:6
                                                                                        Start time:05:50:13
                                                                                        Start date:15/09/2023
                                                                                        Path:C:\Windows\SysWOW64\explorer.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\explorer.exe
                                                                                        Imagebase:0x1000000
                                                                                        File size:3'611'360 bytes
                                                                                        MD5 hash:166AB1B9462E5C1D6D18EC5EC0B6A5F7
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000006.00000002.310064498.0000000000454000.00000002.00000001.01000000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000006.00000002.310064498.0000000000454000.00000002.00000001.01000000.00000000.sdmp, Author: unknown
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:9
                                                                                        Start time:05:50:14
                                                                                        Start date:15/09/2023
                                                                                        Path:C:\Users\user\AppData\Roaming\wininet\ManyCam.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\AppData\Roaming\wininet\ManyCam.exe"
                                                                                        Imagebase:0x400000
                                                                                        File size:1'756'232 bytes
                                                                                        MD5 hash:BA699791249C311883BAA8CE3432703B
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:10
                                                                                        Start time:05:50:14
                                                                                        Start date:15/09/2023
                                                                                        Path:C:\Windows\System32\pcaui.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To function properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\wininet\ManyCam.exe
                                                                                        Imagebase:0x7ff7df150000
                                                                                        File size:155'136 bytes
                                                                                        MD5 hash:54CE7125F4149F2BA28ED251E51794E4
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:11
                                                                                        Start time:05:50:15
                                                                                        Start date:15/09/2023
                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                        Imagebase:0xc30000
                                                                                        File size:232'960 bytes
                                                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000B.00000002.277689055.0000000005D20000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 0000000B.00000002.277689055.0000000005D20000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:12
                                                                                        Start time:05:50:15
                                                                                        Start date:15/09/2023
                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                        Wow64 process (32bit):false
                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                        Imagebase:0x7ff6bab10000
                                                                                        File size:625'664 bytes
                                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        General

                                                                                        Target ID:13
                                                                                        Start time:05:50:23
                                                                                        Start date:15/09/2023
                                                                                        Path:C:\Windows\SysWOW64\explorer.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:C:\Windows\SysWOW64\explorer.exe
                                                                                        Imagebase:0x1000000
                                                                                        File size:3'611'360 bytes
                                                                                        MD5 hash:166AB1B9462E5C1D6D18EC5EC0B6A5F7
                                                                                        Has elevated privileges:false
                                                                                        Has administrator privileges:false
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000000D.00000002.341504013.0000000000454000.00000002.00000001.01000000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 0000000D.00000002.341504013.0000000000454000.00000002.00000001.01000000.00000000.sdmp, Author: unknown
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        Disassembly

                                                                                        Reset < >

                                                                                          Non-executed Functions

                                                                                          Function 0052309D Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 70memorylibraryloaderCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • IsProcessorFeaturePresent.KERNEL32(0000000C,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?,0000040A), ref: 005230A0
                                                                                          • LoadLibraryA.KERNEL32(kernel32.dll,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405), ref: 005230BA
                                                                                          • GetProcAddress.KERNEL32(00000000,InterlockedPushEntrySList), ref: 005230D4
                                                                                          • GetProcAddress.KERNEL32(00000000,InterlockedPopEntrySList), ref: 005230E1
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000008,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000), ref: 00523113
                                                                                          • HeapAlloc.KERNEL32(00000000,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405), ref: 00523116
                                                                                          • InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 0052312A
                                                                                          • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000), ref: 00523136
                                                                                          • HeapFree.KERNEL32(00000000,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405), ref: 00523139
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$AddressProcProcess$AllocCompareExchangeFeatureFreeInterlockedLibraryLoadPresentProcessor
                                                                                          • String ID: Ogt$InterlockedPopEntrySList$InterlockedPushEntrySList$kernel32.dll
                                                                                          • API String ID: 3830925854-378825147
                                                                                          • Opcode ID: 045a139df42147dc29b3cf1c1bb3d0180b322a35e46f72030a23bd9566d498ff
                                                                                          • Instruction ID: 6a309bd71f26a8b6476057eaf9253ffddd2ea6d6ddf4b4a8f55772e675858cee
                                                                                          • Opcode Fuzzy Hash: 045a139df42147dc29b3cf1c1bb3d0180b322a35e46f72030a23bd9566d498ff
                                                                                          • Instruction Fuzzy Hash: 7E11B276610228AFE7209F69FC899177FACFF66B51B008419F605C3250D7389814EB60
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00523722 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 57COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • IsDebuggerPresent.KERNEL32 ref: 0052439E
                                                                                          • _crt_debugger_hook.MSVCR80(00000001), ref: 005243AB
                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 005243B3
                                                                                          • UnhandledExceptionFilter.KERNEL32(00575E58), ref: 005243BE
                                                                                          • _crt_debugger_hook.MSVCR80(00000001), ref: 005243CF
                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 005243DA
                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 005243E1
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
                                                                                          • String ID: !ME
                                                                                          • API String ID: 3369434319-2242867602
                                                                                          • Opcode ID: fa064457d980cb34010aba6a9c8ddec48f34fb03e7b2cf8e25b020562b0318d8
                                                                                          • Instruction ID: 39ba21fb788a80fe4ca9cc942bdb85b36a6e35659692cabfea893639d5bd73cc
                                                                                          • Opcode Fuzzy Hash: fa064457d980cb34010aba6a9c8ddec48f34fb03e7b2cf8e25b020562b0318d8
                                                                                          • Instruction Fuzzy Hash: 9521B0B4901214DFE700DF69FD4E6457BB4FB2A308F10441AF508877A0E7B0568DAF15
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00488A00 Relevance: 7.6, APIs: 5, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • FindResourceW.KERNEL32(00000000,0047AE1E,00000006,?,0047AE1E), ref: 00488A3B
                                                                                          • GetLastError.KERNEL32(?,0047AE1E), ref: 00488A4A
                                                                                          • SizeofResource.KERNEL32(00000000,00000000,?,0047AE1E), ref: 00488A5A
                                                                                          • GetLastError.KERNEL32(?,0047AE1E), ref: 00488A67
                                                                                          • GetLastError.KERNEL32(000000FF,00000000,00000000,00000000,00000000,00000000,?,0047AE1E), ref: 00488AA8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorLast$Resource$FindSizeof
                                                                                          • String ID:
                                                                                          • API String ID: 1187693681-0
                                                                                          • Opcode ID: 65827e7e1ba533ac49771d736c66928104eedf98d9c70884fcfb5a62a0082481
                                                                                          • Instruction ID: c0cef2afab0bd7fe4f68a4e2e270c34d254ae90ade39b42375e279ad05fcd0b3
                                                                                          • Opcode Fuzzy Hash: 65827e7e1ba533ac49771d736c66928104eedf98d9c70884fcfb5a62a0082481
                                                                                          • Instruction Fuzzy Hash: 13215EB490410CAFDF04EFA8C894AAEBBB5AF58304F50855EF516E7380DB349A40DBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004B7920 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetLastError.KERNEL32(?,0050F176,00000000,?,?,?,?,?,?,3D2007F9), ref: 004B7929
                                                                                          • FormatMessageW.KERNEL32(00001100,00000000,00000000,00000400,00000000,00000000,00000000), ref: 004B7951
                                                                                            • Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
                                                                                            • Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852
                                                                                          • GlobalFree.KERNEL32 ref: 004B797D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorFormatFreeGlobalLastMessagefflushfwprintf
                                                                                          • String ID: Error %lu(%XH): %s
                                                                                          • API String ID: 800684769-2225916613
                                                                                          • Opcode ID: 9c25a239c4296b40a1aac8e3427c21774919ee94bcf497bff91ff5139ac85dd7
                                                                                          • Instruction ID: 92133e916cea4efcc1403b83aedde9febef4d0811e6201f309352de0de206619
                                                                                          • Opcode Fuzzy Hash: 9c25a239c4296b40a1aac8e3427c21774919ee94bcf497bff91ff5139ac85dd7
                                                                                          • Instruction Fuzzy Hash: 42F0AFB9E40208BBE714DBD4DC46F9EBB78AB58701F104159FB04A7280D7B06A45DBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004164A0 Relevance: 6.1, APIs: 4, Instructions: 97filestringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00416650: FindClose.KERNEL32(55C35DE5,00000000,?,004164B1,00000000,000001E2,-0000012B), ref: 00416686
                                                                                          • lstrlenW.KERNEL32(00000000,00000000,000001E2), ref: 004164C4
                                                                                          • FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                                          • GetFullPathNameW.KERNEL32(00000000,00000104,?,00000000), ref: 0041652C
                                                                                          • SetLastError.KERNEL32(0000007B), ref: 0041654D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Find$CloseErrorFileFirstFullLastNamePathlstrlen
                                                                                          • String ID:
                                                                                          • API String ID: 333540133-0
                                                                                          • Opcode ID: 171f62d7d2e46f7442e9afe65942f367c9dc7a9140c3c81f7060891864299191
                                                                                          • Instruction ID: f4e42fcc4f8ec7ae6713741ac17fac935eec9a5453ba0a6ca1ec1d98cf041219
                                                                                          • Opcode Fuzzy Hash: 171f62d7d2e46f7442e9afe65942f367c9dc7a9140c3c81f7060891864299191
                                                                                          • Instruction Fuzzy Hash: 8E413AB0A00219AFDB00DFA4DC84BEE77B2BF44305F11856AE515AB385C778D984CB98
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004170D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Versionmemset
                                                                                          • String ID: Z
                                                                                          • API String ID: 3136939366-1505515367
                                                                                          • Opcode ID: 516b4f2a042728e0f0f59f6a94ebabed824618c26df89cb6cf625fad9862a033
                                                                                          • Instruction ID: 947a03641c50d36fa0e939df1043f0996d18235827ec97ca73ee9231d218b9cc
                                                                                          • Opcode Fuzzy Hash: 516b4f2a042728e0f0f59f6a94ebabed824618c26df89cb6cf625fad9862a033
                                                                                          • Instruction Fuzzy Hash: 63017C7094522C9BDF28CF60DD0A7D8B7B4AB0A305F0001EAD54926381DB785BD8CF89
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00523077 Relevance: 4.5, APIs: 2, Strings: 1, Instructions: 12memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcessHeap.KERNEL32(00000000,00416AB4,00523168,00416AB4,0041507C,00415062,?,00415062,00416AB4,?,00416AB4,?,?,?,?), ref: 00523087
                                                                                          • HeapFree.KERNEL32(00000000,?,00415062,00416AB4,?,00416AB4,?,?,?,?), ref: 0052308E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Heap$FreeProcess
                                                                                          • String ID: Ogt
                                                                                          • API String ID: 3859560861-2271539866
                                                                                          • Opcode ID: 441a53b93ebf16eed188891ea13d12f94a6ae03e7d81ddeafca47d4340301828
                                                                                          • Instruction ID: f319b3c51e495ac70aa74a2a88efa86c29433e891e0bee9a04cda8eb8d13ba05
                                                                                          • Opcode Fuzzy Hash: 441a53b93ebf16eed188891ea13d12f94a6ae03e7d81ddeafca47d4340301828
                                                                                          • Instruction Fuzzy Hash: D1D00274914214AFDE11ABA8AE8EA493B7ABF65702F504840F216D61A1D7399848FA21
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0050EC90 Relevance: 4.0, APIs: 3, Instructions: 229COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: a7a71dcc478b47e40df8151f770de63c075e4e3c067fe5a625892b148f8ef34b
                                                                                          • Instruction ID: b9a8476a3ded02214ffd1c961f0993893401f5a1c5ac13666dc1643a7a7c18ad
                                                                                          • Opcode Fuzzy Hash: a7a71dcc478b47e40df8151f770de63c075e4e3c067fe5a625892b148f8ef34b
                                                                                          • Instruction Fuzzy Hash: 5DB1FA7460424ADFCB04CF44C5959AEBBB2FF45344F248A99E8595B392C332EE52DF90
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004B2100 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104comCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          • CoCreateInstance.OLE32(?,00000000,00000001,00571980,00000000,?,?,0056F520,3D2007F9,?,?,?,?,00000000,005334CC,000000FF), ref: 004B21C6
                                                                                          Strings
                                                                                          • CGraphMgr::AddFilterByCLSID name=%s, xrefs: 004B214A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$CreateInstanceclock
                                                                                          • String ID: CGraphMgr::AddFilterByCLSID name=%s
                                                                                          • API String ID: 918117742-3942708501
                                                                                          • Opcode ID: 80f2d3ddaa8d4aa783709a640ee3d22423abe0e31a3af0e214f939dcddfe5315
                                                                                          • Instruction ID: 6627f4356a5c181cec56012d4899b026b21b0b7ca21db5bf76fe668c849b38a9
                                                                                          • Opcode Fuzzy Hash: 80f2d3ddaa8d4aa783709a640ee3d22423abe0e31a3af0e214f939dcddfe5315
                                                                                          • Instruction Fuzzy Hash: C2411C75900209EFDB08DF98D984BEEB7B4FB08314F10865EE815A7390DB74AA01CB64
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00419920 Relevance: 88.0, APIs: 45, Strings: 5, Instructions: 463COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                            • Part of subcall function 00418B80: CreateSolidBrush.GDI32(3D2007F9), ref: 00418B8B
                                                                                          • FillRect.USER32 ref: 004199CF
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000), ref: 00419A41
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000), ref: 00419A5D
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419A8A
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419AA9
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419ABD
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419AD9
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419AFB
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419B10
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00419B22
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00419B34
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00419B58
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419B7A
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00419B96
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00419BB8
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 00419BE3
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00419BF8
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00419C14
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00419C28
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00419C3F
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00419C5D
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419C7F
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00419C9E
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00419CC1
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 00419CEE
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00419D0D
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00419D21
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00419D40
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00419D55
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00419D75
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419D8A
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00419D9C
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00419DAE
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00419DC5
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00419DE5
                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00419E09
                                                                                          • GetTextColor.GDI32(00000000), ref: 00419E18
                                                                                          • SetTextColor.GDI32(00000000,0096681D), ref: 00419E2C
                                                                                          • memset.MSVCR80 ref: 00419ED8
                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00419F18
                                                                                          • memset.MSVCR80 ref: 00419F6A
                                                                                          • memset.MSVCR80 ref: 00419FB1
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image@@$Height@Width@$C__@@Draw@T@@_Utag$memset$ColorRectText$BrushClientCreateFillModeObjectSelectSolid
                                                                                          • String ID: %$Border$Clip Line$F$Tahoma
                                                                                          • API String ID: 2569125150-2632024743
                                                                                          • Opcode ID: fbd3d37cbcfb4a5d345145a4449552b179033964231fac46975376ef3b4c5788
                                                                                          • Instruction ID: 6acad93585106d0d29ca26f9a2d8656a706cc7dc15e340c93166a7cfeebd7e9c
                                                                                          • Opcode Fuzzy Hash: fbd3d37cbcfb4a5d345145a4449552b179033964231fac46975376ef3b4c5788
                                                                                          • Instruction Fuzzy Hash: 5F226E709041199FEF18EB68CCA9BEEB7B8FF54304F1441ADE10AA7291DB742A85CF54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00512040 Relevance: 67.0, APIs: 29, Strings: 9, Instructions: 499memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                                            • Part of subcall function 004CB5F0: SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004CB626
                                                                                            • Part of subcall function 004CB5F0: _wmkdir.MSVCR80 ref: 004CB633
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,?,00000001,\ManyCam,00000000,00569E94,?,00569E90,?,00569E8C,?,00000000,00000000), ref: 0051221A
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0051222B
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00512251
                                                                                            • Part of subcall function 004167E0: _DebugHeapAllocator.LIBCPMTD ref: 004167EE
                                                                                            • Part of subcall function 004CC140: wcscpy_s.MSVCR80 ref: 004CC168
                                                                                            • Part of subcall function 004CC140: SHFileOperationW.SHELL32(00000000), ref: 004CC1BD
                                                                                          • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,NewEffect,00569EAC,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,3D2007F9), ref: 00512270
                                                                                          • CreateDirectoryW.KERNEL32(00000000,?,?,?,?,00569ED4,640x480,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002), ref: 005122D0
                                                                                          • CreateDirectoryW.KERNEL32(00000000,?,?,?,?,00569EE8,352x288,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002), ref: 0051234A
                                                                                          • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,3D2007F9), ref: 00512372
                                                                                          • ?SetFrame@CxImage@@QAEXJ@Z.CXIMAGECRT(00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,3D2007F9), ref: 00512383
                                                                                          • ?SetRetreiveAllFrames@CxImage@@QAEX_N@Z.CXIMAGECRT(00000001,00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,3D2007F9), ref: 00512390
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,00000001,00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,3D2007F9), ref: 005123A6
                                                                                          • ~_Mpunct.LIBCPMTD ref: 005123C8
                                                                                            • Part of subcall function 004166C0: ?DestroyFrames@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166D3
                                                                                            • Part of subcall function 004166C0: ?Destroy@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166DB
                                                                                          • ?GetNumFrames@CxImage@@QBEJXZ.CXIMAGECRT(00000000,00000000,00000001,00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,3D2007F9), ref: 005123F6
                                                                                          • ?GetNumFrames@CxImage@@QBEJXZ.CXIMAGECRT(?,?,?,?,00569F04,preview.jpg,00000000,00000000,00000001,00000000,00000000,?,00569E90,?,00569E8C), ref: 00512474
                                                                                          • ?SetFrame@CxImage@@QAEXJ@Z.CXIMAGECRT(00000000,00000000,00000002,3D2007F9), ref: 005124F5
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,00000000,00000000,00000002,3D2007F9), ref: 0051250B
                                                                                          • ?GetFrameDelay@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000002,3D2007F9), ref: 00512516
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000,00000000,00000001,00000000,00000000), ref: 005125AD
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000,00000000,00000001,00000000), ref: 005125B6
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image@@$AllocatorDebugHeap$CreateDirectoryFrames@$Frame@Load@$Delay@DestroyDestroy@FileFolderFrameHeight@MpunctOperationPathRetreiveSpecialWidth@_wmkdirwcscpy_s
                                                                                          • String ID: .mce$352x288$640x480$InternalProperties$NewEffect$\ManyCam$blocked=0type_id=%dcategory_name=%screator_info=preview=%s$preview.jpg$preview.jpg
                                                                                          • API String ID: 2719232945-3254136489
                                                                                          • Opcode ID: edb56aa18bfe84e8b2a6fcb1c4672e86fafff6400bd075d5d8bb305b2034b014
                                                                                          • Instruction ID: 9b3459efdfe137e0bd21340dd663e66a4f958181f4942486322fc66185ab85f6
                                                                                          • Opcode Fuzzy Hash: edb56aa18bfe84e8b2a6fcb1c4672e86fafff6400bd075d5d8bb305b2034b014
                                                                                          • Instruction Fuzzy Hash: D43219B19002599BDB24EB65CC95BEEBBB8BF44304F0041EDE509A7282DB746F84CF95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004FE9C0 Relevance: 63.2, APIs: 19, Strings: 17, Instructions: 153memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEA15
                                                                                            • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEA2B
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEA41
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEA57
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEA6D
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEA83
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEA99
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEAAF
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEACA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEAE0
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEAF6
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEB0C
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEB22
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEB38
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEB4E
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEB64
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEB90
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEB9C
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000004,00000000,data\effect_data\dateTime\,?,?,3D2007F9), ref: 004FEBB2
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@Load@
                                                                                          • String ID: clock_analog_black.png$clock_analog_blue.png$clock_analog_green.png$clock_analog_orange.png$clock_analog_pink.png$clock_analog_violet.png$clock_analog_white.png$clock_analog_yellow.png$clock_digital_black.png$clock_digital_blue.png$clock_digital_green.png$clock_digital_orange.png$clock_digital_pink.png$clock_digital_violet.png$clock_digital_white.png$clock_digital_yellow.png$data\effect_data\dateTime\
                                                                                          • API String ID: 1315443971-1631216271
                                                                                          • Opcode ID: 747f7d782d11fa2e0d7beee0116b0fc85c130efa3bd3a1f2cfbfa411f50ad014
                                                                                          • Instruction ID: 9f3b7328a67c5534ac5b9426a16a074336d8bfd3d1576c03120503d92f7e5980
                                                                                          • Opcode Fuzzy Hash: 747f7d782d11fa2e0d7beee0116b0fc85c130efa3bd3a1f2cfbfa411f50ad014
                                                                                          • Instruction Fuzzy Hash: AE512B30D0020ADBCB14EB91C952AFFB771BB1170AF61446EE121371E1DB79AD49CB99
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00409060 Relevance: 54.7, APIs: 22, Strings: 9, Instructions: 435COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                            • Part of subcall function 00418B80: CreateSolidBrush.GDI32(3D2007F9), ref: 00418B8B
                                                                                          • FillRect.USER32 ref: 0040910F
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000), ref: 00409152
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040917C
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409191
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004091BC
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004091DB
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(000000E8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409212
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409231
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040924D
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000006,?,000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409269
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,-00000006,00000006,?,000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000), ref: 00409287
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(000000E8,00000000,00000000,00000000,-00000006,00000006,?,000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000), ref: 004092A3
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000006,00000000,000000E8,00000000,00000000,00000000,-00000006,00000006,?,000000E8,00000000,00000000,00000000,00000006), ref: 004092C4
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,005952B0,00000000,00000000,00000000,?,00000006,00000000,000000E8,00000000,00000000,00000000,-00000006,00000006,?,000000E8), ref: 004092E7
                                                                                          • memset.MSVCR80 ref: 00409647
                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00409676
                                                                                          • SetTextColor.GDI32(00000000,00945121), ref: 0040968D
                                                                                            • Part of subcall function 00415F90: CopyRect.USER32 ref: 00415F9F
                                                                                          • DrawTextW.USER32(00000000,00000000,00000000,00000018,00000020), ref: 004096E4
                                                                                          • SelectObject.GDI32(00000000,?), ref: 004096F9
                                                                                          • GetWindowRect.USER32 ref: 0040971D
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,000000FF,000000FF,00000000,00000000,?), ref: 0040974D
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,000000FF,000000FF,00000000,00000000,?), ref: 00409770
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image@@$C__@@Draw@Utag$T@@_$Width@$Rect$Height@$ObjectSelectText$BrushClientColorCopyCreateDrawFillSolidU3@_Windowmemset
                                                                                          • String ID: ,$Category:$Created by:$Name:$Select Resource File:$Tahoma$Type:$]$k
                                                                                          • API String ID: 333958392-4118964679
                                                                                          • Opcode ID: 57c0907e371b0e5315c579a3b0ab3a5d9bb1bc661649efe18dc397683e395b28
                                                                                          • Instruction ID: c7ad2873c58e454c86f9403bdf801017c004aeaca137986ed775093af6690a25
                                                                                          • Opcode Fuzzy Hash: 57c0907e371b0e5315c579a3b0ab3a5d9bb1bc661649efe18dc397683e395b28
                                                                                          • Instruction Fuzzy Hash: 1712F970900258DFEB24EB64CC59BEEBB74AF55308F1081E9E10A7B291DB746E88CF55
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004DFB90 Relevance: 53.0, APIs: 17, Strings: 13, Instructions: 467memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004DFBF8
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004DFCA8
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004DFD09
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004DFD20
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004DFD4C
                                                                                          • ??2@YAPAXI@Z.MSVCR80 ref: 004DFDA6
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004DFDDA
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$??2@
                                                                                          • String ID: Avatars$Avatars$Backgrounds$Backgrounds$Backgrounds$Face accessories$Face accessories$Face accessories$Objects$Objects$Objects$Text over video$mce;png;gif;bmp;jpg
                                                                                          • API String ID: 1120120259-206835408
                                                                                          • Opcode ID: d03f7ad0f4026a635888b16adfd0c88c78ab99df69ea574cede163314c466ec1
                                                                                          • Instruction ID: 863c393ab99b281b1a89dc60ed5188a45fcf53b181839f16f77b3e1b5f5f418e
                                                                                          • Opcode Fuzzy Hash: d03f7ad0f4026a635888b16adfd0c88c78ab99df69ea574cede163314c466ec1
                                                                                          • Instruction Fuzzy Hash: B5222BB0D023589ADB64DB69CD45BDEBBB5AB49304F0041DEE009B7282DB745F84CF96
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041FEC0 Relevance: 52.8, APIs: 35, Instructions: 281COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                            • Part of subcall function 00418B80: CreateSolidBrush.GDI32(3D2007F9), ref: 00418B8B
                                                                                          • FillRect.USER32 ref: 0041FF4E
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000), ref: 0041FF79
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000), ref: 0041FF88
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041FFA8
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041FFC4
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041FFD5
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041FFE4
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00420003
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00420015
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00420024
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00420033
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 00420054
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00420066
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0042007F
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00420094
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 004200AF
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 004200C1
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 004200DA
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 004200EB
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004200FF
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 0042011A
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0042012C
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0042013B
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0042014E
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 0042016B
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00420187
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00420198
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 004201A7
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004201B9
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 004201D6
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 004201E8
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 004201F7
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00420206
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0042021A
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 00420237
                                                                                            • Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image@@$Height@Width@$C__@@Draw@T@@_Utag$Rect$BrushClientCreateFillSolid
                                                                                          • String ID:
                                                                                          • API String ID: 3081667405-0
                                                                                          • Opcode ID: e5508424702d3637028a52f75ed04034ea68152d49e61552c755e5592890112e
                                                                                          • Instruction ID: 1c2bfeca7ff6b3ab6ad25faf3ba119e10400a5b9e5fd5cc21205db22d06f93b4
                                                                                          • Opcode Fuzzy Hash: e5508424702d3637028a52f75ed04034ea68152d49e61552c755e5592890112e
                                                                                          • Instruction Fuzzy Hash: 9FB1CF71E00109ABDB08FBD8CCA5BFEB779EF84304F14412DA216B7295DF242959CB65
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00473AC0 Relevance: 40.5, APIs: 8, Strings: 15, Instructions: 263memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • wcsncpy.MSVCR80 ref: 00473B72
                                                                                            • Part of subcall function 004749C0: List.LIBCMTD ref: 004749CA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00473BDF
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00473BF7
                                                                                          • wcsncpy.MSVCR80 ref: 00473C23
                                                                                          • _wtoi.MSVCR80 ref: 00473C46
                                                                                          • _wtoi.MSVCR80 ref: 00473CA8
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00473CE4
                                                                                          • memcpy.MSVCR80(00000000,?,00000004,?,?,?,color,font-weight,font-size,font-family,-00000004,00000000,00000000,?,?), ref: 00473D09
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$_wtoiwcsncpy$Listmemcpy
                                                                                          • String ID: Tahoma$bold$bottom$center$color$font-family$font-size$font-weight$left$middle$normal$right$text-align$top$vertical-align
                                                                                          • API String ID: 2887013889-1516497678
                                                                                          • Opcode ID: 788e32562ee1b3e60529b53916602aee49f0928f9813a148764b4366f98aa258
                                                                                          • Instruction ID: 2ca92ed9edc0e43fd755dbe637c67a1d90932da1e7afedfaae36012b12e5aafe
                                                                                          • Opcode Fuzzy Hash: 788e32562ee1b3e60529b53916602aee49f0928f9813a148764b4366f98aa258
                                                                                          • Instruction Fuzzy Hash: 8DB17470600109DFDB04DF65D991AEEBBB4BF14305F10845EE80577392EB38EA59CB65
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004F6BD0 Relevance: 38.7, APIs: 15, Strings: 7, Instructions: 165fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,Dynamic), ref: 004F6C39
                                                                                          • GetFileSize.KERNEL32(000000FF,00000000), ref: 004F6C72
                                                                                          • CloseHandle.KERNEL32(000000FF), ref: 004F6C83
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                          • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,?,Dynamic), ref: 004F6CD4
                                                                                          Strings
                                                                                          • You have selected an image with the dimension larger than 3000x2000., xrefs: 004F6DDB
                                                                                          • You have selected a file with the size larger than 3Mb., xrefs: 004F6D24
                                                                                          • The Resource File is corrupted. Please select another., xrefs: 004F6C48
                                                                                          • The file size is larger than the maximum allowed (10 Mb)., xrefs: 004F6C89
                                                                                          • The Resource File is corrupted. Please select another., xrefs: 004F6D81
                                                                                          • Dynamic, xrefs: 004F6C05
                                                                                          • The Resource File is corrupted. Please select another., xrefs: 004F6CE3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: File$Create$AllocatorCloseDebugHandleHeapSize
                                                                                          • String ID: Dynamic$The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$The file size is larger than the maximum allowed (10 Mb).$You have selected a file with the size larger than 3Mb.$You have selected an image with the dimension larger than 3000x2000.
                                                                                          • API String ID: 1944681888-4013501048
                                                                                          • Opcode ID: db53ed9e86c52f9cf1fd276464b43294e0c4f6e7b9bf3ea5ce6500d8ea47b909
                                                                                          • Instruction ID: 602c555bb4c1e2a523d70d8c740280473e2c328c7d9138f782ffa9abfa287272
                                                                                          • Opcode Fuzzy Hash: db53ed9e86c52f9cf1fd276464b43294e0c4f6e7b9bf3ea5ce6500d8ea47b909
                                                                                          • Instruction Fuzzy Hash: 27613C70A00258ABDB14EF54DC96BEEBB75FB40314F50465AF91AAB2D0CB34AF81DB44
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00420D30 Relevance: 37.7, APIs: 25, Instructions: 218windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Color$Rect$BrushCreateDeleteObjectSolidText$Fill$DrawFocusFrameModewcslen
                                                                                          • String ID:
                                                                                          • API String ID: 2925841201-0
                                                                                          • Opcode ID: 26bd2938b346416d1ad719aebc76d141ac748537c15b6b170e29b0edcf1e6a47
                                                                                          • Instruction ID: 66e9c8a567400198a530f2ea5b8cee96818a293c6e558f9a1399f5342b62ddb8
                                                                                          • Opcode Fuzzy Hash: 26bd2938b346416d1ad719aebc76d141ac748537c15b6b170e29b0edcf1e6a47
                                                                                          • Instruction Fuzzy Hash: 36A1BAB5A00208DFDB08CFD8D9989AEBBB5FF9C310F108119EA19AB355D734A945DF90
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004DF9D0 Relevance: 36.8, APIs: 11, Strings: 10, Instructions: 100COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Backgrounds$Dynamic$Eyebrow$Eyeglasses$Face$Face accessories$Hair$Hats$Objects$Static
                                                                                          • API String ID: 0-1997589367
                                                                                          • Opcode ID: 901aaf5dd029739a1d3c8ae11e8e018cde442a6ffa83023b5c9d53f9021075d0
                                                                                          • Instruction ID: 0d5221454f0c8e7e8b894d99aff3531fa54f2736b105361686d27a0df3d4384b
                                                                                          • Opcode Fuzzy Hash: 901aaf5dd029739a1d3c8ae11e8e018cde442a6ffa83023b5c9d53f9021075d0
                                                                                          • Instruction Fuzzy Hash: AC413B30A042199BCB25DF14D8A5BAB7761BB41708F1405BBB41A5B3D0CB79AEC9CB89
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041EA80 Relevance: 35.3, APIs: 16, Strings: 4, Instructions: 259windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 0041EAEF
                                                                                          • FillRect.USER32 ref: 0041EB03
                                                                                          • LoadIconW.USER32(00000000,00000087), ref: 0041EB51
                                                                                          • DrawIconEx.USER32 ref: 0041EB75
                                                                                          • DeleteObject.GDI32(?), ref: 0041EB7F
                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 0041EBB2
                                                                                          • GetTextColor.GDI32(00000000), ref: 0041EBC1
                                                                                          • SetTextColor.GDI32(00000000,00000000), ref: 0041EBD2
                                                                                          • memset.MSVCR80 ref: 0041EC7C
                                                                                            • Part of subcall function 00417240: CreateFontIndirectW.GDI32(00409661), ref: 0041724B
                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0041ECBC
                                                                                          • memset.MSVCR80 ref: 0041ECE8
                                                                                          • memset.MSVCR80 ref: 0041ED12
                                                                                          • memset.MSVCR80 ref: 0041ED3C
                                                                                          • wcslen.MSVCR80 ref: 0041EDE0
                                                                                          • DrawTextW.USER32(00000000,?,00000000), ref: 0041EE04
                                                                                          • SelectObject.GDI32(00000000,?), ref: 0041EE1C
                                                                                          Strings
                                                                                          • Please confirm that ManyCam has permission to add this codec to your computer., xrefs: 0041ECF5
                                                                                          • To run ManyCam's dynamic background effects it is necessary to have the Indeo(R) codec installed and registered on your computer., xrefs: 0041ECCD
                                                                                          • For more information please visit , xrefs: 0041ED1F
                                                                                          • Verdana, xrefs: 0041EC42
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: memset$ColorObjectText$DrawIconRectSelect$BrushClientCreateDeleteFillFontIndirectLoadModewcslen
                                                                                          • String ID: For more information please visit $Please confirm that ManyCam has permission to add this codec to your computer.$To run ManyCam's dynamic background effects it is necessary to have the Indeo(R) codec installed and registered on your computer.$Verdana
                                                                                          • API String ID: 744489110-1759026381
                                                                                          • Opcode ID: 58b7292fdbef0849fd6a32aea5d5f1962e852a66df7108f83bd5b60b6f2a3ebe
                                                                                          • Instruction ID: 8647ecc2d404d113b85be19741f6e1cb79f34e612718a269b33a6944d2f87c5b
                                                                                          • Opcode Fuzzy Hash: 58b7292fdbef0849fd6a32aea5d5f1962e852a66df7108f83bd5b60b6f2a3ebe
                                                                                          • Instruction Fuzzy Hash: 00C147B0D00219DBDB14CF94DC94BEEBBB9BF54304F1081AAE509AB381DB746A89CF54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00402130 Relevance: 33.7, APIs: 16, Strings: 3, Instructions: 433COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • cvError.CXCORE099(000000FB,cvCylDrawCylinder,Invalid parameter.,.\src\cylaux.cpp,0000009A), ref: 00402670
                                                                                            • Part of subcall function 00405340: cvSet.CXCORE099(?,?,?,?,00000000,0040217B), ref: 0040535D
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 004021A7
                                                                                          • _CIcos.MSVCR80 ref: 004021DD
                                                                                          • _CIsin.MSVCR80 ref: 004021EA
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 0040225F
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 004022C4
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 00402325
                                                                                          • _CIsqrt.MSVCR80 ref: 004023DC
                                                                                          • _CIsqrt.MSVCR80 ref: 004023F7
                                                                                          • _CIacos.MSVCR80 ref: 00402431
                                                                                          • cvSet2D.CXCORE099(?,?,?), ref: 00402488
                                                                                          • _CIcos.MSVCR80 ref: 004024E9
                                                                                          • _CIsin.MSVCR80 ref: 00402517
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 00402559
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 004025DA
                                                                                          • cvLine.CXCORE099(?,?,?,?,?), ref: 0040264C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: IcosIsinIsqrt$ErrorIacosLineSet2
                                                                                          • String ID: .\src\cylaux.cpp$Invalid parameter.$cvCylDrawCylinder
                                                                                          • API String ID: 3689646513-1738803442
                                                                                          • Opcode ID: 8deb28bca9f0b0be666a0c88b69cf3ae356be30c15ac8f98f76c123cc54bb843
                                                                                          • Instruction ID: ee0604925432baceefbd38c3e5584ac40f80a2529fa49fd9d4d055b72c52293a
                                                                                          • Opcode Fuzzy Hash: 8deb28bca9f0b0be666a0c88b69cf3ae356be30c15ac8f98f76c123cc54bb843
                                                                                          • Instruction Fuzzy Hash: C8F1A171A05601DBD304AF60D989696BFF0FF84780F614D88E5D4672A9EB3198B4CFC6
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004018D0 Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 298COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • cvError.CXCORE099(000000FB,cvCylGetModelPosition,Null pointer to tracker context.,.\src\cyltracker.cpp,00000223,?,?,?), ref: 004018F9
                                                                                          • cvError.CXCORE099(000000FB,cvCylGetModelPosition,Null pointer to head config structure.,.\src\cyltracker.cpp,00000226,?,?,?), ref: 00401925
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Error
                                                                                          • String ID: .\src\cyltracker.cpp$Null pointer to head config structure.$Null pointer to tracker context.$cvCylGetModelPosition
                                                                                          • API String ID: 2619118453-1894096719
                                                                                          • Opcode ID: 94b001c55bfdf0bd65362a55d97ec9160b4cac4fd4508785464b6c2c950edd66
                                                                                          • Instruction ID: 9f04fb016eb92f5e31f0ef4e1e4ba15881229676976377827f4aa03fecfd0c42
                                                                                          • Opcode Fuzzy Hash: 94b001c55bfdf0bd65362a55d97ec9160b4cac4fd4508785464b6c2c950edd66
                                                                                          • Instruction Fuzzy Hash: 95C12770609210EFC354AF14D58996ABFB0FF84340F929D98F4E5672A9D730E971CB86
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042B220 Relevance: 33.5, APIs: 11, Strings: 8, Instructions: 278memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000), ref: 0042B3C2
                                                                                          • ?CreateFromArray@CxImage@@QAE_NPAEKKKK_N@Z.CXIMAGECRT(?,?,?,00000020,?,00000000,00000000), ref: 0042B3EB
                                                                                          • ?Resample@CxImage@@QAE_NJJHPAV1@@Z.CXIMAGECRT(00000280,000001E0,00000001,00000000,?,?,?,00000020,?,00000000,00000000), ref: 0042B404
                                                                                          • ?Save@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000004,?,?,?,00000000,\ManyCam\Drawing_Over_Video.png,00000280,000001E0,00000001,00000000,?,?,?,00000020,?), ref: 0042B472
                                                                                          • GetActiveWindow.USER32 ref: 0042B4DD
                                                                                          • ?Save@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(?,00000004,?,00000000), ref: 0042B512
                                                                                          • wcslen.MSVCR80 ref: 0042B5A9
                                                                                            • Part of subcall function 0040EDB0: _DebugHeapAllocator.LIBCPMTD ref: 0040EDE7
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042B5ED
                                                                                            • Part of subcall function 004CC090: memset.MSVCR80 ref: 004CC0AE
                                                                                            • Part of subcall function 004CC090: memset.MSVCR80 ref: 004CC0CB
                                                                                            • Part of subcall function 004CC090: wcscpy.MSVCR80 ref: 004CC0DF
                                                                                            • Part of subcall function 004CC090: wcscat.MSVCR80 ref: 004CC0F8
                                                                                            • Part of subcall function 004CC090: CreateProcessW.KERNEL32 ref: 004CC124
                                                                                          • ??3@YAXPAX@Z.MSVCR80 ref: 0042B63B
                                                                                          • ??3@YAXPAX@Z.MSVCR80 ref: 0042B653
                                                                                          • ~_Mpunct.LIBCPMTD ref: 0042B668
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image@@$??3@AllocatorCreateDebugHeapSave@memset$ActiveArray@FromMpunctProcessResample@V1@@Windowwcscatwcscpywcslen
                                                                                          • String ID: ]T$Do you want to open the folder where you saved the image?$Drawing_Over_Video.png$H]T$Image file (*.png)$ManyCam Virtual Webcam$\ManyCam\Drawing_Over_Video.png$png
                                                                                          • API String ID: 1945080177-1026007927
                                                                                          • Opcode ID: 3e81cdefd75b1fcdc45fb6f2bb49244f9ee8b77ff06ae858d61c28d867ee4a84
                                                                                          • Instruction ID: ec981275a17dfbb414872b9b1b400e900ef69c9b5440b1a82109bcf5bd3e74bc
                                                                                          • Opcode Fuzzy Hash: 3e81cdefd75b1fcdc45fb6f2bb49244f9ee8b77ff06ae858d61c28d867ee4a84
                                                                                          • Instruction Fuzzy Hash: BDD16AB0D042299FDB14DB64C985BEEBBB1FF44308F1081E9E51967281DB396E84CF95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041EFD0 Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 268windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 0041F03F
                                                                                          • FillRect.USER32 ref: 0041F053
                                                                                          • LoadIconW.USER32(00000000,00000087), ref: 0041F0A1
                                                                                          • DrawIconEx.USER32 ref: 0041F0D3
                                                                                          • DeleteObject.GDI32(00529873), ref: 0041F0DD
                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 0041F110
                                                                                          • GetTextColor.GDI32(00000000), ref: 0041F11F
                                                                                          • SetTextColor.GDI32(00000000,00000000), ref: 0041F130
                                                                                          • memset.MSVCR80 ref: 0041F1DA
                                                                                            • Part of subcall function 00417240: CreateFontIndirectW.GDI32(00409661), ref: 0041724B
                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0041F21A
                                                                                          • memset.MSVCR80 ref: 0041F293
                                                                                          • memset.MSVCR80 ref: 0041F2BA
                                                                                          • wcslen.MSVCR80 ref: 0041F35E
                                                                                          • DrawTextW.USER32(00000000,?,00000000), ref: 0041F385
                                                                                          • SelectObject.GDI32(00000000,?), ref: 0041F39D
                                                                                          Strings
                                                                                          • visit the ManyCam website help page , xrefs: 0041F2A0
                                                                                          • this codec doesn, xrefs: 0041F27B
                                                                                          • This feature requires a special video codec to function properly. Unfortunately, xrefs: 0041F22B
                                                                                          • Verdana, xrefs: 0041F1A0
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ColorObjectTextmemset$DrawIconRectSelect$BrushClientCreateDeleteFillFontIndirectLoadModewcslen
                                                                                          • String ID: This feature requires a special video codec to function properly. Unfortunately$Verdana$this codec doesn$visit the ManyCam website help page
                                                                                          • API String ID: 923866622-1098169901
                                                                                          • Opcode ID: 3f31620da8421e62cd21c6cfa0caa7031ff0a88d6dc715023633d5f283328bfa
                                                                                          • Instruction ID: 6f95be4a3cc1c25362b5af6b12462e5a34df96a0e09e544e1f1783aa57f49324
                                                                                          • Opcode Fuzzy Hash: 3f31620da8421e62cd21c6cfa0caa7031ff0a88d6dc715023633d5f283328bfa
                                                                                          • Instruction Fuzzy Hash: 83D1F7B0D002189FDB14DF99DC54BDEBBB8BF58304F1081AAE509AB391DB746A89CF54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004D1F20 Relevance: 31.9, APIs: 15, Strings: 3, Instructions: 394windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D2030
                                                                                          • GetTickCount.KERNEL32 ref: 004D2076
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D20A0
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D212D
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D21FB
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D228A
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D22EE
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D2358
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D23CB
                                                                                          • GetTickCount.KERNEL32 ref: 004D23FB
                                                                                          • IsWindow.USER32(?), ref: 004D243D
                                                                                          • PostMessageW.USER32(?,00008190,000000FF,FFFFFFFF), ref: 004D245E
                                                                                          • SendMessageW.USER32(00000000,00008194,00000000,?), ref: 004D249E
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D24B5
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D24E2
                                                                                            • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                          Strings
                                                                                          • Couldn't activate item., xrefs: 004D221C
                                                                                          • CPlayList::ActivateItem (%s) pos=%d reset=%d, xrefs: 004D1F6A
                                                                                          • fUS, xrefs: 004D2447
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Concurrency::cancellation_token_source::~cancellation_token_source$CountMessageTickclock$AllocatorDebugHeapPostSendWindow
                                                                                          • String ID: CPlayList::ActivateItem (%s) pos=%d reset=%d$Couldn't activate item.$fUS
                                                                                          • API String ID: 2714024287-817954826
                                                                                          • Opcode ID: 72d5d28fb81e9cb43a23bfa0ae115a46047e039f4e0d0dee57b90eda3ef89231
                                                                                          • Instruction ID: cd11fd919a321e88f285589761f8251e1514877f7c039c8d1d7105039d16572d
                                                                                          • Opcode Fuzzy Hash: 72d5d28fb81e9cb43a23bfa0ae115a46047e039f4e0d0dee57b90eda3ef89231
                                                                                          • Instruction Fuzzy Hash: FA027970A00218DFDB14DBA4CD61BEEBBB1AF55308F14819EE5096B382CB746E89CF55
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004C8720 Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 318COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C878C
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C879B
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C87D2
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C87E1
                                                                                            • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                          Strings
                                                                                          • CManyCamModel::UpdateGraphTopologyOnSourceChange, xrefs: 004C8755
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Concurrency::cancellation_token_source::~cancellation_token_source$clock$AllocatorDebugHeap
                                                                                          • String ID: CManyCamModel::UpdateGraphTopologyOnSourceChange
                                                                                          • API String ID: 952932671-1321120180
                                                                                          • Opcode ID: 0b90ff5f2a21a3f5109c721d4de8bebc9373ba52e13293d6d0797d08fd4d5099
                                                                                          • Instruction ID: 10940e179f8bca40d99c735d3df1e6ff842ee16e2e5db1de052c77a05b9f2183
                                                                                          • Opcode Fuzzy Hash: 0b90ff5f2a21a3f5109c721d4de8bebc9373ba52e13293d6d0797d08fd4d5099
                                                                                          • Instruction Fuzzy Hash: 5BE13E70D04248DECB04EFA5D961BEEBBB0AF15308F10815FF4166B282EF785A45DB99
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004B2A80 Relevance: 31.7, APIs: 3, Strings: 15, Instructions: 169COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004B76D0: fwprintf.MSVCR80 ref: 004B7764
                                                                                            • Part of subcall function 004B76D0: fflush.MSVCR80 ref: 004B7774
                                                                                          • StringFromGUID2.OLE32()K,?,00000040,)K,0056F910,)K,00574DDC), ref: 004B2C30
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: FromStringfflushfwprintf
                                                                                          • String ID: Bit count = %d$Format type = %s$Format type = FORMAT_VideoInfo$Format type = GUID_NULL$Frame size = %dx%d$Major type = %s$Major type = GUID_NULL$Major type = MEDIATYPE_Video$Mediatype info:$Subtype = %s$Subtype = GUID_NULL$Subtype = MEDIASUBTYPE_RGB24$Subtype = MEDIASUBTYPE_RGB32$vids$)K
                                                                                          • API String ID: 2684700382-3987823964
                                                                                          • Opcode ID: e2d8f3dbb539b25badfc673ac368b6ee49d21c1c39eb2143ec57eff8d32f1992
                                                                                          • Instruction ID: 0a30e523ff0296b33be7bff9fb0a9039800934aade4f4bd872009a2dad4e24fd
                                                                                          • Opcode Fuzzy Hash: e2d8f3dbb539b25badfc673ac368b6ee49d21c1c39eb2143ec57eff8d32f1992
                                                                                          • Instruction Fuzzy Hash: A951C870E5420867DB10AF19DC57EDE3B34BF44705F00841AB908A6283EFB4EA59D7BA
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00423D70 Relevance: 30.2, APIs: 20, Instructions: 195windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetSysColor.USER32(00000005), ref: 00423DF1
                                                                                          • GetSysColor.USER32(0000000D), ref: 00423DFC
                                                                                          • GetSysColor.USER32(00000008), ref: 00423E07
                                                                                          • DrawFocusRect.USER32 ref: 00423E29
                                                                                          • SetTextColor.GDI32(00000000,?), ref: 00423E65
                                                                                          • SetBkColor.GDI32(00000000,?), ref: 00423E76
                                                                                          • CreateSolidBrush.GDI32(?), ref: 00423E80
                                                                                          • FillRect.USER32 ref: 00423E98
                                                                                          • DeleteObject.GDI32(?), ref: 00423EA2
                                                                                          • SetTextColor.GDI32(00000000,?), ref: 00423EB5
                                                                                          • SetBkColor.GDI32(00000000,?), ref: 00423EC6
                                                                                          • CreateSolidBrush.GDI32(?), ref: 00423ED0
                                                                                          • FillRect.USER32 ref: 00423EE8
                                                                                          • DeleteObject.GDI32(?), ref: 00423EF2
                                                                                          • DrawFocusRect.USER32 ref: 00423F0B
                                                                                          • GetSysColor.USER32(00000011), ref: 00423F3B
                                                                                          • SetTextColor.GDI32(00000000,00000000), ref: 00423F4F
                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00423F66
                                                                                          • wcslen.MSVCR80 ref: 00423F8C
                                                                                          • TextOutW.GDI32(00000000,?,?,?,00000000), ref: 00423FAF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Color$RectText$BrushCreateDeleteDrawFillFocusObjectSolid$Modewcslen
                                                                                          • String ID:
                                                                                          • API String ID: 2588219260-0
                                                                                          • Opcode ID: 2e45cf5c80c4b8fd4d600e7d9edbefb9a3a0af178287644c4581e20515c78400
                                                                                          • Instruction ID: da729acaff73935f9bd159455f2e2352e59e7efa03225867f080d08a233a209d
                                                                                          • Opcode Fuzzy Hash: 2e45cf5c80c4b8fd4d600e7d9edbefb9a3a0af178287644c4581e20515c78400
                                                                                          • Instruction Fuzzy Hash: AA81CA75A00218EFDB08CF94E9989AEBBB5FF98301F108159F609A7350DB34AE45DF94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00402C80 Relevance: 30.2, APIs: 20, Instructions: 174COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00403140: cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,0040120F), ref: 00403198
                                                                                            • Part of subcall function 00403140: cvCreateImage.CXCORE099(?,?,80000010,00000001,?,00000000,?,0040120F), ref: 004031AF
                                                                                            • Part of subcall function 00403140: cvCreateImage.CXCORE099(?,?,80000010,00000001,?,?,?,?,?,00000000,?,0040120F), ref: 004031C7
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005,0040120F), ref: 00402C98
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,0040120F), ref: 00402CB4
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,0040120F), ref: 00402CD0
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,0040120F), ref: 00402CEC
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,?,?,?,0040120F), ref: 00402D08
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00402D24
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00402D40
                                                                                          • cvCreateMat.CXCORE099(00000003,00000004,00000005), ref: 00402D5C
                                                                                          • cvCreateMat.CXCORE099(00000003,00000004,00000005), ref: 00402D78
                                                                                          • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402D94
                                                                                          • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402DB0
                                                                                          • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402DCC
                                                                                          • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402DE8
                                                                                          • cvCreateMat.CXCORE099(00000003,00000001,00000005), ref: 00402E04
                                                                                          • cvCreateMat.CXCORE099(00000006,00000006,00000005), ref: 00402E20
                                                                                          • cvCreateMat.CXCORE099(00000006,00000001,00000005), ref: 00402E38
                                                                                          • cvCreateMat.CXCORE099(00000006,00000001,00000005), ref: 00402E50
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00402E68
                                                                                          • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402E80
                                                                                          • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402E98
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Create$Image
                                                                                          • String ID:
                                                                                          • API String ID: 1237808576-0
                                                                                          • Opcode ID: ae6bf935b923b4879af12b20d1e7ba834aac778abf3f025c7bd5bd2a014dc142
                                                                                          • Instruction ID: 61334a59a6328505146fa154266dd27d5a2e39e93b606410563eabcbac9550f4
                                                                                          • Opcode Fuzzy Hash: ae6bf935b923b4879af12b20d1e7ba834aac778abf3f025c7bd5bd2a014dc142
                                                                                          • Instruction Fuzzy Hash: 225106B0A81B027AF67057719E0BB9326912B26B01F050539BB4DB83C6FBF59521CA99
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004B8960 Relevance: 30.1, APIs: 7, Strings: 10, Instructions: 397COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • Such camera is already in the list: %s, xrefs: 004B8AC7
                                                                                          • Moniker is NULL., xrefs: 004B89FF
                                                                                          • Desired frame size is invalid., xrefs: 004B8A49
                                                                                          • Destroy the graph for camera %s, xrefs: 004B8B94
                                                                                          • Failed to create the graph with hr=%X, xrefs: 004B8C85
                                                                                          • Error: camera name is empty., xrefs: 004B89BB
                                                                                          • CManyCamGraphMgr::AddCameraInput, xrefs: 004B8995
                                                                                          • Graph creation failed with hr=%X, xrefs: 004B8E3F
                                                                                          • Creating the graph for camera %s, xrefs: 004B8C3E
                                                                                          • Creating new entry for camera %s, xrefs: 004B8D86
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: clock$AllocatorDebugHeapfflushfwprintf
                                                                                          • String ID: CManyCamGraphMgr::AddCameraInput$Creating new entry for camera %s$Creating the graph for camera %s$Desired frame size is invalid.$Destroy the graph for camera %s$Error: camera name is empty.$Failed to create the graph with hr=%X$Graph creation failed with hr=%X$Moniker is NULL.$Such camera is already in the list: %s
                                                                                          • API String ID: 2739697835-1067953073
                                                                                          • Opcode ID: 8320536623643fb9a82ccd93883c4b51503a044c0bfe6443a3796fe1dcf3ba29
                                                                                          • Instruction ID: 0c2db78db8441f90a5655b608386306daf3177cd87543fca05d57ae7838a8fe2
                                                                                          • Opcode Fuzzy Hash: 8320536623643fb9a82ccd93883c4b51503a044c0bfe6443a3796fe1dcf3ba29
                                                                                          • Instruction Fuzzy Hash: F5024C70900208EFDB14EF95CC92BEEBBB5BF54304F10415EE5066B2D2DB786A45CBA9
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00402EC0 Relevance: 30.1, APIs: 20, Instructions: 126COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012A4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032CA
                                                                                            • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012A8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032DC
                                                                                            • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012AC,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032EA
                                                                                            • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012C0,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403302
                                                                                            • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012C4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403314
                                                                                            • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012C8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403326
                                                                                          • cvReleaseMat.CXCORE099(00000118,?), ref: 00402ED9
                                                                                          • cvReleaseMat.CXCORE099(00000114), ref: 00402EEB
                                                                                          • cvReleaseMat.CXCORE099(0000011C), ref: 00402EFD
                                                                                          • cvReleaseMat.CXCORE099(00000120), ref: 00402F0F
                                                                                          • cvReleaseMat.CXCORE099(00000124), ref: 00402F21
                                                                                          • cvReleaseMat.CXCORE099(00000128), ref: 00402F33
                                                                                          • cvReleaseMat.CXCORE099(0000012C), ref: 00402F45
                                                                                          • cvReleaseMat.CXCORE099(00000130), ref: 00402F57
                                                                                          • cvReleaseMat.CXCORE099(00000134), ref: 00402F69
                                                                                          • cvReleaseMat.CXCORE099(00000100), ref: 00402F77
                                                                                          • cvReleaseMat.CXCORE099(00000104), ref: 00402F89
                                                                                          • cvReleaseMat.CXCORE099(00000110), ref: 00402F9B
                                                                                          • cvReleaseMat.CXCORE099(00000108), ref: 00402FAD
                                                                                          • cvReleaseMat.CXCORE099(0000010C), ref: 00402FBF
                                                                                          • cvReleaseMat.CXCORE099(00000138), ref: 00402FD1
                                                                                          • cvReleaseMat.CXCORE099(0000013C), ref: 00402FE3
                                                                                          • cvReleaseMat.CXCORE099(00000140), ref: 00402FF5
                                                                                          • cvReleaseMat.CXCORE099(00000144), ref: 00403007
                                                                                          • cvReleaseMat.CXCORE099(00000148), ref: 00403019
                                                                                          • cvReleaseMat.CXCORE099(0000014C), ref: 0040302C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Release$Image
                                                                                          • String ID:
                                                                                          • API String ID: 1442443227-0
                                                                                          • Opcode ID: 18739cc84c4e819f13137b706e7aec6c30c3c301381e9e13cdbf496b20ef20f3
                                                                                          • Instruction ID: e9e9c9bdbcc23bd9ce4fc92c64f6ef92138ef717c9158f18fb2c09d524048864
                                                                                          • Opcode Fuzzy Hash: 18739cc84c4e819f13137b706e7aec6c30c3c301381e9e13cdbf496b20ef20f3
                                                                                          • Instruction Fuzzy Hash: 3A415AB1C01B11ABDA70DB60D94EB97B6EC7F01300F44493E914B929D0EB79F658CAA3
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004AF1A0 Relevance: 30.0, APIs: 2, Strings: 15, Instructions: 270comCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          • CoCreateInstance.OLE32(0056F320,00000000,00000001,00571B10,00000000,?,00000000,?,?,3D2007F9), ref: 004AF229
                                                                                            • Part of subcall function 004B76D0: fwprintf.MSVCR80 ref: 004B7764
                                                                                            • Part of subcall function 004B76D0: fflush.MSVCR80 ref: 004B7774
                                                                                          • CoCreateInstance.OLE32(0056F2E0,00000000,00000001,00571B40,00000000,00000000,00000000,?,?,3D2007F9), ref: 004AF297
                                                                                          Strings
                                                                                          • Creating an instance of IGraphBuilder., xrefs: 004AF1FD
                                                                                          • CGraphMgr::InitInternalInterfaces, xrefs: 004AF1C8
                                                                                          • Failed with hr = %X., xrefs: 004AF4DD
                                                                                          • Init cap graph builder., xrefs: 004AF2C1
                                                                                          • Failed with hr = %X., xrefs: 004AF23C
                                                                                          • Failed with hr = %X., xrefs: 004AF46A
                                                                                          • Failed with hr = %X., xrefs: 004AF308
                                                                                          • Getting IMediaSeeking Interface., xrefs: 004AF3A9
                                                                                          • Creating cature graph builder., xrefs: 004AF26B
                                                                                          • Failed with hr = %X., xrefs: 004AF3F4
                                                                                          • Getting IMediaFilter interface., xrefs: 004AF492
                                                                                          • Failed with hr = %X., xrefs: 004AF37E
                                                                                          • Failed with hr = %X., xrefs: 004AF2AA
                                                                                          • Getting IMediaEventEx interface., xrefs: 004AF41F
                                                                                          • Getting IMediaControlInterface., xrefs: 004AF333
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateInstance$AllocatorDebugHeapclockfflushfwprintf
                                                                                          • String ID: CGraphMgr::InitInternalInterfaces$Creating an instance of IGraphBuilder.$Creating cature graph builder.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Getting IMediaControlInterface.$Getting IMediaEventEx interface.$Getting IMediaFilter interface.$Getting IMediaSeeking Interface.$Init cap graph builder.
                                                                                          • API String ID: 3340919952-3253057602
                                                                                          • Opcode ID: 9b086fe0cb3031e3bc22e440be552398c93d060f0653d1dd36aa5157d34c403a
                                                                                          • Instruction ID: 91a63dad0f67e3e0232ba0b1807ee47d54ee56e4fdf06e0acade68bce617adf4
                                                                                          • Opcode Fuzzy Hash: 9b086fe0cb3031e3bc22e440be552398c93d060f0653d1dd36aa5157d34c403a
                                                                                          • Instruction Fuzzy Hash: 10A18270E402099BDB04EBD9DC62BBE77B0BF99719F10402EF80677282DB796905C769
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004A8E90 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 328memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004A8F0A
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                            • Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                                          • wcscmp.MSVCR80 ref: 004A8F3A
                                                                                          • wcscmp.MSVCR80 ref: 004A8F53
                                                                                          • wcscmp.MSVCR80 ref: 004A8F80
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004A92EC
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004A9304
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004A9324
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$wcscmp$FileFindFirst
                                                                                          • String ID: InternalProperties
                                                                                          • API String ID: 1222566788-1350816593
                                                                                          • Opcode ID: c6da74deea4d9cd51fd66fbdb8e43503fd6c04aced2bb07cda00fcb46decaaae
                                                                                          • Instruction ID: d461dac8b76a5e630202117bde1037354cd356562fc5738dbdf76f67a61ac83d
                                                                                          • Opcode Fuzzy Hash: c6da74deea4d9cd51fd66fbdb8e43503fd6c04aced2bb07cda00fcb46decaaae
                                                                                          • Instruction Fuzzy Hash: 30F13AB49001199FDB14DF54CC94BAEB7B5BF55304F1085DAEA0AA7381DB34AE88CF68
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004010A0 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 187COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • cvError.CXCORE099(000000FB,cvCylCreateTrackerContext,Invalid frame size.,.\src\cyltracker.cpp,00000064), ref: 004012DF
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Error
                                                                                          • String ID: .\src\cyltracker.cpp$Insufficient memory for initializing tracker$Insufficient memory.$Invalid frame size.$Invalid method.$Invalid model type.$Invalid pyramid type.$cvCylCreateTrackerContext
                                                                                          • API String ID: 2619118453-4185331338
                                                                                          • Opcode ID: 159e2c39b6469685c728ac88f41f5128306c1347d163a9cc52779d86d74ae199
                                                                                          • Instruction ID: 99194e5ea39f0bab6f8ac41c15566c549df518491d95b6df1d49c7cd51309a21
                                                                                          • Opcode Fuzzy Hash: 159e2c39b6469685c728ac88f41f5128306c1347d163a9cc52779d86d74ae199
                                                                                          • Instruction Fuzzy Hash: 6F51F5B6B4031157DB149E58AC82BA67790BB85710F0881BEFE0CBF3D2E6759904C7A6
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004735B0 Relevance: 26.6, APIs: 7, Strings: 8, Instructions: 324COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                            • Part of subcall function 00474150: _DebugHeapAllocator.LIBCPMTD ref: 00474184
                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00473611
                                                                                            • Part of subcall function 0040EDB0: _DebugHeapAllocator.LIBCPMTD ref: 0040EDE7
                                                                                          • swscanf.MSVCR80 ref: 00473710
                                                                                          • swscanf.MSVCR80 ref: 0047372B
                                                                                          • swscanf.MSVCR80 ref: 00473746
                                                                                          Strings
                                                                                          • Error parsing color field: one of color components is not specified, xrefs: 00473803
                                                                                          • Error parsing color field: one of color components is not specified, xrefs: 00473891
                                                                                          • Error parsing color field: unexpected symbols '%s'., xrefs: 004739E1
                                                                                          • Unspecified error., xrefs: 004735EB
                                                                                          • rgb(, xrefs: 0047378C
                                                                                          • Success., xrefs: 00473A16
                                                                                          • Error parsing color field: wrong number of symbols after '#', xrefs: 00473689
                                                                                          • Error parsing color field: one of color components is not specified, xrefs: 0047392B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeapswscanf$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                          • String ID: Error parsing color field: one of color components is not specified$Error parsing color field: one of color components is not specified$Error parsing color field: one of color components is not specified$Error parsing color field: unexpected symbols '%s'.$Error parsing color field: wrong number of symbols after '#'$Success.$Unspecified error.$rgb(
                                                                                          • API String ID: 1122337173-231897244
                                                                                          • Opcode ID: 683619098a5f14be788e1fbab1df8c809ac1bea4690c2859a926c6c666e65a2e
                                                                                          • Instruction ID: 514317ef524717ef2c7c16df4d54ca1b957cd51d0b51933f763c983e9b3e5875
                                                                                          • Opcode Fuzzy Hash: 683619098a5f14be788e1fbab1df8c809ac1bea4690c2859a926c6c666e65a2e
                                                                                          • Instruction Fuzzy Hash: 64D16F71901208EEDB04EBA5DC56BEEBB74AF10304F50816EF41AA72D1DB786B48CB95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042E4D0 Relevance: 26.5, APIs: 6, Strings: 9, Instructions: 253memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0042F320: SendMessageW.USER32(3D2007F5,0000101E,00000000,3D2007F5), ref: 0042F342
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042E628
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042E637
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042E647
                                                                                          • memset.MSVCR80 ref: 0042E75B
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042E6A0
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,?,?,tyTdyT,00547960,?,data\images\,?,?,?,00000003,00000072,00000002,00000072), ref: 0042E6C9
                                                                                            • Part of subcall function 00407D70: SendMessageW.USER32(?,00000432,00000000,00000000), ref: 00407DAB
                                                                                            • Part of subcall function 00424C20: SendMessageW.USER32(?,00000418,00000000,?), ref: 00424C38
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$MessageSend$Image@@Load@memset
                                                                                          • String ID: .png$Col1$Col2$Col3$Col4$Tahoma$data\images\$dyT$tyTdyT
                                                                                          • API String ID: 1838653368-352732241
                                                                                          • Opcode ID: 5240a672e344888a9dcc8595a84e68314da153b494bcf22761846ef33874b4da
                                                                                          • Instruction ID: 63107b193e0704695c5efb6fe35d957d42c89c1ca5e4e6b9e88f197d9dfb2259
                                                                                          • Opcode Fuzzy Hash: 5240a672e344888a9dcc8595a84e68314da153b494bcf22761846ef33874b4da
                                                                                          • Instruction Fuzzy Hash: 4AB15CB0A443589BEB24DB65CC62FAEB771BF04718F00419DE1197B2C2CBB46A44CB5A
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00401E00 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 165COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • cvCreateImage.CXCORE099(?,?,00000008,00000001), ref: 00401E39
                                                                                          • cvCreateImage.CXCORE099(?,?,00000008,00000001), ref: 00401E7D
                                                                                          • cvCvtColor.CV099(?,?,00000006,?,?,00000008,00000001), ref: 00401E8E
                                                                                          • cvResize.CV099(?,?,00000001), ref: 00401EA2
                                                                                          • cvEqualizeHist.CV099(?,?), ref: 00401EB0
                                                                                          • cvClearMemStorage.CXCORE099(?,?,?), ref: 00401EB6
                                                                                          • cvHaarDetectObjects.CV099(?,?,?,0000001E,0000001E), ref: 00401EDE
                                                                                          • cvReleaseImage.CXCORE099(?), ref: 00401EED
                                                                                          • cvReleaseImage.CXCORE099(?), ref: 00401EFA
                                                                                          • cvGetSeqElem.CXCORE099(00000000,00000000), ref: 00401F0F
                                                                                          • cvClearSeq.CXCORE099(00000000), ref: 00401FC9
                                                                                          • cvError.CXCORE099(000000FE,auxDetectFace,Invalid input data,.\src\cylaux.cpp,0000002C), ref: 00401FF0
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image$ClearCreateRelease$ColorDetectElemEqualizeErrorHaarHistObjectsResizeStorage
                                                                                          • String ID: .\src\cylaux.cpp$Invalid input data$auxDetectFace
                                                                                          • API String ID: 2437743724-1894629017
                                                                                          • Opcode ID: 2bb4529f379278a41ca53a7c36763ca3dde82cfa4019168cc177150fd70c6ded
                                                                                          • Instruction ID: ac98781828b75c9019f3c1cd100c5520617b492f8a1ed74b89b13fa435fe6163
                                                                                          • Opcode Fuzzy Hash: 2bb4529f379278a41ca53a7c36763ca3dde82cfa4019168cc177150fd70c6ded
                                                                                          • Instruction Fuzzy Hash: 0951B170608710ABD300AF14E84AA2BBBE4FFC8714F054E58F489672A5DA31D974CB56
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00506610 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 118fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0050665D
                                                                                          • GetFileSize.KERNEL32(000000FF,00000000), ref: 0050669D
                                                                                          • CloseHandle.KERNEL32(000000FF), ref: 005066AE
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                          Strings
                                                                                          • You have selected a file with the size larger than 3Mb., xrefs: 005066B4
                                                                                          • The Resource File is corrupted. Please select another., xrefs: 0050666C
                                                                                          • The Resource File is corrupted. Please select another., xrefs: 00506718
                                                                                          • You have selected an image with the dimension larger than 3000x2000., xrefs: 0050676F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: File$AllocatorCloseCreateDebugHandleHeapSize
                                                                                          • String ID: The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$You have selected a file with the size larger than 3Mb.$You have selected an image with the dimension larger than 3000x2000.
                                                                                          • API String ID: 1278540365-1045440647
                                                                                          • Opcode ID: a2995053e53532cd3cc61e84a4e3e243a16d3489957e33b38d496d8e3a878c98
                                                                                          • Instruction ID: bf2e516d7632956263a6d0b7edc6ab055445a249ca0629827ad9313cad8a857e
                                                                                          • Opcode Fuzzy Hash: a2995053e53532cd3cc61e84a4e3e243a16d3489957e33b38d496d8e3a878c98
                                                                                          • Instruction Fuzzy Hash: 3D513C70900259ABDB25EF14DC55BEDBBB0FF45704F1085AAF819AB2D0CB75AE84CB80
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00513E80 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 118fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00513ECD
                                                                                          • GetFileSize.KERNEL32(000000FF,00000000), ref: 00513F0D
                                                                                          • CloseHandle.KERNEL32(000000FF), ref: 00513F1E
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                          Strings
                                                                                          • You have selected a file with the size larger than 3Mb., xrefs: 00513F24
                                                                                          • The Resource File is corrupted. Please select another., xrefs: 00513F88
                                                                                          • You have selected an image with the dimension larger than 3000x2000., xrefs: 00513FDF
                                                                                          • The Resource File is corrupted. Please select another., xrefs: 00513EDC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: File$AllocatorCloseCreateDebugHandleHeapSize
                                                                                          • String ID: The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$You have selected a file with the size larger than 3Mb.$You have selected an image with the dimension larger than 3000x2000.
                                                                                          • API String ID: 1278540365-1045440647
                                                                                          • Opcode ID: 31dae65b8d5032fe5dc687f767acb6db0229cd793d994c6b1de10459a5ee8fd9
                                                                                          • Instruction ID: 23f2238794eb66d98ba3da9ec40f43027c5041e0f5ff9c1f0f1834951436c019
                                                                                          • Opcode Fuzzy Hash: 31dae65b8d5032fe5dc687f767acb6db0229cd793d994c6b1de10459a5ee8fd9
                                                                                          • Instruction Fuzzy Hash: 27511970900259AFEB15EF14DC55BEDBB70BB45344F10859AE815AB2D0CB74AF84DF80
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004E5580 Relevance: 24.9, APIs: 11, Strings: 3, Instructions: 371memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          • ??2@YAPAXI@Z.MSVCR80 ref: 004E56C0
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004E56E8
                                                                                            • Part of subcall function 004D7750: _DebugHeapAllocator.LIBCPMTD ref: 004D7791
                                                                                            • Part of subcall function 00418CB0: EnterCriticalSection.KERNEL32(xJ,00000001,?,004A78E3,?,004A7688,00000001,3D2007F9,?,?,00000000,005372A8,000000FF,?,004602DC), ref: 00418CBB
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004E5761
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004E57BA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004E57A0
                                                                                            • Part of subcall function 00418D00: LeaveCriticalSection.KERNEL32(00000001,00000000,?,00418CE9,00000001,?,00418C7A,00417F19,?,00522EAF,?,005A2ECC,005A2ECC,?,00417F19), ref: 00418D0B
                                                                                          Strings
                                                                                          • CVideoLayer::SetVideoSource (%s), xrefs: 004E55B2
                                                                                          • SetVideoSource completed with bStatus = %d., xrefs: 004E5A61
                                                                                          • Changing source to type=%d, name=%s, xrefs: 004E5615
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Concurrency::cancellation_token_source::~cancellation_token_sourceCriticalSection$??2@EnterLeaveclock
                                                                                          • String ID: CVideoLayer::SetVideoSource (%s)$Changing source to type=%d, name=%s$SetVideoSource completed with bStatus = %d.
                                                                                          • API String ID: 940658134-2688229957
                                                                                          • Opcode ID: ed1a128956794bde5e5230a4d138cfadb2c5c7bc89fd5ac7b4d3999619687d38
                                                                                          • Instruction ID: dba240629de62da63940887bf9cd1e5b9116a74bbdd400ead28e10356bf54a65
                                                                                          • Opcode Fuzzy Hash: ed1a128956794bde5e5230a4d138cfadb2c5c7bc89fd5ac7b4d3999619687d38
                                                                                          • Instruction Fuzzy Hash: 0EF12B70E00248DFDB04DF95C8A1BEEB7B5AF48308F24816EE4196B392DB796D41CB95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0040C220 Relevance: 24.8, APIs: 9, Strings: 5, Instructions: 308memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0040FA80: List.LIBCMTD ref: 0040FA8A
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0040C2DC
                                                                                            • Part of subcall function 004DBD20: Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 004DBD89
                                                                                          • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 0040C305
                                                                                            • Part of subcall function 004DB530: _DebugHeapAllocator.LIBCPMTD ref: 004DB54A
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0040C35E
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0040C371
                                                                                            • Part of subcall function 004DAFB0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004DB014
                                                                                          • _snwprintf.MSVCR80 ref: 0040C591
                                                                                          • wcslen.MSVCR80 ref: 0040C59E
                                                                                          • wcscpy.MSVCR80 ref: 0040C5CE
                                                                                          • wcslen.MSVCR80 ref: 0040C5DB
                                                                                            • Part of subcall function 0040F760: _invalid_parameter_noinfo.MSVCR80(00000000,?,00409D5D,?,?,00000000,?,?,?,mce,?,?,?,?,?,?), ref: 0040F774
                                                                                          • wcscat.MSVCR80 ref: 0040C633
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Base::Concurrency::details::$PolicySchedulerwcslen$ContextIdentityListQueueWork_invalid_parameter_noinfo_snwprintfwcscatwcscpy
                                                                                          • String ID: %s files (%s)$*.%s$*.%s$;*.%s$;*.%s
                                                                                          • API String ID: 3673500439-2222090975
                                                                                          • Opcode ID: 410b57a6a7f9a888242e909b12c55668fef034fc55ece74735e624549ad644eb
                                                                                          • Instruction ID: 0f1205feb10db953e557daecc0f66cfc6334ceda2ae244769a0a321528e6ad92
                                                                                          • Opcode Fuzzy Hash: 410b57a6a7f9a888242e909b12c55668fef034fc55ece74735e624549ad644eb
                                                                                          • Instruction Fuzzy Hash: 7BC12F71D00208DBDB14EBA5E892BEEB775AF54308F10417EF116B72D1DB385A48CB99
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041A3B0 Relevance: 24.8, APIs: 6, Strings: 8, Instructions: 308memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0041A415
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0041A437
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0041A455
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0041A47D
                                                                                            • Part of subcall function 00472C60: _wfopen_s.MSVCR80 ref: 00472CBE
                                                                                            • Part of subcall function 00472C60: fclose.MSVCR80 ref: 00472CDF
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                            • Part of subcall function 004730D0: _DebugHeapAllocator.LIBCPMTD ref: 0047314B
                                                                                            • Part of subcall function 004730D0: _DebugHeapAllocator.LIBCPMTD ref: 0047316D
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,?,00000000,?,0053E990,?,?,?,?,?,\class.xml,?,?,?,data\images\), ref: 0041A530
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@Load@_wfopen_sfclose
                                                                                          • String ID: 8S$P$\class.xml$data\images\$icon$icon_and_text$style$S
                                                                                          • API String ID: 255584289-693003568
                                                                                          • Opcode ID: 603b225bfe0989b9d3390ef585aae42c8b49bc1da2bbc25a9b3d303a95ec7668
                                                                                          • Instruction ID: 810976337b1479ad00da3f975604671f65968c870661c51cbc195e462080606e
                                                                                          • Opcode Fuzzy Hash: 603b225bfe0989b9d3390ef585aae42c8b49bc1da2bbc25a9b3d303a95ec7668
                                                                                          • Instruction Fuzzy Hash: 4BD16EB0D012189BDB14DB95CD92BEDBBB4BF18304F10819EE14A77281DB746E85CF9A
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00401690 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 176COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • cvCvtColor.CV099(?,?,00000007), ref: 004016FA
                                                                                          • cvGetImageROI.CXCORE099(?,?), ref: 0040170E
                                                                                          • cvSobel.CV099(?,?,00000001,00000000,00000003,?,?), ref: 00401742
                                                                                          • cvSobel.CV099(?,?,00000000,00000001,00000003), ref: 00401758
                                                                                          • cvGEMM.CXCORE099(?,?,?,00000000,?,00000000), ref: 004017D9
                                                                                          • cvCopy.CXCORE099(?,?,00000000), ref: 004017F1
                                                                                          • cvError.CXCORE099(000000FB,cvCylTrackModel,Invalid input frame.,.\src\cyltracker.cpp,000001A0), ref: 00401886
                                                                                          • cvSetImageROI.CXCORE099(?), ref: 004018B5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ImageSobel$ColorCopyError
                                                                                          • String ID: .\src\cyltracker.cpp$Invalid input frame.$Null pointer to the tracker context.$cvCylTrackModel
                                                                                          • API String ID: 3140367126-428952811
                                                                                          • Opcode ID: 3ec082688a0413c58711cd9b83bdb17f3b228cbd943129101cc4b4c10cf63d8e
                                                                                          • Instruction ID: 66ebd014f4a14a4e4a4a45a8ae43f3bc62eaeaf842471fa18c085293a8b48d64
                                                                                          • Opcode Fuzzy Hash: 3ec082688a0413c58711cd9b83bdb17f3b228cbd943129101cc4b4c10cf63d8e
                                                                                          • Instruction Fuzzy Hash: 5051A1B1B00601ABC608EB64DC86FA6F7A5BF89710F008229FA58573D1D774E924CBD6
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004FDB10 Relevance: 24.7, APIs: 8, Strings: 6, Instructions: 166memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00454C20: _time64.MSVCR80 ref: 00454C25
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FDB92
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FDBD1
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FDC10
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FDC4F
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FDC71
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FDCBA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FDCF9
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FDD11
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$_time64
                                                                                          • String ID: %H:%M$%I:%M %p$%Y/%m/%d$%d/%m/%Y$%d/%m/%y$%m/%d/%y
                                                                                          • API String ID: 1617621919-1797068983
                                                                                          • Opcode ID: 337cc33751ee86f278b6aaa86c876a731ec91c3783f736a420f80f166415e58d
                                                                                          • Instruction ID: 7b51e2b139bb5990a0f73220b2d1b914545a6a30d8eed0ff1401071254383894
                                                                                          • Opcode Fuzzy Hash: 337cc33751ee86f278b6aaa86c876a731ec91c3783f736a420f80f166415e58d
                                                                                          • Instruction Fuzzy Hash: 3B712571D0124CDFCB09DF95D985AEEBBB5BF54308F10816EE1027B281DB786A49CB94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004B8420 Relevance: 23.0, APIs: 4, Strings: 9, Instructions: 284memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004B84DB
                                                                                          • ??2@YAPAXI@Z.MSVCR80 ref: 004B84E2
                                                                                            • Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
                                                                                            • Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852
                                                                                            • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                          Strings
                                                                                          • Creating frame grabbing graph for file %s, xrefs: 004B856B
                                                                                          • Destroying the graph., xrefs: 004B8725
                                                                                          • Couldn't find the graph %s!, xrefs: 004B86E7
                                                                                          • Creating frame grabbing graph for camera %s, xrefs: 004B84C0
                                                                                          • Failed creating graph with hr=%X; preparing to clean up., xrefs: 004B8697
                                                                                          • CManyCamGraphMgr::CreateGraph, xrefs: 004B8448
                                                                                          • AppModel pointer is NULL! Returning E_FAIL., xrefs: 004B8472
                                                                                          • Setting current pos for the graph %s, xrefs: 004B8616
                                                                                          • Setting graph state %d, xrefs: 004B8655
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeapclock$??2@fflushfwprintf
                                                                                          • String ID: AppModel pointer is NULL! Returning E_FAIL.$CManyCamGraphMgr::CreateGraph$Couldn't find the graph %s!$Creating frame grabbing graph for camera %s$Creating frame grabbing graph for file %s$Destroying the graph.$Failed creating graph with hr=%X; preparing to clean up.$Setting current pos for the graph %s$Setting graph state %d
                                                                                          • API String ID: 1778695617-1153812090
                                                                                          • Opcode ID: f1e7f66eff02cda7a9ed3db3bcb49d45f39b49662cdf193da7ba6901c3f1654f
                                                                                          • Instruction ID: f3cb85e83180b36cfd0b303413b5ba2857901d6173e86f69feec068597868732
                                                                                          • Opcode Fuzzy Hash: f1e7f66eff02cda7a9ed3db3bcb49d45f39b49662cdf193da7ba6901c3f1654f
                                                                                          • Instruction Fuzzy Hash: FBC11B75D00209AFDB04DF99CC92BEEB7B4AF48308F14411EF5167B292DB786A05CB69
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 005062D0 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 206memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00506312
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00506336
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00506352
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0050636E
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                                          • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,000000FF,?,?,?,?,?,?,?,?,?,00000000,?,00000002,3D2007F9), ref: 005063A1
                                                                                          • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,00000000,000000FF,?,?,?,?,?,?,?,?,?,00000000,?,00000002,3D2007F9), ref: 005063B5
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                            • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4E3
                                                                                            • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4FF
                                                                                          • memcpy.MSVCR80(?,?,?,3D2007F9), ref: 0050646C
                                                                                          • ??3@YAXPAX@Z.MSVCR80 ref: 0050652C
                                                                                          • ??3@YAXPAX@Z.MSVCR80 ref: 0050653E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$??3@Image@@$memcpy
                                                                                          • String ID: anonymous_type$mask_reader_ver$mask_type$properties
                                                                                          • API String ID: 3418783136-1683271502
                                                                                          • Opcode ID: ea6c7d0e71fb220edab34224d6aa0e07e57cb9ccd2759369dc2a5b15c5864e21
                                                                                          • Instruction ID: 830ff7d4bb77275050dcf287e18c53aa9cee5c96830a24d37f20f8f55580aab9
                                                                                          • Opcode Fuzzy Hash: ea6c7d0e71fb220edab34224d6aa0e07e57cb9ccd2759369dc2a5b15c5864e21
                                                                                          • Instruction Fuzzy Hash: 8891F7B1E002489FDB04DFA8D896BEEBBB5BF88304F10816DE419A7381DB345A45CF91
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00514480 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 157memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(3D2007F9,000000FF,?,005125AA,?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000), ref: 005144AB
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(3D2007F9,000000FF,?,005125AA,?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000), ref: 005144B6
                                                                                          • ?Resample@CxImage@@QAE_NJJHPAV1@@Z.CXIMAGECRT(00000160,00000000,00000001,00000000,?,?,?,00000160,00000120,00000001,3D2007F9,000000FF,?,005125AA,?,?), ref: 00514559
                                                                                          • ?IncreaseBpp@CxImage@@QAE_NK@Z.CXIMAGECRT(00000018,00000160,00000000,00000001,00000000,?,?,?,00000160,00000120,00000001,3D2007F9,000000FF,?,005125AA,?), ref: 00514563
                                                                                          • ?AlphaCreate@CxImage@@QAE_NXZ.CXIMAGECRT(00000018,00000160,00000000,00000001,00000000,?,?,?,00000160,00000120,00000001,3D2007F9,000000FF,?,005125AA,?), ref: 0051456B
                                                                                          • ?Save@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000004,00000160,00000120,00000001,3D2007F9,000000FF,?,005125AA,?,?,?,00000000,?,?,?), ref: 005145B1
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 005145DC
                                                                                          • ?Resample@CxImage@@QAE_NJJHPAV1@@Z.CXIMAGECRT(?,00569E8C,00000001,00000000,00000000,0056A220,00000000,00000004,00000160,00000120,00000001,3D2007F9,000000FF,?,005125AA,?), ref: 0051463E
                                                                                          • ?Save@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000004,?,00569E8C,00000001,00000000,00000000,0056A220,00000000,00000004,00000160,00000120,00000001,3D2007F9,000000FF), ref: 00514651
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image@@$Resample@Save@V1@@$AllocatorAlphaBpp@Create@DebugHeapHeight@IncreaseWidth@
                                                                                          • String ID: %s\%d.png$%s\%d.png$352x288$640x480
                                                                                          • API String ID: 2860891125-2440275166
                                                                                          • Opcode ID: a43d91bb6eb54d53ff6a1737a5b0fe56c092a8fccabc49aed94ca0378de78455
                                                                                          • Instruction ID: acc42daae56a842fc35e0990e2763de5810e809cf3d34599ed660b5ee8a323ea
                                                                                          • Opcode Fuzzy Hash: a43d91bb6eb54d53ff6a1737a5b0fe56c092a8fccabc49aed94ca0378de78455
                                                                                          • Instruction Fuzzy Hash: 5A6107B5E00209AFDB04EF99D892AEEBBB5FF88300F108529F515B7291DB746941CF94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00472C60 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 270memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$_wfopen_sfclose
                                                                                          • String ID: base_class$class$name$prop$val
                                                                                          • API String ID: 1905607448-2961531382
                                                                                          • Opcode ID: 265c9ab7eb5baf22480eda760dc822cfc626c5c0d99404b903e2b5ff3dc1b93f
                                                                                          • Instruction ID: 751db2e67e60f486d96aaf90422ccf13f7de2e4e99e3856fc400571b524def08
                                                                                          • Opcode Fuzzy Hash: 265c9ab7eb5baf22480eda760dc822cfc626c5c0d99404b903e2b5ff3dc1b93f
                                                                                          • Instruction Fuzzy Hash: 47C14C70901258DEDB14EBA4CD55BEEBBB4BF50308F10819EE14A67292DB781F88CF95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042E150 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 171memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042E198
                                                                                            • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042E1D1
                                                                                            • Part of subcall function 004167E0: _DebugHeapAllocator.LIBCPMTD ref: 004167EE
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042E203
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042E23C
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042E258
                                                                                          • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000400), ref: 0042E295
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042E2A5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$DateFormat
                                                                                          • String ID: Created by: $Creation date: $Name: $www.manycam.com$www.manycam.com
                                                                                          • API String ID: 393568584-1701023392
                                                                                          • Opcode ID: 6ae18c8123b619394136c12ce8f0d690e019f5e653af45ce7849ef6131bd0f08
                                                                                          • Instruction ID: cbadc1f5ef3ad51f7f35ce95d366eb704496e5c2bb1529dbc726db86d70e8f02
                                                                                          • Opcode Fuzzy Hash: 6ae18c8123b619394136c12ce8f0d690e019f5e653af45ce7849ef6131bd0f08
                                                                                          • Instruction Fuzzy Hash: 65711771A001199FCB14EB64CD91BEEB7B4BF48304F10869DE55AA7291DF34AE88CF94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00406670 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 164COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00406840: GetWindowLongW.USER32(?,000000F0), ref: 0040684F
                                                                                          • GetParent.USER32 ref: 0040669A
                                                                                          • GetWindow.USER32(?,00000004), ref: 004066AD
                                                                                          • GetWindowRect.USER32 ref: 004066C0
                                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D
                                                                                          • GetWindowRect.USER32 ref: 0040673B
                                                                                          • GetParent.USER32(?), ref: 00406749
                                                                                          • GetClientRect.USER32 ref: 0040675A
                                                                                          • GetClientRect.USER32 ref: 00406768
                                                                                          • MapWindowPoints.USER32 ref: 0040677C
                                                                                          • SetWindowPos.USER32(3D2007F9,00000000,00000000,3D2007F9,000000FF,000000FF,00000015,?,?), ref: 00406826
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$Rect$ClientLongParent$InfoParametersPointsSystem
                                                                                          • String ID: *b@
                                                                                          • API String ID: 2289592163-3951841937
                                                                                          • Opcode ID: 85e0b70c33394ba71c68aafcb1af9cf7bac2a856a7ed6dfd4d8bfa7c3afbd8a7
                                                                                          • Instruction ID: 1e1c0fd00856f1237eb481f10da8126670bc63b2ce16d521bf68457a350c038b
                                                                                          • Opcode Fuzzy Hash: 85e0b70c33394ba71c68aafcb1af9cf7bac2a856a7ed6dfd4d8bfa7c3afbd8a7
                                                                                          • Instruction Fuzzy Hash: BA611975E00209EFDB04CFE8C984AEEBBB5BF88304F148629E516BB394D734A945CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00499CC0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 164windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetActiveWindow.USER32 ref: 00499D15
                                                                                          • GetLastActivePopup.USER32(00000000), ref: 00499D31
                                                                                          • SendMessageW.USER32(00000000,0000000D,00000104,?), ref: 00499D71
                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00499DEB
                                                                                          • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00499E0B
                                                                                          • wcscat.MSVCR80 ref: 00499E61
                                                                                          • GetPrivateProfileStringW.KERNEL32 ref: 00499E9A
                                                                                          • wcstoul.MSVCR80 ref: 00499EAF
                                                                                          • MessageBeep.USER32(?), ref: 00499F1C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ActiveMessageName$BeepFileFullLastModulePathPopupPrivateProfileSendStringWindowwcscatwcstoul
                                                                                          • String ID: %s%d$DoNotAsk$PPMessageBox.ini
                                                                                          • API String ID: 3999366269-2647165371
                                                                                          • Opcode ID: 88fe661ea0f20f6091777b59d426feaaedbdce2cd2330f005451ca6092a7d098
                                                                                          • Instruction ID: 52c43eb377399d7600db362d3f6ba6012730098c3eeec84a0b2b3f1ac4b66590
                                                                                          • Opcode Fuzzy Hash: 88fe661ea0f20f6091777b59d426feaaedbdce2cd2330f005451ca6092a7d098
                                                                                          • Instruction Fuzzy Hash: D571697190022A9BEF34DB54CD85BEAB7B8FB48305F0005EAE509A76D0DB742E84DF54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004F7A10 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 94memorylibraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004F7A47
                                                                                          • wcscat.MSVCR80 ref: 004F7A59
                                                                                          • _wfopen.MSVCR80 ref: 004F7A6E
                                                                                          • fclose.MSVCR80 ref: 004F7A96
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004F7ABD
                                                                                          • LoadLibraryW.KERNEL32(00000000,manycam.dll,?), ref: 004F7ACE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugDirectoryHeapLibraryLoadSystem_wfopenfclosewcscat
                                                                                          • String ID: \ir50_32.dll$install_indeo_codec$manycam.dll
                                                                                          • API String ID: 2772874605-3707710387
                                                                                          • Opcode ID: 575395483891dccec64e4652b6b9411fdd4f3bf58853aa2061394f1fea350114
                                                                                          • Instruction ID: 8c6a274a38a71000309de35580737fca633a3ace6444322c61b51428c5e4b817
                                                                                          • Opcode Fuzzy Hash: 575395483891dccec64e4652b6b9411fdd4f3bf58853aa2061394f1fea350114
                                                                                          • Instruction Fuzzy Hash: E7416E71C012189FDB24EFA0ED89BAEB7B4BF08314F104299E516A7290DB786B48CF54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041C950 Relevance: 19.7, APIs: 13, Instructions: 185COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                          • GetStockObject.GDI32(00000000), ref: 0041C9C4
                                                                                          • FillRect.USER32 ref: 0041C9D3
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT ref: 0041C9FF
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT ref: 0041CA2E
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000), ref: 0041CA56
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000), ref: 0041CA6D
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CA97
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CAC5
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB0E
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB36
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB4D
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB77
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CBA5
                                                                                            • Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image@@$C__@@Draw@U3@_Utag$Width@$Rect$ClientFillHeight@ObjectStock
                                                                                          • String ID:
                                                                                          • API String ID: 1214153398-0
                                                                                          • Opcode ID: 1d1617abfc9fbb8697bfd5c8fbec6c435857e0e2642eb5cd6e205186f3222b68
                                                                                          • Instruction ID: 64adb8edbe6d6a745132db4a95317a47dd4f78eb1bf019a77eab89ed2a27929a
                                                                                          • Opcode Fuzzy Hash: 1d1617abfc9fbb8697bfd5c8fbec6c435857e0e2642eb5cd6e205186f3222b68
                                                                                          • Instruction Fuzzy Hash: 8A81C3B4D002099FDB58EF98D991BEEB7B5BF48304F20816AE519B7381DB342A45CF64
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00502A40 Relevance: 19.7, APIs: 13, Instructions: 160COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 898b4d837ae699b25311b23fbbf044c2f725344d7131efd26da484f397ae12a6
                                                                                          • Instruction ID: 12e37dd4abdcf4f70f14d239c3f2fb0002299592faa212dd5bf358f334e534ec
                                                                                          • Opcode Fuzzy Hash: 898b4d837ae699b25311b23fbbf044c2f725344d7131efd26da484f397ae12a6
                                                                                          • Instruction Fuzzy Hash: 20615470904308EFDB14DFA4D85AAEEBFB6BF55310F204A19E516AB2D1EB305A48DB50
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00434E60 Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 254COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: #NC$Backgrounds$Date & Time$Drawing over video$Text over video
                                                                                          • API String ID: 0-745308588
                                                                                          • Opcode ID: e89cde5ceba465d579d9307fe3d900b605cbcdb901679e140c7094b8ba2244ab
                                                                                          • Instruction ID: 61b0055fb2e5cbe1d4e4773f87cdc9b928e12edc189f893c90bd2281fadebac5
                                                                                          • Opcode Fuzzy Hash: e89cde5ceba465d579d9307fe3d900b605cbcdb901679e140c7094b8ba2244ab
                                                                                          • Instruction Fuzzy Hash: D4B14271D052189FCF08EFE5D851BEEBBB5BF48308F14452EE10A6B282DB385945CB99
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00499F90 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 250windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00488640: ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP80(?,?,0049A02E,3D2007F9,?,?), ref: 0048864A
                                                                                            • Part of subcall function 00479BB0: GetSysColor.USER32(00000010), ref: 00479DFB
                                                                                          • GetModuleHandleW.KERNEL32(00000000,3D2007F9,?,?), ref: 0049A14F
                                                                                          • GetModuleHandleW.KERNEL32(00000000,3D2007F9,?,?), ref: 0049A16C
                                                                                          • memset.MSVCR80 ref: 0049A286
                                                                                          • SystemParametersInfoW.USER32(00000029,00000000,000001F8,00000000), ref: 0049A2A5
                                                                                          • CreateFontIndirectW.GDI32(?), ref: 0049A2AF
                                                                                          • LoadIconW.USER32(00000000,00007F01), ref: 0049A31D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: HandleModule$??0?$basic_string@_ColorCreateFontIconIndirectInfoLoadParametersSystemU?$char_traits@_V?$allocator@_W@2@@std@@W@std@@memset
                                                                                          • String ID: p
                                                                                          • API String ID: 89581510-2181537457
                                                                                          • Opcode ID: a881004d8c46297404a52378e96728856b1f8b23cb2602775ab0371babacd52b
                                                                                          • Instruction ID: 0b2ca985f61fbf1d9d73a94fc23b706029f1d57e4e767938025d9d6251a87b1b
                                                                                          • Opcode Fuzzy Hash: a881004d8c46297404a52378e96728856b1f8b23cb2602775ab0371babacd52b
                                                                                          • Instruction Fuzzy Hash: 46C13230901158EFDB24DFA4D859BADB7B1AF48304F2481DED50A6B382CB795E84CF55
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0050F480 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 216COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: _mAnnnYca@aM_
                                                                                          • API String ID: 0-3995523097
                                                                                          • Opcode ID: d785f2585446dacc2ea26e3cd8fc161da3962a7f22c1aaa8b953898c058bd1e2
                                                                                          • Instruction ID: 03f3f580957dd8d98fe766c3b08c4ea85ac32c8ace33bb22cf726ef2f4b4dfae
                                                                                          • Opcode Fuzzy Hash: d785f2585446dacc2ea26e3cd8fc161da3962a7f22c1aaa8b953898c058bd1e2
                                                                                          • Instruction Fuzzy Hash: 51A12CB1A4021A9FDB24DF54DC95FEEB775BF88304F1082E8E50967281DB31AA80CF91
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0050F080 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 129fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          • SetFileAttributesW.KERNEL32(00000000,00000080,?,?,3D2007F9), ref: 0050F10D
                                                                                          • CreateFileW.KERNEL32(00000000,001F01FF,00000000,00000000,00000003,00000000,00000000,?,?,3D2007F9), ref: 0050F134
                                                                                            • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Fileclock$AllocatorAttributesCreateDebugHeap
                                                                                          • String ID: CMCEData::FlushToDisk()$Couldn't open a file to flush MCE data to disk: %s$_mAnnnYca@aM_$h-Z
                                                                                          • API String ID: 3526691834-3819927071
                                                                                          • Opcode ID: c250c6d348c6a577bac95d433ffd8b1c35fd8412c96bf1b7ac210eb878312dd3
                                                                                          • Instruction ID: 3fd365fe576ff881e40a2fa1f18d14bb5eaede2e8814e90bc3ea97a76a5821e3
                                                                                          • Opcode Fuzzy Hash: c250c6d348c6a577bac95d433ffd8b1c35fd8412c96bf1b7ac210eb878312dd3
                                                                                          • Instruction Fuzzy Hash: 62517C70E44318ABEB24DB64DC46BEAB774FB94700F0082ADE619672C1DF792A84CF54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042BA50 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 103memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042BAB7
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042BAF5
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,?,?,00546A44,data\images\maindlg\,?,?,00000000,3D2007F9), ref: 0042BB18
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042BB5A
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042BB73
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,data\images\iconList\Donwload more.png,?,?,?,?,data\images\maindlg\,?,?,00000000,3D2007F9), ref: 0042BB8C
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@Load@
                                                                                          • String ID: .png$DjT$data\images\iconList\Donwload more.png$data\images\maindlg\$hjT
                                                                                          • API String ID: 1315443971-1426787027
                                                                                          • Opcode ID: 63ff877031657792db247d9a936a25ea399475a3bfdccea501df931526568704
                                                                                          • Instruction ID: 9aea64ed7329b3882cf6f170faa9af34085fd95f1563ba52fd8e2e7100a3fcc6
                                                                                          • Opcode Fuzzy Hash: 63ff877031657792db247d9a936a25ea399475a3bfdccea501df931526568704
                                                                                          • Instruction Fuzzy Hash: 92412F71D00248DBCB04EFA5D946BDDBBB4FF19308F10456EE00177281DB786A04CBA9
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00423AA0 Relevance: 18.2, APIs: 12, Instructions: 179windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCursorInfo.USER32(00000014), ref: 00423AC4
                                                                                          • ScreenToClient.USER32 ref: 00423AD8
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                          • GetSystemMetrics.USER32 ref: 00423B06
                                                                                            • Part of subcall function 00425710: PtInRect.USER32(?,?,j:B), ref: 00425723
                                                                                            • Part of subcall function 004256C0: ClientToScreen.USER32(?,?), ref: 004256D1
                                                                                            • Part of subcall function 0040F0F0: SendMessageW.USER32(-0000012F,00000147,00000000,00000000), ref: 0040F106
                                                                                          • GetDC.USER32(?), ref: 00423BA1
                                                                                          • wcslen.MSVCR80 ref: 00423BBB
                                                                                          • GetTextExtentPoint32W.GDI32(?,?,00000000), ref: 00423BD3
                                                                                          • ReleaseDC.USER32 ref: 00423BEA
                                                                                          • GetSysColor.USER32(00000008), ref: 00423C1B
                                                                                          • GetSysColor.USER32(00000005), ref: 00423C29
                                                                                          • GetFocus.USER32 ref: 00423C35
                                                                                          • GetSysColor.USER32(0000000E), ref: 00423C5D
                                                                                          • GetSysColor.USER32(0000000D), ref: 00423C6B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Color$Client$RectScreen$CursorExtentFocusInfoMessageMetricsPoint32ReleaseSendSystemTextwcslen
                                                                                          • String ID:
                                                                                          • API String ID: 519587954-0
                                                                                          • Opcode ID: 68b8d88c38b866ff486e018222d65e7177b0f41f6485d8fbd56d5fb62895d0cc
                                                                                          • Instruction ID: f22ce369a6aeaae062fb2a03bc0b823762dbe8249e9956e86251b05f68baaa2a
                                                                                          • Opcode Fuzzy Hash: 68b8d88c38b866ff486e018222d65e7177b0f41f6485d8fbd56d5fb62895d0cc
                                                                                          • Instruction Fuzzy Hash: E6711A71A00528DBDB54DB59DC94BADB3B5FF88309F00819EE64AB7241DF346A84CF94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041D3A0 Relevance: 18.2, APIs: 12, Instructions: 178COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(?,3D2007F9,3D2007F9,3D2007F9), ref: 0041D427
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,3D2007F9,3D2007F9,3D2007F9), ref: 0041D453
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,?,3D2007F9,3D2007F9,3D2007F9), ref: 0041D478
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,?,3D2007F9,3D2007F9,3D2007F9), ref: 0041D48C
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,3D2007F9,3D2007F9,3D2007F9), ref: 0041D4B3
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,3D2007F9,3D2007F9,3D2007F9), ref: 0041D4DE
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,3D2007F9,3D2007F9,3D2007F9), ref: 0041D506
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,3D2007F9,3D2007F9,3D2007F9), ref: 0041D532
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041D557
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041D56B
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041D592
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041D5BD
                                                                                            • Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image@@$C__@@Draw@U3@_Utag$Width@$Height@$ClientRect
                                                                                          • String ID:
                                                                                          • API String ID: 800822957-0
                                                                                          • Opcode ID: 48e4cdac09fd2584f099d7bad379a9fdd4af48967efff26b200e1ab649f63517
                                                                                          • Instruction ID: 8b69319c21aec3ddee00cb00959702adc85bce415fb2168130725632d218664d
                                                                                          • Opcode Fuzzy Hash: 48e4cdac09fd2584f099d7bad379a9fdd4af48967efff26b200e1ab649f63517
                                                                                          • Instruction Fuzzy Hash: C671B3B5D002099FDB18EFA8D991BEEBBB5AF48304F20412EE515B7381DB342A45CF65
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00427CE0 Relevance: 18.2, APIs: 12, Instructions: 178COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(?,3D2007F9,3D2007F9,3D2007F9), ref: 00427D67
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,3D2007F9,3D2007F9,3D2007F9), ref: 00427D93
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,?,3D2007F9,3D2007F9,3D2007F9), ref: 00427DB8
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,?,3D2007F9,3D2007F9,3D2007F9), ref: 00427DCC
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,3D2007F9,3D2007F9,3D2007F9), ref: 00427DF3
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,3D2007F9,3D2007F9,3D2007F9), ref: 00427E1E
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,3D2007F9,3D2007F9,3D2007F9), ref: 00427E46
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,3D2007F9,3D2007F9,3D2007F9), ref: 00427E72
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 00427E97
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 00427EAB
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 00427ED2
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 00427EFD
                                                                                            • Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image@@$C__@@Draw@U3@_Utag$Width@$Height@$ClientRect
                                                                                          • String ID:
                                                                                          • API String ID: 800822957-0
                                                                                          • Opcode ID: b6bd07cf01ba62e802b571f8d655c4568c2d39ddbd4dbbe1bfe9d56e21751566
                                                                                          • Instruction ID: f6ed9efe224d68a9b909b935de08ee5f304caa566089b697421f12c23d6e5aa7
                                                                                          • Opcode Fuzzy Hash: b6bd07cf01ba62e802b571f8d655c4568c2d39ddbd4dbbe1bfe9d56e21751566
                                                                                          • Instruction Fuzzy Hash: F171D5B4E042099FDB18EFA8D991BEDBBB5AF48314F20412DE515B7381DB342A41CF65
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00406B70 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 325stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetClassNameW.USER32 ref: 00406BCD
                                                                                          • lstrcmpiW.KERNEL32(00000000,static), ref: 00406BE4
                                                                                            • Part of subcall function 00407320: GetWindowLongW.USER32(-00000004,000000F0), ref: 00407331
                                                                                            • Part of subcall function 00406840: GetWindowLongW.USER32(?,000000F0), ref: 0040684F
                                                                                          • LoadCursorW.USER32(00000000,00007F89), ref: 00406C72
                                                                                          • GetStockObject.GDI32(0000000D), ref: 00406CC9
                                                                                          • memset.MSVCR80 ref: 00406D0D
                                                                                          • CreateFontIndirectW.GDI32(00000000), ref: 00406D7E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: LongWindow$ClassCreateCursorFontIndirectLoadNameObjectStocklstrcmpimemset
                                                                                          • String ID: Anchor Color$Anchor Color Visited$Software\Microsoft\Internet Explorer\Settings$static
                                                                                          • API String ID: 537339791-2739629574
                                                                                          • Opcode ID: 99ecedde21c05c3d22bbeafe7e2b67f4cdb7fe62b879cd42fd35616c0f2689b9
                                                                                          • Instruction ID: 199e44e7be4628ee2e688c610ba56af09b0a08d7a3a9a70c30624c5daa12086b
                                                                                          • Opcode Fuzzy Hash: 99ecedde21c05c3d22bbeafe7e2b67f4cdb7fe62b879cd42fd35616c0f2689b9
                                                                                          • Instruction Fuzzy Hash: 45E14970A042689FDB64DB65CC49BAEB7B1AF04304F1042EAE54A772D2DB346EC4CF59
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004AAFD0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 254COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: clock$AllocatorDebugHeapfflushfwprintf
                                                                                          • String ID: CEffectStack::SelectEffect$Effect pointer is NULL.$No such effect found in stack$AN
                                                                                          • API String ID: 2739697835-3664681806
                                                                                          • Opcode ID: 221cc7908e8e233be853d1dd1845420aec90c9ea438a58ddf34726c8fe8ac0e0
                                                                                          • Instruction ID: 60628f8e65fa033cdeac9a30f19292ee3b75e2ecbf0df95034a13fcf3e9652a5
                                                                                          • Opcode Fuzzy Hash: 221cc7908e8e233be853d1dd1845420aec90c9ea438a58ddf34726c8fe8ac0e0
                                                                                          • Instruction Fuzzy Hash: FEB13A70E00208DFDB14DFA9C895BEEBBB5FF59314F10811EE415AB292DB786905CB98
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042BE80 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 150memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0042F960: _invalid_parameter_noinfo.MSVCR80(-0000003E,?,004AB3E0,00000000,0000000A,00000001,3D2007F9,000000FF,?,004AB79D), ref: 0042F974
                                                                                            • Part of subcall function 0042EB50: _DebugHeapAllocator.LIBCPMTD ref: 0042EB72
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042BF6C
                                                                                            • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042BFA5
                                                                                            • Part of subcall function 004167E0: _DebugHeapAllocator.LIBCPMTD ref: 004167EE
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042BFD7
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042C010
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042C02C
                                                                                          • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000400), ref: 0042C069
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042C079
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$DateFormat_invalid_parameter_noinfo
                                                                                          • String ID: Created by: $Creation date: $Name:
                                                                                          • API String ID: 553431348-3450390223
                                                                                          • Opcode ID: 4bfda6fdc8c21198e69a54fc5d2b9c39fa02466dd318dc752f6d55e0ead952cc
                                                                                          • Instruction ID: 5fc2a08bfe8f0e7e52b8d87671c27b870cbc3b2307980727d7fc78458b4ade09
                                                                                          • Opcode Fuzzy Hash: 4bfda6fdc8c21198e69a54fc5d2b9c39fa02466dd318dc752f6d55e0ead952cc
                                                                                          • Instruction Fuzzy Hash: 62610670A001199FCB14EF94C991BEEB7B5FF48314F1081ADE54AA7290DB34AE84CF95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 005139F0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 149memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,?,?,3D2007F9), ref: 00513A57
                                                                                          • ~_Mpunct.LIBCPMTD ref: 00513AF1
                                                                                            • Part of subcall function 004166C0: ?DestroyFrames@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166D3
                                                                                            • Part of subcall function 004166C0: ?Destroy@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166DB
                                                                                          • ??2@YAPAXI@Z.MSVCR80 ref: 00513B1A
                                                                                          • ??0CxImage@@QAE@ABV0@_N11@Z.CXIMAGECRT(?,00000001,00000001,00000001,00000000,?,?,3D2007F9), ref: 00513B48
                                                                                          • ~_Mpunct.LIBCPMTD ref: 00513B85
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00513A74
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                            • Part of subcall function 0050DF50: _DebugHeapAllocator.LIBCPMTD ref: 0050DF91
                                                                                            • Part of subcall function 0050DF50: _DebugHeapAllocator.LIBCPMTD ref: 0050DFAD
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00513BCC
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@$Mpunct$??2@DestroyDestroy@Frames@N11@V0@_
                                                                                          • String ID: %d.png$352x288$352x288
                                                                                          • API String ID: 1128305235-4221946874
                                                                                          • Opcode ID: 3d3a3092ae457ba20b6bf654cef30ca65db4711d383323e92277891cfebd2fe8
                                                                                          • Instruction ID: 81933645b3eb8f3328e915e61d60693adeebe1464ca0442654379e8e1d16d656
                                                                                          • Opcode Fuzzy Hash: 3d3a3092ae457ba20b6bf654cef30ca65db4711d383323e92277891cfebd2fe8
                                                                                          • Instruction Fuzzy Hash: F07116B0D01259DADB24EB64D899BEEBBB4BB04304F1086EDE419A72C1DB745F84CF94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004CBEE0 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 131memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004CBF12
                                                                                          • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 004CBF84
                                                                                          • wcscpy.MSVCR80 ref: 004CBFE6
                                                                                          • wcscat.MSVCR80 ref: 004CBFFF
                                                                                          • ShellExecuteW.SHELL32(00000000,open,?,00000000,00000000,00000001), ref: 004CC01C
                                                                                          • ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 004CC03D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExecuteShell$AllocatorDebugHeapwcscatwcscpy
                                                                                          • String ID: http://$open$open$open
                                                                                          • API String ID: 870699083-1670671321
                                                                                          • Opcode ID: ca002179536dc295ec003df3fa1833f5eb4852044638ad20bcc7b1ec441cdc63
                                                                                          • Instruction ID: 3e8dcf70f3840dcb798b1756a431e5f9af286e242471ef2a0f0bf540bfb12af5
                                                                                          • Opcode Fuzzy Hash: ca002179536dc295ec003df3fa1833f5eb4852044638ad20bcc7b1ec441cdc63
                                                                                          • Instruction Fuzzy Hash: C541E870940219AADB14EB91DC93FFF77B4AB14705F40452EFA03E72C1DB785A48CA95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 005047C0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0_Lockit@std@@QAE@H@Z.MSVCP80(00000000,3D2007F9,?,?,?,00000000,00538D49,000000FF,?,0050405E,?), ref: 005047EA
                                                                                          • ??Bid@locale@std@@QAEIXZ.MSVCP80(?,?,?,00000000,00538D49,000000FF,?,0050405E), ref: 00504804
                                                                                          • ?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z.MSVCP80(00538D49,?,?,?,00000000,00538D49,000000FF,?,0050405E), ref: 00504814
                                                                                          • ??1_Lockit@std@@QAE@XZ.MSVCP80(00585C98,00585C98), ref: 00504898
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Getfacet@locale@std@@Vfacet@12@
                                                                                          • String ID: ^@P$bad cast
                                                                                          • API String ID: 2261832285-3230263104
                                                                                          • Opcode ID: 3b2a1131cef9067ba1ac1022581be8c82768a399d86bdfc45b63dcb7fc16c2e6
                                                                                          • Instruction ID: 824bbbae0ea1dedba38b35fd60e665a14d2ea96d15b6e9388a122e9d75c37290
                                                                                          • Opcode Fuzzy Hash: 3b2a1131cef9067ba1ac1022581be8c82768a399d86bdfc45b63dcb7fc16c2e6
                                                                                          • Instruction Fuzzy Hash: 4631F9B4D04209DFDB08DFA5E845AAEBBB5FF58310F108A2AE922A33D0DB745905DF50
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00499B60 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0_Lockit@std@@QAE@H@Z.MSVCP80(00000000,3D2007F9,?,00495099,00531878,000000FF,?,004968AA,00495099,?), ref: 00499B8A
                                                                                          • ??Bid@locale@std@@QAEIXZ.MSVCP80(?,00495099,00531878,000000FF,?,004968AA,00495099,?), ref: 00499BA5
                                                                                          • ?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z.MSVCP80(?,?,00495099,00531878,000000FF,?,004968AA,00495099,?), ref: 00499BB5
                                                                                          • ??1_Lockit@std@@QAE@XZ.MSVCP80(?,?,00495099), ref: 00499C3A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Getfacet@locale@std@@Vfacet@12@
                                                                                          • String ID: bad cast
                                                                                          • API String ID: 2261832285-3145022300
                                                                                          • Opcode ID: e8d9317ff7b667e4345a0d9ab4755c0ed9f6fbdd2f1abd810e1704a9855df511
                                                                                          • Instruction ID: ac16ab481d142800d0c9b8599a912b67046f6ada141286fa39e373667d809841
                                                                                          • Opcode Fuzzy Hash: e8d9317ff7b667e4345a0d9ab4755c0ed9f6fbdd2f1abd810e1704a9855df511
                                                                                          • Instruction Fuzzy Hash: 9A31FDB4D04219DFDF04DF98EC44AAEBBB5FB58310F10862AE922A33A0D7785905DF55
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00403D80 Relevance: 16.9, APIs: 11, Instructions: 407COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image$Ipow
                                                                                          • String ID:
                                                                                          • API String ID: 2361920412-0
                                                                                          • Opcode ID: ae5365c12a2100a1903be52b5529a37c0f6dfca9bd181234086edb2fe99e62fb
                                                                                          • Instruction ID: 2a68433d30ada8fa05db26af022ad57aeecc5f41bf496e9e98d865bd8f4dde78
                                                                                          • Opcode Fuzzy Hash: ae5365c12a2100a1903be52b5529a37c0f6dfca9bd181234086edb2fe99e62fb
                                                                                          • Instruction Fuzzy Hash: 180255B0608301CFC314DF29D585A5ABBF1FF88304F11899DE9999B2A6D731E865CF86
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00421CF0 Relevance: 16.8, APIs: 11, Instructions: 266windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetWindowDC.USER32(?,3D2007F9), ref: 00421D28
                                                                                          • memset.MSVCR80 ref: 00421D39
                                                                                          • SendMessageW.USER32(?,0000104B,00000000,0000000A), ref: 00421D6A
                                                                                          • GetFocus.USER32(00000000,?,?,?,?), ref: 00421DBA
                                                                                          • FillRect.USER32 ref: 00421DFA
                                                                                          • FillRect.USER32 ref: 00421E4F
                                                                                          • FillRect.USER32 ref: 00421EA1
                                                                                          • FillRect.USER32 ref: 00421F01
                                                                                            • Part of subcall function 00418B80: CreateSolidBrush.GDI32(3D2007F9), ref: 00418B8B
                                                                                            • Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805
                                                                                          • FillRect.USER32 ref: 00421F86
                                                                                          • FillRect.USER32 ref: 00421FE4
                                                                                          • FillRect.USER32 ref: 00422050
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: FillRect$BrushCreateFocusMessageSendSolidWindowmemset
                                                                                          • String ID:
                                                                                          • API String ID: 3296630587-0
                                                                                          • Opcode ID: bd8db1096d9cabbb8c9f779fe1f9d4af00673308db442fb5e711c755f01d8847
                                                                                          • Instruction ID: 1f0a01801004120218575c110c1400e9efd9d02beb715d72da90ce3cbae75a6f
                                                                                          • Opcode Fuzzy Hash: bd8db1096d9cabbb8c9f779fe1f9d4af00673308db442fb5e711c755f01d8847
                                                                                          • Instruction Fuzzy Hash: EAB126B0A042189FCB04EFE9CD91BDEBB74BF54308F10815EE106AB295DF346A85CB44
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004087B0 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 464memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetSystemMetrics.USER32 ref: 004087E6
                                                                                            • Part of subcall function 0040DA70: SetWindowPos.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,0040880B,?,?,0040880B,00000000,00000000,00000000,000001E2,-0000012B), ref: 0040DA95
                                                                                            • Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD
                                                                                            • Part of subcall function 00406670: GetParent.USER32 ref: 0040669A
                                                                                            • Part of subcall function 00406670: GetWindowRect.USER32 ref: 004066C0
                                                                                            • Part of subcall function 00406670: GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
                                                                                            • Part of subcall function 00406670: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D
                                                                                            • Part of subcall function 004CB5F0: SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004CB626
                                                                                            • Part of subcall function 004CB5F0: _wmkdir.MSVCR80 ref: 004CB633
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                            • Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                                          • MoveWindow.USER32(00000000,?,00000485,00000015,0000002D,00000052,00000017,00000000,00000117,000000C6,000000AF,00000017,00000001,00000000,?,0000048A), ref: 00408C6C
                                                                                          • MoveWindow.USER32(00000000,?,0000048B,0000011C,00000104,00000058,00000017,00000000), ref: 00408CA4
                                                                                          • MoveWindow.USER32(00000000,?,0000048C,0000017A,00000104,00000058,00000017,00000000), ref: 00408CDC
                                                                                          • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00408D50
                                                                                          • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00408DF3
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00408E57
                                                                                          Strings
                                                                                          • \ManyCam\TempBackgroundPreview, xrefs: 00408853
                                                                                          • http://manycam.com/help/effects, xrefs: 00408A61
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$AllocatorDebugHeapMove$ParentSystem$Base::Concurrency::details::Concurrency::task_options::get_schedulerFileFindFirstFolderInfoLongMetricsParametersPathPolicyRectSchedulerSpecial_wmkdir
                                                                                          • String ID: \ManyCam\TempBackgroundPreview$http://manycam.com/help/effects
                                                                                          • API String ID: 802195438-2992585156
                                                                                          • Opcode ID: ad0380625fa3cecf4b5e51684995b29088e82c278d6510ee7f53ab51bdbc22ca
                                                                                          • Instruction ID: 373e2faf4f294b9354e902988eb878b0a96774ffebd8d1961b2fcec7c08dd6c9
                                                                                          • Opcode Fuzzy Hash: ad0380625fa3cecf4b5e51684995b29088e82c278d6510ee7f53ab51bdbc22ca
                                                                                          • Instruction Fuzzy Hash: 11121F70A041189BEB24EB55CD91BED7775AF44308F0044EEA20E7B2C2DE796E94CF69
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004099E0 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 433memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.MSVCR80 ref: 00409A4E
                                                                                            • Part of subcall function 0040F0F0: SendMessageW.USER32(-0000012F,00000147,00000000,00000000), ref: 0040F106
                                                                                          • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00409AD9
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00409B1D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorBase::Concurrency::details::DebugHeapMessagePolicySchedulerSendmemset
                                                                                          • String ID: New category...$mce
                                                                                          • API String ID: 1679045135-800315401
                                                                                          • Opcode ID: 84cff37b60f26b6a8f6ffd572ec932ad64bfde54e516b5dd0315aff2655b6aaf
                                                                                          • Instruction ID: f62fc7b589a48f9eaf1a8544f81ff00b290309f3dd4f0067dcca3c15644f716f
                                                                                          • Opcode Fuzzy Hash: 84cff37b60f26b6a8f6ffd572ec932ad64bfde54e516b5dd0315aff2655b6aaf
                                                                                          • Instruction Fuzzy Hash: B5121D719012199BCB24EB65CC99BAEB7B5AF44304F1041EEE10AB72D1DB386F84CF59
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004D1350 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 253COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          • GetTickCount.KERNEL32 ref: 004D1414
                                                                                          • GetTickCount.KERNEL32 ref: 004D1444
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D14CE
                                                                                            • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                          Strings
                                                                                          • Playback mode is now %s., xrefs: 004D165E
                                                                                          • CPlayList::SetPlaybackMode (%s), xrefs: 004D1387
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: CountTickclock$AllocatorConcurrency::cancellation_token_source::~cancellation_token_sourceDebugHeap
                                                                                          • String ID: CPlayList::SetPlaybackMode (%s)$Playback mode is now %s.
                                                                                          • API String ID: 1115989059-4040813284
                                                                                          • Opcode ID: 263e4469555b9ead60d827bbea961355ac1bf97b033ce6d991a803799773ecf7
                                                                                          • Instruction ID: 9d0510614a657932bc22ac5f2c18324a99722429085df9436aa323c14c0834bd
                                                                                          • Opcode Fuzzy Hash: 263e4469555b9ead60d827bbea961355ac1bf97b033ce6d991a803799773ecf7
                                                                                          • Instruction Fuzzy Hash: 66B14CB0E04218EFDB04DFD8C8A5BAEBBB1BF44308F10815EE8066B395DB789945CB55
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004FDD50 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 208COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004FDD7B
                                                                                          • CreateCompatibleDC.GDI32(?), ref: 004FDD88
                                                                                          • DeleteDC.GDI32(?), ref: 004FDD95
                                                                                          • SelectObject.GDI32(?,?), ref: 004FDDB5
                                                                                          • SetTextColor.GDI32(?,00FFFFFF), ref: 004FDDC4
                                                                                          • SetBkMode.GDI32(?,00000001), ref: 004FDDD0
                                                                                          • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 004FDDF0
                                                                                          • DeleteDC.GDI32(?), ref: 004FDFE5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateDeleteText$ColorCompatibleExtentModeObjectPoint32Select
                                                                                          • String ID: DISPLAY
                                                                                          • API String ID: 3855463398-865373369
                                                                                          • Opcode ID: a17c048ec258222c9a86cc67a859632730d6d2e845b0f01fbc17398debbc4801
                                                                                          • Instruction ID: d95d168641b09fe78f52c418a5697b693f5132f5c2859f4ac5e458e3bdc62c5a
                                                                                          • Opcode Fuzzy Hash: a17c048ec258222c9a86cc67a859632730d6d2e845b0f01fbc17398debbc4801
                                                                                          • Instruction Fuzzy Hash: AE913270E01219EFDB04CF94E988AEEBBB2FF98300F214295E5567B295C33459A2CF54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042C210 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 156memoryfileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0042F960: _invalid_parameter_noinfo.MSVCR80(-0000003E,?,004AB3E0,00000000,0000000A,00000001,3D2007F9,000000FF,?,004AB79D), ref: 0042F974
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • GetActiveWindow.USER32 ref: 0042C327
                                                                                            • Part of subcall function 00413FB0: ??2@YAPAXI@Z.MSVCR80 ref: 00413FD7
                                                                                            • Part of subcall function 00413FB0: Concurrency::details::GlobalCore::TopologyObject::TopologyObject.LIBCMTD ref: 00413FF6
                                                                                            • Part of subcall function 004CB2C0: _DebugHeapAllocator.LIBCPMTD ref: 004CB2DC
                                                                                          • CopyFileW.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 0042C370
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                          • wcslen.MSVCR80 ref: 0042C413
                                                                                            • Part of subcall function 0040EDB0: _DebugHeapAllocator.LIBCPMTD ref: 0040EDE7
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042C457
                                                                                            • Part of subcall function 004CC090: memset.MSVCR80 ref: 004CC0AE
                                                                                            • Part of subcall function 004CC090: memset.MSVCR80 ref: 004CC0CB
                                                                                            • Part of subcall function 004CC090: wcscpy.MSVCR80 ref: 004CC0DF
                                                                                            • Part of subcall function 004CC090: wcscat.MSVCR80 ref: 004CC0F8
                                                                                            • Part of subcall function 004CC090: CreateProcessW.KERNEL32 ref: 004CC124
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Topologymemset$??2@ActiveConcurrency::details::CopyCore::CreateFileGlobalObjectObject::ProcessWindow_invalid_parameter_noinfowcscatwcscpywcslen
                                                                                          • String ID: .mce$Do you want to open the folder where you saved the effect?$Effect file (*.mce)$ManyCam Virtual Webcam$mce
                                                                                          • API String ID: 4229144189-31463061
                                                                                          • Opcode ID: c8ce9ba4c6ac3e6fa5cccc0376bda836f198ede4cd0e84537055311324007d24
                                                                                          • Instruction ID: 755dc5116854decbce9ee1598fe2735ff65fd65bd7c172bae2ad841472dafe18
                                                                                          • Opcode Fuzzy Hash: c8ce9ba4c6ac3e6fa5cccc0376bda836f198ede4cd0e84537055311324007d24
                                                                                          • Instruction Fuzzy Hash: 387158B1D005289EDB24EB64DC95BEFBBB4AF49309F0041EEE509A7281DB345E88CF55
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0050E050 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 116memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0050E09D
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0050E0C5
                                                                                            • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4E3
                                                                                            • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4FF
                                                                                          • ??0CxImage@@QAE@PAEKK@Z.CXIMAGECRT(&<Q,?,00000000,?,?,?,&<Q), ref: 0050E12E
                                                                                          • ?Encode2RGBA@CxImage@@QAE_NAAPAEAAJ_N@Z.CXIMAGECRT(00000000,00000000,00000000,&<Q,?,00000000,?,?,?,&<Q), ref: 0050E155
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,&<Q,?,00000000,?,?,?,&<Q), ref: 0050E160
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,&<Q,?,00000000,?,?,?,&<Q), ref: 0050E16C
                                                                                          • ??3@YAXPAX@Z.MSVCR80 ref: 0050E1B7
                                                                                          • ~_Mpunct.LIBCPMTD ref: 0050E1D3
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeapImage@@$??3@Encode2Height@MpunctWidth@
                                                                                          • String ID: &<Q
                                                                                          • API String ID: 2867035028-2887711709
                                                                                          • Opcode ID: fbbaa05d77a0a2c3aee7ba4de5523e50d8f2c9dc1e9e8a6a3e8fff9c4fd9968c
                                                                                          • Instruction ID: 4fa1d1e2ea6a526748637154a1db03ed3227427cf2602f353b57d12039db24cc
                                                                                          • Opcode Fuzzy Hash: fbbaa05d77a0a2c3aee7ba4de5523e50d8f2c9dc1e9e8a6a3e8fff9c4fd9968c
                                                                                          • Instruction Fuzzy Hash: 175137B1D00259AFDB14EF54CC46BEEBBB8AF54304F1082ADE519A7281DB746B84CF90
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004197E0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 80memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0041987F
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004198BD
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,0000047D,00000046,0053E730,data\images\backgroundControl\background\,00000046,?,?,3D2007F9,?,0000047D,00000023,00000046), ref: 004198E0
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@Load@
                                                                                          • String ID: .png$0S$LS$`S$data\images\backgroundControl\background\$S
                                                                                          • API String ID: 1315443971-3997788365
                                                                                          • Opcode ID: 02809580c12525f98958325a7bfa43803c747b7b9b7e3c1d56384f9c16ba48a1
                                                                                          • Instruction ID: c255484564948487ca09c12a6e8e79ec8d091f34d803f33d82e763e2732db065
                                                                                          • Opcode Fuzzy Hash: 02809580c12525f98958325a7bfa43803c747b7b9b7e3c1d56384f9c16ba48a1
                                                                                          • Instruction Fuzzy Hash: B13114B1D11288EBDB08EF95D886BDEBBF4FB05308F10452EE4117B281DB741949CB99
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041FDA0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 77memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0041FE2A
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0041FE68
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,?,?,005429BC,data\images\maindlg\,?,?,?,3D2007F9), ref: 0041FE8B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@Load@
                                                                                          • String ID: .png$0*T$P*T$data\images\maindlg\$t*T$)T
                                                                                          • API String ID: 1315443971-2295826820
                                                                                          • Opcode ID: b28412237c5bc7e99220c79d57fe91d3a5a16ad0d12286994cfe2e3a1bceef49
                                                                                          • Instruction ID: f5b459e8cabe00e602950f671fa5acb7728e02973b21c567d8fe0f45fcb8015d
                                                                                          • Opcode Fuzzy Hash: b28412237c5bc7e99220c79d57fe91d3a5a16ad0d12286994cfe2e3a1bceef49
                                                                                          • Instruction Fuzzy Hash: 353137B1D01258ABCB18DF95E985BDDBBB4FF04308F50452EF41677281CBB81A09CB99
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00504470 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0_Lockit@std@@QAE@H@Z.MSVCP80(00000000,3D2007F9,?,00538D19,000000FF,?,005028F6,?,?,00000000,00000001), ref: 0050449A
                                                                                          • ??Bid@locale@std@@QAEIXZ.MSVCP80(?,005028F6,?,?,00000000), ref: 005044B4
                                                                                          • ?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z.MSVCP80(005028F6,?,005028F6,?,?,00000000), ref: 005044C4
                                                                                          • ??1_Lockit@std@@QAE@XZ.MSVCP80(00585C98,00585C98), ref: 00504548
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Getfacet@locale@std@@Vfacet@12@
                                                                                          • String ID: bad cast
                                                                                          • API String ID: 2261832285-3145022300
                                                                                          • Opcode ID: 923687adefb6f0c19f08b85b92506c3169178af31264b40b8c27a0d15710eb83
                                                                                          • Instruction ID: daf008f5657916d2d0eedf94b6e793cb89aacae9b3ddac5973414a6306a2ac1a
                                                                                          • Opcode Fuzzy Hash: 923687adefb6f0c19f08b85b92506c3169178af31264b40b8c27a0d15710eb83
                                                                                          • Instruction Fuzzy Hash: CE31F7B5D04209DFDB18DFA4EC45AAEBBB4FB58310F10862AE922A33D0DB745945DF50
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 005005B0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 64COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.MSVCR80 ref: 005005BE
                                                                                          • GetDC.USER32(00000000), ref: 005005E7
                                                                                          • CreateCompatibleDC.GDI32(?), ref: 005005F4
                                                                                          • CreateDIBSection.GDI32(?,00000028,00000000,004FFD12,00000000,00000000), ref: 00500611
                                                                                          • SelectObject.GDI32(?,?), ref: 00500624
                                                                                          • CreateSolidBrush.GDI32(00646464), ref: 0050062F
                                                                                          • FillRect.USER32 ref: 00500660
                                                                                          • DeleteObject.GDI32(?), ref: 0050066A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Create$Object$BrushCompatibleDeleteFillRectSectionSelectSolidmemset
                                                                                          • String ID: (
                                                                                          • API String ID: 350534114-3887548279
                                                                                          • Opcode ID: 3e1382d06632c1444c66c9e23b0b1d57039686e8e7ec12f8ecdf2cdf2c9d43f5
                                                                                          • Instruction ID: 6b77fbc94f0777f5953b629b7868787099419c0b5001c060241ffebfa8b2f360
                                                                                          • Opcode Fuzzy Hash: 3e1382d06632c1444c66c9e23b0b1d57039686e8e7ec12f8ecdf2cdf2c9d43f5
                                                                                          • Instruction Fuzzy Hash: FE21E9B5900308EFDB04DF94D888B9EBBB5FF88301F108119FA05A7390D7759A09DB61
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00402680 Relevance: 15.4, APIs: 10, Instructions: 409COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • cvSet.CXCORE099(?,?,?,?,?,?,00000000), ref: 004026F7
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 00402755
                                                                                          • _CIsqrt.MSVCR80 ref: 004027F6
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 00402852
                                                                                          • cvSet2D.CXCORE099(?,?,?), ref: 004028DB
                                                                                          • cvGEMM.CXCORE099(?,?,?,00000000,?,00000000), ref: 00402925
                                                                                          • cvSet2D.CXCORE099(?,?,?), ref: 0040299E
                                                                                          • cvGEMM.CXCORE099(?,?,?,00000000,?,00000000), ref: 00402A4D
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 00402ADA
                                                                                          • cvLine.CXCORE099(?,?,?,?,?), ref: 00402B4D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Set2$IsqrtLine
                                                                                          • String ID:
                                                                                          • API String ID: 2296038289-0
                                                                                          • Opcode ID: 5380ecd6c58ae11980828ad1f4b84ea6df1e54ba14efa23bf64b0481e8ed7457
                                                                                          • Instruction ID: 98af563dca7e08dae4733c818569099b16958337ef14baff457f1a71e3476642
                                                                                          • Opcode Fuzzy Hash: 5380ecd6c58ae11980828ad1f4b84ea6df1e54ba14efa23bf64b0481e8ed7457
                                                                                          • Instruction Fuzzy Hash: C8F16CB1A05601DFC305AF60D589A6ABFF0FF84740F614D88E4D5262A9E731D8B5CF86
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004057D0 Relevance: 15.1, APIs: 10, Instructions: 88COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,00000000), ref: 004057DA
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,00000000), ref: 004057EC
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,00000000), ref: 004057FE
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405810
                                                                                            • Part of subcall function 004053A0: cvSet.CXCORE099(?,?,?,?,00000000,?,FFFFFFFE,?,00405829), ref: 004053C2
                                                                                            • Part of subcall function 004055D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,FFFFFFFE,?,?,?,00405837,?), ref: 004055E2
                                                                                            • Part of subcall function 004055D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,FFFFFFFE,?,?,?,00405837,?), ref: 004055F4
                                                                                            • Part of subcall function 004055D0: cvGEMM.CXCORE099(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFE), ref: 00405639
                                                                                            • Part of subcall function 004055D0: cvSet.CXCORE099(?), ref: 00405662
                                                                                            • Part of subcall function 004055D0: _CIcos.MSVCR80 ref: 004056A5
                                                                                            • Part of subcall function 004055D0: _CIsin.MSVCR80 ref: 004056BA
                                                                                            • Part of subcall function 00405740: cvSet.CXCORE099(?,?,?,?,00000000,?,FFFFFFFE,?,00405847), ref: 00405762
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 0040586A
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 00405895
                                                                                          • cvReleaseMat.CXCORE099(?), ref: 004058A2
                                                                                          • cvReleaseMat.CXCORE099(?), ref: 004058AF
                                                                                          • cvReleaseMat.CXCORE099(?), ref: 004058BC
                                                                                          • cvReleaseMat.CXCORE099(?), ref: 004058C9
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Create$Release$IcosIsin
                                                                                          • String ID:
                                                                                          • API String ID: 2101255812-0
                                                                                          • Opcode ID: ca56298a2f5984f68f116382747911cee6aa4628ff14558b2bd9ab42edaa6797
                                                                                          • Instruction ID: 0f02d04bed9878b01ec6eb7d24bee74ec2e50252446297c38aea4db588333580
                                                                                          • Opcode Fuzzy Hash: ca56298a2f5984f68f116382747911cee6aa4628ff14558b2bd9ab42edaa6797
                                                                                          • Instruction Fuzzy Hash: E5215CB0A05702ABD610FB649C4BB1BBBA0AFC4704F444D2CFA94662C1EA71D528CB97
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004888F0 Relevance: 15.1, APIs: 10, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(3D2007F9,?,?,?,?,?,?,00530C89,000000FF), ref: 00488924
                                                                                          • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 00488936
                                                                                          • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 00488941
                                                                                          • ?capacity@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 00488952
                                                                                          • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 0048895D
                                                                                          • ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z.MSVCP80(00000000,00000000,?,?,?,?,00530C89,000000FF), ref: 0048897B
                                                                                          • ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z.MSVCP80(?,?,?,?,?,00530C89,000000FF), ref: 00488998
                                                                                          • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 004889A8
                                                                                          • ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z.MSVCP80(00000000,00000000,?,?,?,?,00530C89,000000FF), ref: 004889B7
                                                                                          • ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z.MSVCP80(00000000,?,?,?,?,00530C89,000000FF), ref: 004889C6
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$?append@?$basic_string@_V12@$?size@?$basic_string@D@2@@std@@D@std@@Myptr@?$basic_string@_U?$char_traits@V?$allocator@$??0?$basic_string@_??1?$basic_string@_?capacity@?$basic_string@_V12@@
                                                                                          • String ID:
                                                                                          • API String ID: 2582929383-0
                                                                                          • Opcode ID: 99d232171a17d203477813e664fcae17ef49d5089341ea70655ec06df161d3e9
                                                                                          • Instruction ID: cf8cf326054b3b9829f24e0287d30cae8bbcd3a7b8d77b238681494193127ac1
                                                                                          • Opcode Fuzzy Hash: 99d232171a17d203477813e664fcae17ef49d5089341ea70655ec06df161d3e9
                                                                                          • Instruction Fuzzy Hash: 62316F75900118EFDB04EF64D844AADBBB6FF98350F00852AF91697390DB349D45CF84
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00426830 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 282COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                            • Part of subcall function 004DBD20: Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 004DBD89
                                                                                            • Part of subcall function 0041AA10: SendMessageW.USER32(?,000000F1,?,00000000), ref: 0041AA28
                                                                                          • EnableWindow.USER32(00000000,?), ref: 00426AE5
                                                                                          • EnableWindow.USER32(00000000,?), ref: 00426B0B
                                                                                          • EnableWindow.USER32(00000000,?), ref: 00426B31
                                                                                            • Part of subcall function 00406640: GetDlgItem.USER32 ref: 00406651
                                                                                          • EnableWindow.USER32(00000000,?), ref: 00426BA2
                                                                                          • EnableWindow.USER32(00000000,?), ref: 00426BC8
                                                                                          • EnableWindow.USER32(00000000,?), ref: 00426BEE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: EnableWindow$AllocatorBase::Concurrency::details::DebugHeapItemMessagePolicySchedulerSend
                                                                                          • String ID: Date & Time$Date & Time
                                                                                          • API String ID: 619755922-1824290
                                                                                          • Opcode ID: a5128ecf2bfc12e82fa0dba930c93669bde01c1fa38846d0eea276c6fef756bf
                                                                                          • Instruction ID: 7e53ba8ca3602d55db941a0292c8f540ac9753e8b76add4a113b5e3c50ff2c41
                                                                                          • Opcode Fuzzy Hash: a5128ecf2bfc12e82fa0dba930c93669bde01c1fa38846d0eea276c6fef756bf
                                                                                          • Instruction Fuzzy Hash: 78B12CB0E002199FDF08EFE5DD56AAEB7B5EF44308F40452EE202B7281DB785A54CB59
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004013A0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 261COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • cvCvtColor.CV099(?,?,00000007), ref: 0040147C
                                                                                          • cvError.CXCORE099(000000FB,cvCylInitModel,Invalid input frame.,.\src\cyltracker.cpp,00000126), ref: 00401675
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ColorError
                                                                                          • String ID: .\src\cyltracker.cpp$Invalid input frame.$Invalid model parameters were specified.$Null pointer to tracker context.$cvCylInitModel
                                                                                          • API String ID: 4088650746-2904168572
                                                                                          • Opcode ID: 839d2cbad712c6fb12a95abb139124923537f8022364e14e69f8706239253386
                                                                                          • Instruction ID: 1c253823393e59d8f389e9ec3cb6c3af1bef9396372c058acdeb4534553bb085
                                                                                          • Opcode Fuzzy Hash: 839d2cbad712c6fb12a95abb139124923537f8022364e14e69f8706239253386
                                                                                          • Instruction Fuzzy Hash: 0D81E5B2F04202ABC7027E50D9457DA7BA4FB80794F214E99E9DA711F5F33588718EC9
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004F1030 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 220COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: fseek$ftell
                                                                                          • String ID: zS
                                                                                          • API String ID: 1687442226-3280143790
                                                                                          • Opcode ID: e640e00341aeb39dc5ad3ada3b11ef7366c8acaf58e60699a3a6dc06e33046a1
                                                                                          • Instruction ID: d51d2314559d3de73f7ebb59d383f0640d42414dd441d265d43309b2b2205bb6
                                                                                          • Opcode Fuzzy Hash: e640e00341aeb39dc5ad3ada3b11ef7366c8acaf58e60699a3a6dc06e33046a1
                                                                                          • Instruction Fuzzy Hash: 409126B1E00249ABDB04DFD4DC92BFFBB71BF44300F10455AE611AB291DB796901CB99
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004D1BE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 215COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D1D02
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D1D45
                                                                                            • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                          Strings
                                                                                          • CPlayList::ActivatePlayList (%s), xrefs: 004D1C12
                                                                                          • Couldn't activate item., xrefs: 004D1E4F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Concurrency::cancellation_token_source::~cancellation_token_sourceclock$AllocatorDebugHeap
                                                                                          • String ID: CPlayList::ActivatePlayList (%s)$Couldn't activate item.
                                                                                          • API String ID: 666216686-3135489573
                                                                                          • Opcode ID: 86a6ea1d549f1e14cb2df91f30b70f8bdc6fa07100872fae78ce2dc3a5dbc7fd
                                                                                          • Instruction ID: e5225bd3be3d0e3e30ba9f0653f38cf39164d32131126bfff1481db119ea4a1f
                                                                                          • Opcode Fuzzy Hash: 86a6ea1d549f1e14cb2df91f30b70f8bdc6fa07100872fae78ce2dc3a5dbc7fd
                                                                                          • Instruction Fuzzy Hash: 02A1E770D00208DFDB14DFA9C995BEDBBB1BF09318F20815EE4196B392DB786A45CB94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004C9500 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 211COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004AD340: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004AD389
                                                                                          • wcscpy.MSVCR80 ref: 004C9586
                                                                                          • wcscpy.MSVCR80 ref: 004C960C
                                                                                          • _Smanip.LIBCPMTD ref: 004C9650
                                                                                          • _Smanip.LIBCPMTD ref: 004C969B
                                                                                          • fabs.MSVCR80 ref: 004C9759
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Smanipwcscpy$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_fabs
                                                                                          • String ID: ManyCam Options$ManyCam Video Driver
                                                                                          • API String ID: 3043553602-2679671152
                                                                                          • Opcode ID: d8f914545a6770cd3ec1de607a9825b7542528df8afbb8bee092f4a7228edef5
                                                                                          • Instruction ID: 1960ef59aa6a2aae985edd86a644215036cafca125c540dc4a2acd471f05383e
                                                                                          • Opcode Fuzzy Hash: d8f914545a6770cd3ec1de607a9825b7542528df8afbb8bee092f4a7228edef5
                                                                                          • Instruction Fuzzy Hash: 65A14275900118DBCB54EF94DD99BEEB7B4BB48304F1081EEE00A67291DB391E98CF68
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004B2740 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 210memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CoTaskMemFree.OLE32(00000000,00000000), ref: 004B2816
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004B280A
                                                                                            • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004B284D
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004B287B
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004B2926
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004B2938
                                                                                          Strings
                                                                                          • ConnectionMediaType:, xrefs: 004B29CD
                                                                                          • - PIN Id=%s Name=%s Dir=%s ConnectedTo=%s (%s), xrefs: 004B29AF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$FreeTask
                                                                                          • String ID: - PIN Id=%s Name=%s Dir=%s ConnectedTo=%s (%s)$ConnectionMediaType:
                                                                                          • API String ID: 2977454536-3767152877
                                                                                          • Opcode ID: 7365bd653b06ff7014c07b105e705209bc8ea7cbefe77dba3365ebff6c9963ec
                                                                                          • Instruction ID: 9de56078743278097fdae2ef512013b449c6826a7b1472736913757348bad0bc
                                                                                          • Opcode Fuzzy Hash: 7365bd653b06ff7014c07b105e705209bc8ea7cbefe77dba3365ebff6c9963ec
                                                                                          • Instruction Fuzzy Hash: 77A114719041189FCB29EB65CD84BDEB7B4AF49304F5081DAE00AA7291DB746F88CFA4
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004B91B0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 152memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004B91FE
                                                                                            • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004B921B
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004B9286
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004B9292
                                                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004B9346
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004B937C
                                                                                            • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_clock
                                                                                          • String ID: CManyCamGraphMgr::AddFileInput$FILE%d
                                                                                          • API String ID: 2060279746-2550898069
                                                                                          • Opcode ID: 554f504c3c04030db831f41dac86bb6fd15d60918f1d20abac47e38e3ad480d2
                                                                                          • Instruction ID: f87271521a58759e14b5fc00be8376ac9ef0cf63084c1a11c79c4c9345c79b8d
                                                                                          • Opcode Fuzzy Hash: 554f504c3c04030db831f41dac86bb6fd15d60918f1d20abac47e38e3ad480d2
                                                                                          • Instruction Fuzzy Hash: 97616D70901248EFCB04EF95C995BDEBBB4BF14308F10856EF4166B2D2DB786A09CB95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004055D0 Relevance: 13.6, APIs: 9, Instructions: 127COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,FFFFFFFE,?,?,?,00405837,?), ref: 004055E2
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,FFFFFFFE,?,?,?,00405837,?), ref: 004055F4
                                                                                            • Part of subcall function 00405430: cvSet.CXCORE099(?,?,?,?,?,?,?,00000000,?,?,00405609,00000000,?,?,?,?), ref: 00405455
                                                                                            • Part of subcall function 00405430: _CIcos.MSVCR80 ref: 004054AB
                                                                                            • Part of subcall function 00405430: _CIsin.MSVCR80 ref: 004054C0
                                                                                            • Part of subcall function 00405430: _CIcos.MSVCR80 ref: 00405513
                                                                                            • Part of subcall function 00405430: _CIsin.MSVCR80 ref: 00405528
                                                                                          • cvGEMM.CXCORE099(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFE), ref: 00405639
                                                                                          • cvSet.CXCORE099(?), ref: 00405662
                                                                                          • _CIcos.MSVCR80 ref: 004056A5
                                                                                          • _CIsin.MSVCR80 ref: 004056BA
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 00405714
                                                                                          • cvReleaseMat.CXCORE099(?), ref: 00405721
                                                                                          • cvReleaseMat.CXCORE099(?), ref: 0040572E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: IcosIsin$CreateRelease
                                                                                          • String ID:
                                                                                          • API String ID: 2556766011-0
                                                                                          • Opcode ID: 19b278f26bd2affd4bf5088c6fcf34e39657aa1821ccb0a828da2a4a6fc568fd
                                                                                          • Instruction ID: f31050a243995d0c5443df83b4ae895e9b552899debfb7c8d2f859130b8e0e61
                                                                                          • Opcode Fuzzy Hash: 19b278f26bd2affd4bf5088c6fcf34e39657aa1821ccb0a828da2a4a6fc568fd
                                                                                          • Instruction Fuzzy Hash: 8F416AB0A05701DBD310EF24E98AA1ABBB0FF84704F814D98F5D557296DB31E839CB96
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004A7F40 Relevance: 13.6, APIs: 9, Instructions: 127COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Delete
                                                                                          • String ID:
                                                                                          • API String ID: 1035893169-0
                                                                                          • Opcode ID: 027381e0a8d9cc06f36ac8957b2692d02a27fb112fce139c5847b74b9e663b06
                                                                                          • Instruction ID: 84041e226b1c2fd87843b1158a64503d8b67fa0500779cb20a2bc36cc8881071
                                                                                          • Opcode Fuzzy Hash: 027381e0a8d9cc06f36ac8957b2692d02a27fb112fce139c5847b74b9e663b06
                                                                                          • Instruction Fuzzy Hash: 8D512FB0914209ABEB04EFA4CD56FEEBB74AF14314F20412AF511772D1DB786E44CB69
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00403140 Relevance: 13.6, APIs: 9, Instructions: 124COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00402BB0: cvCreateImage.CXCORE099(?,?,00000008,00000001,?,?,00403181,?,?), ref: 00402BC0
                                                                                            • Part of subcall function 00402BB0: cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,00000000,?,0040120F), ref: 00402BD4
                                                                                            • Part of subcall function 00402BB0: cvCreateImage.CXCORE099(?,?,00000020,00000003,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BE9
                                                                                            • Part of subcall function 00402BB0: cvReleaseImage.CXCORE099(?,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BFE
                                                                                            • Part of subcall function 00402BB0: cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C10
                                                                                            • Part of subcall function 00402BB0: cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C22
                                                                                          • cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,0040120F), ref: 00403198
                                                                                          • cvCreateImage.CXCORE099(?,?,80000010,00000001,?,00000000,?,0040120F), ref: 004031AF
                                                                                          • cvCreateImage.CXCORE099(?,?,80000010,00000001,?,?,?,?,?,00000000,?,0040120F), ref: 004031C7
                                                                                          • cvReleaseImage.CXCORE099(00000000,?,00000000,?,0040120F), ref: 0040321A
                                                                                          • cvReleaseImage.CXCORE099(00000004,?,00000000,?,0040120F), ref: 0040322C
                                                                                          • cvReleaseImage.CXCORE099(-00000008,?,00000000,?,0040120F), ref: 0040323D
                                                                                          • cvReleaseImage.CXCORE099(?,?,00000000,?,0040120F), ref: 00403253
                                                                                          • cvReleaseImage.CXCORE099(00000000,?,00000000,?,0040120F), ref: 00403265
                                                                                          • cvReleaseImage.CXCORE099(?,?,00000000,?,0040120F), ref: 00403276
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image$Release$Create
                                                                                          • String ID:
                                                                                          • API String ID: 810653722-0
                                                                                          • Opcode ID: 1d98beb3a53aab4c12813adeeefc3e19331db0e6fab2847f039cf9fe8a11b982
                                                                                          • Instruction ID: 1a79d18011980f8bb9dda7d5d5bd7389d244d0d6aefedc31b6f3b3b2419f781a
                                                                                          • Opcode Fuzzy Hash: 1d98beb3a53aab4c12813adeeefc3e19331db0e6fab2847f039cf9fe8a11b982
                                                                                          • Instruction Fuzzy Hash: 0031FAB5901202ABEB109E24DC45B57BB9CFF55302F08447AE904A33C1F379FA59C6A6
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004887A0 Relevance: 13.6, APIs: 9, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z.MSVCP80(00000000,3D2007F9,3D2007F9,?,?,00488794,3D2007F9,0049A100,0049A100), ref: 004887D9
                                                                                          • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(3D2007F9,?,?,00488794,3D2007F9,0049A100,0049A100), ref: 004887E7
                                                                                          • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,00488794,3D2007F9,0049A100,0049A100), ref: 004887F5
                                                                                          • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(?,00488794,3D2007F9,0049A100,0049A100), ref: 00488800
                                                                                          • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,?,00488794,3D2007F9,0049A100,0049A100), ref: 00488819
                                                                                          • ?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z.MSVCP80(?,00000000,?,?,00488794,3D2007F9,0049A100,0049A100), ref: 0048882E
                                                                                          • ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z.MSVCP80(?,?,?,00488794,3D2007F9,0049A100,0049A100), ref: 0048884B
                                                                                          • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP80(?,?,00488794,3D2007F9,0049A100,0049A100), ref: 0048885B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$Myptr@?$basic_string@_$V12@$??1?$basic_string@_??4?$basic_string@_?erase@?$basic_string@_?size@?$basic_string@?substr@?$basic_string@_D@2@@std@@D@std@@U?$char_traits@V01@V01@@V?$allocator@
                                                                                          • String ID:
                                                                                          • API String ID: 731949045-0
                                                                                          • Opcode ID: 2f69720e727eced4ed2275371a078fe7476b196afe62a487cd70bae6314d5383
                                                                                          • Instruction ID: 4406f9edcf3e418624fedf0353d0674b6ffa21746b1b988d8d39eeb2d4d24482
                                                                                          • Opcode Fuzzy Hash: 2f69720e727eced4ed2275371a078fe7476b196afe62a487cd70bae6314d5383
                                                                                          • Instruction Fuzzy Hash: 5C314D31900108EFDB04EF59E898A9DBBB6FB98350F40C52AF91A973A0DB30A944DF54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004B14B0 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 372COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          • _Smanip.LIBCPMTD ref: 004B152C
                                                                                            • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: clock$AllocatorDebugHeapSmanip
                                                                                          • String ID: CGraphMgr::AdjustCameraResolution (size=%dx%d)$vids
                                                                                          • API String ID: 3240802707-243107872
                                                                                          • Opcode ID: 0b9f26486d5ca748ff65b87eaf69692d820365cf5d3d260ad1582382175653d3
                                                                                          • Instruction ID: a989dfa4e85d0b56287cfe2e867778c486b3f31bfd173d30f9afd811cc483807
                                                                                          • Opcode Fuzzy Hash: 0b9f26486d5ca748ff65b87eaf69692d820365cf5d3d260ad1582382175653d3
                                                                                          • Instruction Fuzzy Hash: D7021671900218DFCB14DF69C991BEEBBB0BF48304F50819EE519A7291DB34AE85CFA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042A5B0 Relevance: 12.4, APIs: 1, Strings: 7, Instructions: 420COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00406640: GetDlgItem.USER32 ref: 00406651
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A415
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A437
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A455
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A47D
                                                                                            • Part of subcall function 0041A3B0: ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,?,00000000,?,0053E990,?,?,?,?,?,\class.xml,?,?,?,data\images\), ref: 0041A530
                                                                                            • Part of subcall function 0041DE10: ??_V@YAXPAX@Z.MSVCR80 ref: 0041DE55
                                                                                            • Part of subcall function 004065B0: SetWindowTextW.USER32(?,004062B3), ref: 004065C1
                                                                                            • Part of subcall function 0040DA40: MoveWindow.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,?,?,00408A2E,0000006D,0000002D,00000157,00000017,00000001,00000000,?), ref: 0040DA61
                                                                                            • Part of subcall function 0041DE10: lstrlenW.KERNEL32(00000000,3D2007F9,?,?,?,0000001F,00000001,CameraDlg\btn_properties,00000000), ref: 0041DE94
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A79D
                                                                                          • memset.MSVCR80 ref: 0042AAEE
                                                                                            • Part of subcall function 0042AC80: _DebugHeapAllocator.LIBCPMTD ref: 0042ACE7
                                                                                            • Part of subcall function 0042AC80: _DebugHeapAllocator.LIBCPMTD ref: 0042AD25
                                                                                            • Part of subcall function 0042AC80: ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,000000CC,00000001,00545BC0,data\images\maindlg\,00000001,?,00000000,3D2007F9,00000008,000000CC,0000003E,00000001), ref: 0042AD48
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@Load@Window$ItemMoveTextlstrlenmemset
                                                                                          • String ID: Tahoma$drawEffectDlg\btn_clear$drawEffectDlg\btn_large$drawEffectDlg\btn_middle$drawEffectDlg\btn_save$drawEffectDlg\btn_save$drawEffectDlg\btn_small
                                                                                          • API String ID: 917308447-3436469711
                                                                                          • Opcode ID: 270378d4c1d5f14f44e424ebb91537222281f9fe44b533ecab9fbbdcf32d1889
                                                                                          • Instruction ID: 3e0206703fa91518360c9a9f613824172eee4b2edee5d94e2292119dbd36ceb1
                                                                                          • Opcode Fuzzy Hash: 270378d4c1d5f14f44e424ebb91537222281f9fe44b533ecab9fbbdcf32d1889
                                                                                          • Instruction Fuzzy Hash: 7CF12474B407146FEB28E795CD62FAD72659F85708F0400ADB3477E2C2DAF829948B1E
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004C9210 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 169COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,3D2007F9), ref: 004C928B
                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,3D2007F9), ref: 004C93D8
                                                                                          • cvReleaseImage.CXCORE099(00000000,?,?,?,?,3D2007F9), ref: 004C93E8
                                                                                          Strings
                                                                                          • CManyCamModel::GetPosterFrame, xrefs: 004C923F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorCloseCreateDebugEventHandleHeapImageReleaseclock
                                                                                          • String ID: CManyCamModel::GetPosterFrame
                                                                                          • API String ID: 3295495820-604892226
                                                                                          • Opcode ID: 0fb0d1f75a3f7064816a10a7a659a458f82e48bfb0f7d40fede8694d07b98b13
                                                                                          • Instruction ID: b7f4d3075c697768d86108b177f770b28cc6e89c2576a85e707f138266713341
                                                                                          • Opcode Fuzzy Hash: 0fb0d1f75a3f7064816a10a7a659a458f82e48bfb0f7d40fede8694d07b98b13
                                                                                          • Instruction Fuzzy Hash: 81717C70D01208DFDB04EFE4C895BEEBBB4BF58304F20815DE505AB291DB786A45CBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004278F0 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 139COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00406640: GetDlgItem.USER32 ref: 00406651
                                                                                          • MoveWindow.USER32(00000000,?,000000FF,00000171,00000017,00000049,0000000F,00000001), ref: 0042791F
                                                                                            • Part of subcall function 0041E080: SendMessageW.USER32(?,00000406,?,?), ref: 0041E0B3
                                                                                            • Part of subcall function 0041E0E0: SendMessageW.USER32(?,00000405,00000001,00000000), ref: 0041E0F8
                                                                                            • Part of subcall function 0040DA40: MoveWindow.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,?,?,00408A2E,0000006D,0000002D,00000157,00000017,00000001,00000000,?), ref: 0040DA61
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A415
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A437
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A455
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A47D
                                                                                            • Part of subcall function 0041A3B0: ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,?,00000000,?,0053E990,?,?,?,?,?,\class.xml,?,?,?,data\images\), ref: 0041A530
                                                                                            • Part of subcall function 0041DE10: ??_V@YAXPAX@Z.MSVCR80 ref: 0041DE55
                                                                                            • Part of subcall function 0041DE10: lstrlenW.KERNEL32(00000000,3D2007F9,?,?,?,0000001F,00000001,CameraDlg\btn_properties,00000000), ref: 0041DE94
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A79D
                                                                                            • Part of subcall function 00428400: _DebugHeapAllocator.LIBCPMTD ref: 0042847C
                                                                                            • Part of subcall function 00428400: _DebugHeapAllocator.LIBCPMTD ref: 004284BA
                                                                                            • Part of subcall function 00428400: ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,000003EB,00000014,00544C8C,data\images\maindlg\,00000014,?,?,3D2007F9,?,000003EB,000001B0,00000014), ref: 004284DD
                                                                                          Strings
                                                                                          • DesktopDlg\btn_part_desktop, xrefs: 00427A08
                                                                                          • Capture entire desktop, xrefs: 004279B9
                                                                                          • DesktopDlg\btn_entire_desktop, xrefs: 004279A9
                                                                                          • Capture custom desktop area, xrefs: 00427A83
                                                                                          • DesktopDlg\btn_castom_desktop, xrefs: 00427A70
                                                                                          • Capture area around cursor, xrefs: 00427A1B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@Load@MessageMoveSendWindow$Itemlstrlen
                                                                                          • String ID: Capture area around cursor$Capture custom desktop area$Capture entire desktop$DesktopDlg\btn_castom_desktop$DesktopDlg\btn_entire_desktop$DesktopDlg\btn_part_desktop
                                                                                          • API String ID: 1049898977-3779348435
                                                                                          • Opcode ID: 1e7c06f35e9c2f0a9c2c3837d1f33e3d4cef74c66798ad765f90d653820a21c3
                                                                                          • Instruction ID: e752f734671e8a8f8585cc71003ba79e14dc520feb418a2cc19da4b927b75113
                                                                                          • Opcode Fuzzy Hash: 1e7c06f35e9c2f0a9c2c3837d1f33e3d4cef74c66798ad765f90d653820a21c3
                                                                                          • Instruction Fuzzy Hash: A241E330B842056BEF18E7D5CCA3FFE76659F8470CF44051EB3077A2C2DAA965A0869D
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0050E6A0 Relevance: 12.4, APIs: 8, Instructions: 361memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeapmemset
                                                                                          • String ID:
                                                                                          • API String ID: 622753528-0
                                                                                          • Opcode ID: 2c09cb3bd4d98cd5ac2316cddb9aa19e67c7f66a0578b6bf1a6e020fd8d26f0b
                                                                                          • Instruction ID: 15c03739bf2cff661cf5d104c6130bcee5a7d3e6e4c58e74d1621743953f5b5e
                                                                                          • Opcode Fuzzy Hash: 2c09cb3bd4d98cd5ac2316cddb9aa19e67c7f66a0578b6bf1a6e020fd8d26f0b
                                                                                          • Instruction Fuzzy Hash: 81F17A719022199BDB28EB10CD9ABEEBBB4BF54304F1085E9E40A671D1DB745F88CF91
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004CB0F0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 97memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA07
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA16
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA37
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap
                                                                                          • String ID: |LV$ZP
                                                                                          • API String ID: 571936431-1538846667
                                                                                          • Opcode ID: 8217c67bd42f6a567db927a5321e70c2cba3473b1a658e23f040ac260a6cc460
                                                                                          • Instruction ID: 978cc442b74b90625ce9c3af39009df7ee77075ce9d9cefa9296828956acecd6
                                                                                          • Opcode Fuzzy Hash: 8217c67bd42f6a567db927a5321e70c2cba3473b1a658e23f040ac260a6cc460
                                                                                          • Instruction Fuzzy Hash: 27410AB1D05248EFCB04DFA8D991BDEBBF5BB48304F10815EF815A7281D778AA04CBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004FD940 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateFontIndirectmemset$DeleteObject
                                                                                          • String ID: Arial$Arial
                                                                                          • API String ID: 346542776-1763068633
                                                                                          • Opcode ID: c12b24dd9f2b9995e0df65b83cf3194b303dc9a1253823438070491bc9bd0b38
                                                                                          • Instruction ID: 75e1cabb217cce4dc965ee215482411260d72ac32ca7e1cfdb982b14341ac3fd
                                                                                          • Opcode Fuzzy Hash: c12b24dd9f2b9995e0df65b83cf3194b303dc9a1253823438070491bc9bd0b38
                                                                                          • Instruction Fuzzy Hash: A7415AB0D05398CFEB20CFA8D858B8DBBB0AB25304F0442D9D5496B3C1D7B55A88CF61
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00428400 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 75memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042847C
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004284BA
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,000003EB,00000014,00544C8C,data\images\maindlg\,00000014,?,?,3D2007F9,?,000003EB,000001B0,00000014), ref: 004284DD
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@Load@
                                                                                          • String ID: (MT$.png$TMT$data\images\maindlg\
                                                                                          • API String ID: 1315443971-3643503733
                                                                                          • Opcode ID: cbffbf393df03336253548ef9ff51fddc2804daf7bf0528a20e93201e72a3de5
                                                                                          • Instruction ID: f06250170feff65d0159650778f77ddb5d8cb4d0749f77b4883fa895b7a58ebd
                                                                                          • Opcode Fuzzy Hash: cbffbf393df03336253548ef9ff51fddc2804daf7bf0528a20e93201e72a3de5
                                                                                          • Instruction Fuzzy Hash: 98313AB1D05248EBCB04DF95E985BDDBBB4FF09318F14452EE01177281DB785A08CBA9
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004825C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75librarywindowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadCursorW.USER32(00000000,00007F89), ref: 00482602
                                                                                          • GetWindowsDirectoryW.KERNEL32(00000000,00000104,00000104,?,0049A100,3D2007F9,?), ref: 00482644
                                                                                          • LoadLibraryW.KERNEL32(00000000,\winhlp32.exe,000000FF,?,0049A100,3D2007F9,?), ref: 0048266A
                                                                                          • LoadCursorW.USER32(00000000,0000006A), ref: 0048267F
                                                                                          • CopyIcon.USER32 ref: 00482692
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 004826A5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Load$CursorLibrary$CopyDirectoryFreeIconWindows
                                                                                          • String ID: \winhlp32.exe
                                                                                          • API String ID: 501009500-695620452
                                                                                          • Opcode ID: 72d25b9e93f0e45ffb332d077584a673b3d5e48780a8d95c32651a89c6593934
                                                                                          • Instruction ID: ec6d5bdbcb5f979a409084d156352cb5eef125df936233655878cf5ad0338882
                                                                                          • Opcode Fuzzy Hash: 72d25b9e93f0e45ffb332d077584a673b3d5e48780a8d95c32651a89c6593934
                                                                                          • Instruction Fuzzy Hash: 0D313A71D00208AFDB04EFA4E959BEDBBB5FB18314F50462AF916A72D0DB786948CB14
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004CC090 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 51processCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: memset$CreateProcesswcscatwcscpy
                                                                                          • String ID: D$explorer
                                                                                          • API String ID: 2548451390-59806483
                                                                                          • Opcode ID: 87fd29d6fdca06f79b8b93392fe1b8594b1ff79018bf0756e576e94cb8c1d6ac
                                                                                          • Instruction ID: 906bf29f722530e8e831fd4767c9bb697a1163fcdc31cec5d0d8c6568ad6c1cf
                                                                                          • Opcode Fuzzy Hash: 87fd29d6fdca06f79b8b93392fe1b8594b1ff79018bf0756e576e94cb8c1d6ac
                                                                                          • Instruction Fuzzy Hash: 0E019BB194021CABDB10DB60EC8AFED7738BF54700F440699F609961C1EB755B58CF55
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042DC80 Relevance: 12.1, APIs: 2, Strings: 6, Instructions: 147COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??2@YAPAXI@Z.MSVCR80 ref: 0042DCB0
                                                                                            • Part of subcall function 0042F960: _invalid_parameter_noinfo.MSVCR80(-0000003E,?,004AB3E0,00000000,0000000A,00000001,3D2007F9,000000FF,?,004AB79D), ref: 0042F974
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ??2@_invalid_parameter_noinfo
                                                                                          • String ID: Change name$Delete$Delete all$Delete all$Publish to site...$Save as...
                                                                                          • API String ID: 2394498909-4144333707
                                                                                          • Opcode ID: 1070f927244c271102bd3cd89aac6e2582363a7fdc82af63832a7c93e68fa045
                                                                                          • Instruction ID: 50b8f7488763f37987f86420c55575d2a36a0c72a692e360ba9a960994f04649
                                                                                          • Opcode Fuzzy Hash: 1070f927244c271102bd3cd89aac6e2582363a7fdc82af63832a7c93e68fa045
                                                                                          • Instruction Fuzzy Hash: 95514D70F40619ABDB04DFA4EC92BAEB7B0BF48704F50412AE516BB2D1DB786944CB94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004042F0 Relevance: 12.1, APIs: 8, Instructions: 101COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • cvCopy.CXCORE099(?,?,00000000,?,?,?,FFFFFFFE,?,?,?,?,00401620), ref: 00404309
                                                                                          • cvInvert.CXCORE099(?,?,00000000,?,?,FFFFFFFE,?,?,?,?,00401620), ref: 00404321
                                                                                          • cvGEMM.CXCORE099(?,?,?,?,?,00000000,?,?,?,?,?,FFFFFFFE), ref: 0040436B
                                                                                            • Part of subcall function 00403550: cvResetImageROI.CXCORE099(?,?,FFFFFFFE), ref: 004035F7
                                                                                            • Part of subcall function 00403550: cvResetImageROI.CXCORE099(?,FFFFFFFE), ref: 00403603
                                                                                            • Part of subcall function 00403550: cvResetImageROI.CXCORE099(?,?,FFFFFFFE), ref: 0040360F
                                                                                            • Part of subcall function 00403550: cvSet.CXCORE099(?), ref: 00403636
                                                                                            • Part of subcall function 00403550: cvSet.CXCORE099(?), ref: 0040365D
                                                                                          • cvSetImageROI.CXCORE099(?), ref: 004043B7
                                                                                          • cvSetImageROI.CXCORE099(?), ref: 004043D9
                                                                                          • cvCopy.CXCORE099(?,?,00000000), ref: 004043E5
                                                                                          • cvResetImageROI.CXCORE099(?), ref: 004043EE
                                                                                          • cvResetImageROI.CXCORE099(?), ref: 004043F7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image$Reset$Copy$Invert
                                                                                          • String ID:
                                                                                          • API String ID: 2642547888-0
                                                                                          • Opcode ID: e93eb0512fcc8a041c5aa665e6f27bd66d5727e802e950380074bd07c4e28349
                                                                                          • Instruction ID: 4832167a604e7eee410914a1b349f3b52c2c1ab0660e6587da0ebae9eec7833f
                                                                                          • Opcode Fuzzy Hash: e93eb0512fcc8a041c5aa665e6f27bd66d5727e802e950380074bd07c4e28349
                                                                                          • Instruction Fuzzy Hash: 5B3153F4A007009FC314EF14D886F57BBE4AF89710F04896DE98A57381D635E9158BA6
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004012F0 Relevance: 12.1, APIs: 8, Instructions: 56COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000118,?), ref: 00402ED9
                                                                                            • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000114), ref: 00402EEB
                                                                                            • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(0000011C), ref: 00402EFD
                                                                                            • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000120), ref: 00402F0F
                                                                                            • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000124), ref: 00402F21
                                                                                            • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000128), ref: 00402F33
                                                                                            • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(0000012C), ref: 00402F45
                                                                                            • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000130), ref: 00402F57
                                                                                            • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000134), ref: 00402F69
                                                                                            • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000100), ref: 00402F77
                                                                                            • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000104), ref: 00402F89
                                                                                            • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000110), ref: 00402F9B
                                                                                            • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000108), ref: 00402FAD
                                                                                            • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(0000010C), ref: 00402FBF
                                                                                            • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000138), ref: 00402FD1
                                                                                            • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(0000013C), ref: 00402FE3
                                                                                          • cvReleaseImage.CXCORE099(?,?,?,004012A0,?), ref: 00401313
                                                                                          • cvReleaseImage.CXCORE099(00000000,?,?,004012A0,?), ref: 00401325
                                                                                          • cvReleaseImage.CXCORE099(00000000,?,?,004012A0,?), ref: 00401337
                                                                                          • cvReleaseImage.CXCORE099(-000000A8,?,?,004012A0,?), ref: 00401347
                                                                                          • cvReleaseImage.CXCORE099(?,-000000A8,?,?,004012A0,?), ref: 00401355
                                                                                          • cvReleaseMat.CXCORE099(00000000,004012A0,?), ref: 0040136E
                                                                                          • cvReleaseImage.CXCORE099(?,004012A0,?), ref: 0040137C
                                                                                          • ??3@YAXPAX@Z.MSVCR80 ref: 00401387
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Release$Image$??3@
                                                                                          • String ID:
                                                                                          • API String ID: 4199280203-0
                                                                                          • Opcode ID: ce4da6eb0e3a7f94bb66be05ad3657c3e2c6a0438bd0ebaefe0091d5ba8a80e6
                                                                                          • Instruction ID: 9a6bf2f685f8ffb5b2492dd8c0792c90c05741bbbc79e9eb21885bcc9159b9e2
                                                                                          • Opcode Fuzzy Hash: ce4da6eb0e3a7f94bb66be05ad3657c3e2c6a0438bd0ebaefe0091d5ba8a80e6
                                                                                          • Instruction Fuzzy Hash: 8F11E9F580021297FB20AB14E84AB5BB7A8EF41700F58443AE845636D0F73DF9A5C797
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004C27C0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 336COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,3D2007F9,?,?,00000000,00534159,000000FF,?,004C2664,?,00000001,00000000,004BCB55,00000001,00000000,00000000), ref: 004C2804
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 004C2818
                                                                                          • _CxxThrowException.MSVCR80(d&L,0057CBF8), ref: 004C2826
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(d&L,0057CBF8,?,?,?,00000000,00534159,000000FF,?,004C2664,?,00000001,00000000,004BCB55,00000001,00000000), ref: 004C2835
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: d&L$map/set<T> too long
                                                                                          • API String ID: 3248949544-2396053701
                                                                                          • Opcode ID: 9e2109b489b36a333a9366bcbadb2707d019cd34c0dca1b399f2e05f1bc863c7
                                                                                          • Instruction ID: 0421590c6fc88a653ea049570befb3043dc480636a3316981a528d684021d55e
                                                                                          • Opcode Fuzzy Hash: 9e2109b489b36a333a9366bcbadb2707d019cd34c0dca1b399f2e05f1bc863c7
                                                                                          • Instruction Fuzzy Hash: 8DD11B74A002459FCB04FFA9C991EAF7776AF89304B20456EF4159B356CB78AC05CBB8
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004D4D80 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 336COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,3D2007F9,?,?,00000000,00535759,000000FF,?,004D4C24,?,00000001,00000000,?,00000001,00000000,00000000), ref: 004D4DC4
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 004D4DD8
                                                                                          • _CxxThrowException.MSVCR80($LM,0057CBF8), ref: 004D4DE6
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80($LM,0057CBF8,?,?,?,00000000,00535759,000000FF,?,004D4C24,?,00000001,00000000,?,00000001,00000000), ref: 004D4DF5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: $LM$map/set<T> too long
                                                                                          • API String ID: 3248949544-3238143215
                                                                                          • Opcode ID: b3a5ef0cd3d0604de93e7cfc4f998ecbca4839092f53841d330d18dc272e40e7
                                                                                          • Instruction ID: a07927191520cae1e6be455f76438f534ad6819f987c116f95f500b89d554bea
                                                                                          • Opcode Fuzzy Hash: b3a5ef0cd3d0604de93e7cfc4f998ecbca4839092f53841d330d18dc272e40e7
                                                                                          • Instruction Fuzzy Hash: A9D10B71A142159FCB04EFE5E8A1E6F7776AFC9304B50455FF0129B359DA38AC02CBA8
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004AAB20 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 256COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 004AAC1D
                                                                                          • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 004AAC4F
                                                                                            • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                          Strings
                                                                                          • Inserting effect %s to stack at position %d., xrefs: 004AACE1
                                                                                          • CVideoProcessor::InsertEffectToStack, xrefs: 004AAB4B
                                                                                          • Inserting effect %s\%s\%s to stack at position %d., xrefs: 004AAC73
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: clock$AllocatorBase::Concurrency::details::Concurrency::task_options::get_schedulerDebugHeapPolicyScheduler
                                                                                          • String ID: CVideoProcessor::InsertEffectToStack$Inserting effect %s to stack at position %d.$Inserting effect %s\%s\%s to stack at position %d.
                                                                                          • API String ID: 1896687067-3121683814
                                                                                          • Opcode ID: 2f379fbdc71ef8fe106dd6932f9e4df42c7bfac42d585d9b32fea62b007a0ea8
                                                                                          • Instruction ID: 105fcc333d0e6ff14583993c1dd746094cb4f3fab98b4d368d8a839d86cc259d
                                                                                          • Opcode Fuzzy Hash: 2f379fbdc71ef8fe106dd6932f9e4df42c7bfac42d585d9b32fea62b007a0ea8
                                                                                          • Instruction Fuzzy Hash: 56B12B70900208EFCB14DFA8C891BDEBBB5BF59314F10825EE419AB391DB74AE45CB95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004F6860 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 180memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004F68AB
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004F68DB
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004F6903
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004F692B
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                                          • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,000000FF,?,?,?,?,?,?,?,?,?,00000000,?,00000001,3D2007F9), ref: 004F696D
                                                                                            • Part of subcall function 004CB5F0: SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004CB626
                                                                                            • Part of subcall function 004CB5F0: _wmkdir.MSVCR80 ref: 004CB633
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                            • Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                                          Strings
                                                                                          • \ManyCam\BackgroundEffect, xrefs: 004F69A8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$FileFindFirstFolderImage@@PathSpecial_wmkdir
                                                                                          • String ID: \ManyCam\BackgroundEffect
                                                                                          • API String ID: 711174743-980167294
                                                                                          • Opcode ID: be2178804a92c928cd2aed66c8cbe30649dd095b03b0f11a4b1ac172dfbbafa9
                                                                                          • Instruction ID: 1d1004133df218b0561d43129003d36592f772ef424460559cb02d2d1cb950c8
                                                                                          • Opcode Fuzzy Hash: be2178804a92c928cd2aed66c8cbe30649dd095b03b0f11a4b1ac172dfbbafa9
                                                                                          • Instruction Fuzzy Hash: 5E8189B0901258DEDB14EF64DC41BDEBBB6AB94308F0081DEE449A3281DB795B98CF95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00513CB0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 140COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00513D55
                                                                                          • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00513D92
                                                                                          • cvCreateImage.CXCORE099(?,?,00000008,00000004), ref: 00513E4E
                                                                                          • cvResize.CV099(00000000,00000000,00000001), ref: 00513E63
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Base::Concurrency::details::Concurrency::task_options::get_schedulerCreateImagePolicyResizeScheduler
                                                                                          • String ID: Avatars$Objects
                                                                                          • API String ID: 2992923878-1969768225
                                                                                          • Opcode ID: 88d80d9e5b1925a2c6919934a6c20aa7d629ba449a3cc0373393a8c87a9d5497
                                                                                          • Instruction ID: 11ef104c15373c8e9f941a2410d1520fa6931b44404b7003273920e72e9da790
                                                                                          • Opcode Fuzzy Hash: 88d80d9e5b1925a2c6919934a6c20aa7d629ba449a3cc0373393a8c87a9d5497
                                                                                          • Instruction Fuzzy Hash: 385189B1D00209DBDF04DFA5E8A66EEBFB5FF48300F10816AE455BB294DB355A58CB81
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00405430 Relevance: 10.6, APIs: 7, Instructions: 129COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: IcosIsin
                                                                                          • String ID:
                                                                                          • API String ID: 14690888-0
                                                                                          • Opcode ID: 276f5b0b340e471206aa856c43127869a290fb93fcdf002dd0d7d5e66133fcaa
                                                                                          • Instruction ID: f55afc7f36c79dbe8a91edad75af3db0966c0985aa664003f4d56b1ff0a10eb2
                                                                                          • Opcode Fuzzy Hash: 276f5b0b340e471206aa856c43127869a290fb93fcdf002dd0d7d5e66133fcaa
                                                                                          • Instruction Fuzzy Hash: A351AF34609602DFC324DF14E68982ABBB0FF84700B918D88E4E5676A9D731E879CA56
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004A93F0 Relevance: 10.6, APIs: 7, Instructions: 118memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004A945B
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                            • Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                                          • wcscmp.MSVCR80 ref: 004A948B
                                                                                          • wcscmp.MSVCR80 ref: 004A94A4
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004A94F6
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004A9508
                                                                                          • wcslen.MSVCR80 ref: 004A9514
                                                                                          • wcslen.MSVCR80 ref: 004A957A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$wcscmpwcslen$FileFindFirst
                                                                                          • String ID:
                                                                                          • API String ID: 1577558999-0
                                                                                          • Opcode ID: 0cb7d27af655883c31428af5e0bb9fad3cc48976a5dbef61661fdd01497b3954
                                                                                          • Instruction ID: f16ea4ad88e480f90c3d3a557b52af9eaab9dd6428fdd0c1f69d551c8bda1375
                                                                                          • Opcode Fuzzy Hash: 0cb7d27af655883c31428af5e0bb9fad3cc48976a5dbef61661fdd01497b3954
                                                                                          • Instruction Fuzzy Hash: 5E5120B19041189BCB24EB65DD91BEDB774BF14308F0085EE960A62281EF34AF88CF5C
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004266B0 Relevance: 10.6, APIs: 7, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                          • GetStockObject.GDI32(00000000), ref: 0042670E
                                                                                          • FillRect.USER32 ref: 0042671D
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT ref: 00426744
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000), ref: 00426769
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000), ref: 0042677D
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 004267A4
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 004267CF
                                                                                            • Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image@@$C__@@Draw@U3@_Utag$RectWidth@$ClientFillObjectStock
                                                                                          • String ID:
                                                                                          • API String ID: 3635710602-0
                                                                                          • Opcode ID: 2e902237a62102cc0783c26eea87632ae7e55b0e330416ba1cdccc3c8738a941
                                                                                          • Instruction ID: 636054c8f4e363f310d4610df5f6cab4c07c672653326205662c59b6922b00b1
                                                                                          • Opcode Fuzzy Hash: 2e902237a62102cc0783c26eea87632ae7e55b0e330416ba1cdccc3c8738a941
                                                                                          • Instruction Fuzzy Hash: FA41E6B1D00209ABDB08EFD8D991BEEBBB4FF48304F14812EE516A7284DB746945CB65
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042BBC0 Relevance: 10.6, APIs: 7, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                          • GetStockObject.GDI32(00000000), ref: 0042BC1E
                                                                                          • FillRect.USER32 ref: 0042BC2D
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT ref: 0042BC54
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000), ref: 0042BC79
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000), ref: 0042BC8D
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0042BCB4
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0042BCDF
                                                                                            • Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image@@$C__@@Draw@U3@_Utag$RectWidth@$ClientFillObjectStock
                                                                                          • String ID:
                                                                                          • API String ID: 3635710602-0
                                                                                          • Opcode ID: 435a5f46c63fc1eae19c45e23b74f9bfa5f7e082b65caccc085b7f7040546536
                                                                                          • Instruction ID: eb94d27477e50e4d717c3d773d4d4ebd07000d9040db2f059fa67eb19feff31e
                                                                                          • Opcode Fuzzy Hash: 435a5f46c63fc1eae19c45e23b74f9bfa5f7e082b65caccc085b7f7040546536
                                                                                          • Instruction Fuzzy Hash: E841E5B1D00209AFDB08EFD8D991BEEBBB8FF48304F10412EE516A7284DB746A45CB55
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004265B0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 72memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00426617
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00426655
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,?,?,00543BA0,data\images\maindlg\,?,?,?,3D2007F9), ref: 00426678
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@Load@
                                                                                          • String ID: .png$data\images\maindlg\$;T
                                                                                          • API String ID: 1315443971-490103044
                                                                                          • Opcode ID: 25dd62ad1dffaf1f7697ce5bb85d4b016747b7766f05fd68e0ce10921046d88e
                                                                                          • Instruction ID: d6baf32a8499c7f25828db752c6f53ce77f9777766276abc85c2b1cdef14b565
                                                                                          • Opcode Fuzzy Hash: 25dd62ad1dffaf1f7697ce5bb85d4b016747b7766f05fd68e0ce10921046d88e
                                                                                          • Instruction Fuzzy Hash: B7314A71D052489BCF04EFA5D885BEEBBB8FB08318F10452EE41277291DB386609CBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042AC80 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 72memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042ACE7
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042AD25
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,000000CC,00000001,00545BC0,data\images\maindlg\,00000001,?,00000000,3D2007F9,00000008,000000CC,0000003E,00000001), ref: 0042AD48
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@Load@
                                                                                          • String ID: .png$data\images\maindlg\$[T
                                                                                          • API String ID: 1315443971-2026572451
                                                                                          • Opcode ID: c6f48d1d889a1724de804aacf42f1e29f9f12b616ab2601b8390a8dfddbfe8a6
                                                                                          • Instruction ID: 945d218172822ab397b4e05be073ae2f2c5b6e28a5be2581afe793848f371de3
                                                                                          • Opcode Fuzzy Hash: c6f48d1d889a1724de804aacf42f1e29f9f12b616ab2601b8390a8dfddbfe8a6
                                                                                          • Instruction Fuzzy Hash: 22312C71D15248DBCF04DFA5D885BEEBBB4FB08318F50452EE41277281DB785609CBA9
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 005004E0 Relevance: 10.5, APIs: 7, Instructions: 33windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetDC.USER32(00000000), ref: 005004E8
                                                                                          • CreateCompatibleBitmap.GDI32(3D2007F9,00000001,00000001), ref: 005004F9
                                                                                          • SelectObject.GDI32(004FFD5A,?), ref: 0050050A
                                                                                          • DeleteObject.GDI32(004FFD5A), ref: 00500517
                                                                                          • DeleteObject.GDI32(?), ref: 00500521
                                                                                          • DeleteDC.GDI32(004FFD5A), ref: 0050052B
                                                                                          • DeleteDC.GDI32(3D2007F9), ref: 00500535
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Delete$Object$BitmapCompatibleCreateSelect
                                                                                          • String ID:
                                                                                          • API String ID: 3915743176-0
                                                                                          • Opcode ID: b63c2d31c0b96e8bb4f8e8f13ea308aed4bd4cf6168d262f444604c21e878b20
                                                                                          • Instruction ID: 1b2a2ef179f50e4d9ec7ba4aa31c39b7eea7e62ab75ac1a615a3d8bcab50b0f7
                                                                                          • Opcode Fuzzy Hash: b63c2d31c0b96e8bb4f8e8f13ea308aed4bd4cf6168d262f444604c21e878b20
                                                                                          • Instruction Fuzzy Hash: 7FF0E7B9900208FBDB04DFF4D88CA9EBB78AB58301F008146FB1993350C7359A48EB50
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004B5F10 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,3D2007F9,?,?,?,?,?,?,?,00000000,005337E9,000000FF,?,004B5503,004B1AE0), ref: 004B5F3D
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 004B5F51
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004B5F5F
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,005337E9,000000FF,?,004B5503,004B1AE0), ref: 004B5F6E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: CKK$vector<T> too long
                                                                                          • API String ID: 3248949544-3216571628
                                                                                          • Opcode ID: 3718fa35949eba5a82b900746a9376809f8905b55e5b69c6eb2af84f65c3591d
                                                                                          • Instruction ID: c8d92b487c042dcc06c93ea087005db71d51a26c7136d47a4fad7ddcb25ee778
                                                                                          • Opcode Fuzzy Hash: 3718fa35949eba5a82b900746a9376809f8905b55e5b69c6eb2af84f65c3591d
                                                                                          • Instruction Fuzzy Hash: 47F0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0DB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004242A0 Relevance: 9.2, APIs: 6, Instructions: 168COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCursorInfo.USER32(00000014), ref: 004242CD
                                                                                          • ScreenToClient.USER32 ref: 004242E1
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                          • GetDC.USER32(?), ref: 004243EE
                                                                                          • wcslen.MSVCR80 ref: 00424408
                                                                                          • GetTextExtentPoint32W.GDI32(?,?,00000000), ref: 00424420
                                                                                          • ReleaseDC.USER32 ref: 00424437
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Client$CursorExtentInfoPoint32RectReleaseScreenTextwcslen
                                                                                          • String ID:
                                                                                          • API String ID: 1818624329-0
                                                                                          • Opcode ID: 0c1df39c5964b91920f54f72ee6645779ec71c993bd4406e2e7bfb2a43fad3da
                                                                                          • Instruction ID: dfbf29d46014c909a867da8c656cefcdd1fdc3d0d0c0ac4eb1bf690a27bc7e37
                                                                                          • Opcode Fuzzy Hash: 0c1df39c5964b91920f54f72ee6645779ec71c993bd4406e2e7bfb2a43fad3da
                                                                                          • Instruction Fuzzy Hash: B871FC71A00528DBCB54DB58DC91BAEB3B5FF88309F44818EE54AB7241DF34AA84CF94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004E2290 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,3D2007F9,?,?,00000000,00536A39,000000FF,?,004E1A94,?,00000001,00000000,004E0575,00000001,00000000,00000000), ref: 004E22D4
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 004E22E8
                                                                                          • _CxxThrowException.MSVCR80(004E1A94,0057CBF8), ref: 004E22F6
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004E1A94,0057CBF8,?,?,?,00000000,00536A39,000000FF,?,004E1A94,?,00000001,00000000,004E0575,00000001,00000000), ref: 004E2305
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: map/set<T> too long
                                                                                          • API String ID: 3248949544-1285458680
                                                                                          • Opcode ID: 037b1c6f34042e82ce7b50c5ae10a42ae7eaf65c3770f3036ce6bbe0d0c371b4
                                                                                          • Instruction ID: eb3dced5db3925a888724237d041c26940005993663a78e11fc02054abcc7e87
                                                                                          • Opcode Fuzzy Hash: 037b1c6f34042e82ce7b50c5ae10a42ae7eaf65c3770f3036ce6bbe0d0c371b4
                                                                                          • Instruction Fuzzy Hash: E7D10F70A002C99FCB04EFAAC991D6F777ABF89345B10455EF4119F366CA78AC01DBA4
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0048C8C0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,3D2007F9,?,?,?,00530F19,000000FF,?,0048A224,?,00000001,?,?,00000001,00000000,00000000), ref: 0048C904
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 0048C918
                                                                                          • _CxxThrowException.MSVCR80(0048A224,0057CBF8), ref: 0048C926
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(0048A224,0057CBF8,?,?,?,00530F19,000000FF,?,0048A224,?,00000001,?,?,00000001,00000000,00000000), ref: 0048C935
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: map/set<T> too long
                                                                                          • API String ID: 3248949544-1285458680
                                                                                          • Opcode ID: 5d9bd5cfefa7126eaa9cce7f59cf12a6ec2056fb24f196b19c599b19faf1435e
                                                                                          • Instruction ID: 781e3e5cdacf5d297dd74e0af013611e08a9c6e7430d9740113c692fd0013158
                                                                                          • Opcode Fuzzy Hash: 5d9bd5cfefa7126eaa9cce7f59cf12a6ec2056fb24f196b19c599b19faf1435e
                                                                                          • Instruction Fuzzy Hash: B0D1ED70A002499FCB04FFA5C891D6F7775EF8A708F20496EF6159B255CB38AD05CBA8
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00474C80 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,3D2007F9,?,?,00000000,0052F989,000000FF,?,00474884,?,00000001,00000000,004A9763,00000001,00000000,00000000), ref: 00474CC4
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 00474CD8
                                                                                          • _CxxThrowException.MSVCR80(00474884,0057CBF8), ref: 00474CE6
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(00474884,0057CBF8,?,?,?,00000000,0052F989,000000FF,?,00474884,?,00000001,00000000,004A9763,00000001,00000000), ref: 00474CF5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: map/set<T> too long
                                                                                          • API String ID: 3248949544-1285458680
                                                                                          • Opcode ID: fb5a5b0bfe5d7466eb37912541b6a1e1978402ae83b6b00b3775f69bc8b7d628
                                                                                          • Instruction ID: 902e9eb1271cb93d2a72db74486b01d1d5c84e1b516abcfe74867b495f5f0d12
                                                                                          • Opcode Fuzzy Hash: fb5a5b0bfe5d7466eb37912541b6a1e1978402ae83b6b00b3775f69bc8b7d628
                                                                                          • Instruction Fuzzy Hash: 1ED1FB70A002099FCB04EFA5D891EEF7776AF89318B20855EF4159F295CB38AC51CBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0048CF10 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,3D2007F9,?,?,?,00530F49,000000FF,?,0048A514,?,00000001,?,?,00000001,00000000,00000000), ref: 0048CF54
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 0048CF68
                                                                                          • _CxxThrowException.MSVCR80(0048A514,0057CBF8), ref: 0048CF76
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(0048A514,0057CBF8,?,?,?,00530F49,000000FF,?,0048A514,?,00000001,?,?,00000001,00000000,00000000), ref: 0048CF85
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: map/set<T> too long
                                                                                          • API String ID: 3248949544-1285458680
                                                                                          • Opcode ID: 6ffb65bce278b8fe47ce7c833305a1f3afc7f0cb37ed8eddf46bce9baa873d41
                                                                                          • Instruction ID: 50f8718e498666fa4da98437a76d4638b1e2a723603710fac9882f3192207998
                                                                                          • Opcode Fuzzy Hash: 6ffb65bce278b8fe47ce7c833305a1f3afc7f0cb37ed8eddf46bce9baa873d41
                                                                                          • Instruction Fuzzy Hash: 1BD1AA70A002459FCB04FFA5D8D1EAF77B6BF89304B10495EF511AB396CA39A901CBE5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00411300 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,3D2007F9,?,?,00000000,00528E39,000000FF,?,004112C4,?,00000001,00000000,0040F3C5,00000001,00000000,00000000), ref: 00411344
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 00411358
                                                                                          • _CxxThrowException.MSVCR80(004112C4,0057CBF8), ref: 00411366
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004112C4,0057CBF8,?,?,?,00000000,00528E39,000000FF,?,004112C4,?,00000001,00000000,0040F3C5,00000001,00000000), ref: 00411375
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: map/set<T> too long
                                                                                          • API String ID: 3248949544-1285458680
                                                                                          • Opcode ID: 42cbf8a29792d702c98aabde1d8b08b81332d8e2c8f3267b75d2f7efa1133912
                                                                                          • Instruction ID: fc6447a121a983bb72d300740fc035bcb7914751d3a952c33331dda71f3fca67
                                                                                          • Opcode Fuzzy Hash: 42cbf8a29792d702c98aabde1d8b08b81332d8e2c8f3267b75d2f7efa1133912
                                                                                          • Instruction Fuzzy Hash: 4DD12D70A002099FCB04EFE5C991EEFB775AF89304B10455EF512AB365CA7CAD51CBA8
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004C14E0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,3D2007F9,?,?,00000000,005340C9,000000FF,?,004C1384,?,00000001,00000000,004BAFA3,00000001,00000000,00000000), ref: 004C1524
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 004C1538
                                                                                          • _CxxThrowException.MSVCR80(004C1384,0057CBF8), ref: 004C1546
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004C1384,0057CBF8,?,?,?,00000000,005340C9,000000FF,?,004C1384,?,00000001,00000000,004BAFA3,00000001,00000000), ref: 004C1555
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: map/set<T> too long
                                                                                          • API String ID: 3248949544-1285458680
                                                                                          • Opcode ID: 373c4984a0380365a134575c025ccd3d03ef30724ed9c15aa6ec8d22811ce55d
                                                                                          • Instruction ID: 5f54f1dc26024d97c3e5589f28a2b26444c27508ce2d65950266073b7809569a
                                                                                          • Opcode Fuzzy Hash: 373c4984a0380365a134575c025ccd3d03ef30724ed9c15aa6ec8d22811ce55d
                                                                                          • Instruction Fuzzy Hash: D1D10F75E042459FCB04EFA5C891EAF7775AF8A304F1045AEF502AB355DA38AD01CBB8
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0048D7D0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,3D2007F9,?,?,?,00530F79,000000FF,?,0048AEF4,?,00000001,?,?,00000001,00000000,00000000), ref: 0048D814
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 0048D828
                                                                                          • _CxxThrowException.MSVCR80(0048AEF4,0057CBF8), ref: 0048D836
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(0048AEF4,0057CBF8,?,?,?,00530F79,000000FF,?,0048AEF4,?,00000001,?,?,00000001,00000000,00000000), ref: 0048D845
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: map/set<T> too long
                                                                                          • API String ID: 3248949544-1285458680
                                                                                          • Opcode ID: 30f3dba2d2509044dd435c0e4a58e2e90cb7d7e200ab4d5d41f53f078059e0ff
                                                                                          • Instruction ID: f924f05d9c195ac9d2efefafaa7b998481315dfbc5b04f0f3db32ea2b030e7a3
                                                                                          • Opcode Fuzzy Hash: 30f3dba2d2509044dd435c0e4a58e2e90cb7d7e200ab4d5d41f53f078059e0ff
                                                                                          • Instruction Fuzzy Hash: 1ED1DB74E102459FCB04FFA5C891E6F7B75AF89304F10896EF4159B295CA38AD01CFA8
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004C7A20 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                            • Part of subcall function 00407140: RegOpenKeyExW.ADVAPI32(?,80000002,00000000,00000000,00000000,80000002,SOFTWARE\ManyCam), ref: 00407162
                                                                                          • memset.MSVCR80 ref: 004C7ABE
                                                                                            • Part of subcall function 00407190: RegQueryValueExW.ADVAPI32(00000040,?,00000000,00000040,?,?,004C7AEB,AppVersion,?,00000040,80000002,SOFTWARE\ManyCam,00020019), ref: 004071CC
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                            • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeapclock$OpenQueryValuememset
                                                                                          • String ID: @$AppVersion$CManyCamModel::GetManyCamVersion$SOFTWARE\ManyCam$ob@
                                                                                          • API String ID: 1430646295-175800182
                                                                                          • Opcode ID: 99caf996730d2821cc7d9e1b6342d5801e04e7129e3737ca7ce9bef82be1f397
                                                                                          • Instruction ID: 07a999de59d8292b32f2331ae8109d5d18864066084ba78fe0f4ff90b5b286a5
                                                                                          • Opcode Fuzzy Hash: 99caf996730d2821cc7d9e1b6342d5801e04e7129e3737ca7ce9bef82be1f397
                                                                                          • Instruction Fuzzy Hash: 31315B70A04218DEDB10DB54D952BEEBBB4AB05304F0041AEE5457B2C1DBB86E48CBA6
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004C1CC0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,3D2007F9,?,?,00000000,005340F9,000000FF,?,004C1B64,?,00000001,00000000,004BB8D3,00000001,00000000,00000000), ref: 004C1D04
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 004C1D18
                                                                                          • _CxxThrowException.MSVCR80(004C1B64,0057CBF8), ref: 004C1D26
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004C1B64,0057CBF8,?,?,?,00000000,005340F9,000000FF,?,004C1B64,?,00000001,00000000,004BB8D3,00000001,00000000), ref: 004C1D35
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: map/set<T> too long
                                                                                          • API String ID: 3248949544-1285458680
                                                                                          • Opcode ID: 244b48426afd2b3cb84e5586bde9a12e9605ad4a338fae707614c6ae995eb5f3
                                                                                          • Instruction ID: 76fe67f2c80d83fee2b03a8fd12379f2c1e3e221b52a71524e2575de1d4bc0e2
                                                                                          • Opcode Fuzzy Hash: 244b48426afd2b3cb84e5586bde9a12e9605ad4a338fae707614c6ae995eb5f3
                                                                                          • Instruction Fuzzy Hash: 1DD1E974A00205AFCB14EFE6C891EEF7775AFC9308B104D5EF4129B256DA39A801CBB5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004059C0 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • cvCreateMat.CXCORE099(00000004,00000001,00000005,?,?,004015E6,?), ref: 004059C9
                                                                                          • cvCreateMat.CXCORE099(00000004,00000001,00000005,?,?,?,?,?,004015E6,?), ref: 00405A0C
                                                                                          • cvCreateMat.CXCORE099(00000004,00000001,00000005,?,?,?,?,?,?,?,?,004015E6,?), ref: 00405A4F
                                                                                            • Part of subcall function 004057D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,00000000), ref: 004057DA
                                                                                            • Part of subcall function 004057D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,00000000), ref: 004057EC
                                                                                            • Part of subcall function 004057D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,00000000), ref: 004057FE
                                                                                            • Part of subcall function 004057D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405810
                                                                                            • Part of subcall function 004057D0: cvGEMM.CXCORE099(?,?), ref: 0040586A
                                                                                            • Part of subcall function 004057D0: cvGEMM.CXCORE099(?,?), ref: 00405895
                                                                                            • Part of subcall function 004057D0: cvReleaseMat.CXCORE099(?), ref: 004058A2
                                                                                            • Part of subcall function 004057D0: cvReleaseMat.CXCORE099(?), ref: 004058AF
                                                                                            • Part of subcall function 004057D0: cvReleaseMat.CXCORE099(?), ref: 004058BC
                                                                                            • Part of subcall function 004057D0: cvReleaseMat.CXCORE099(?), ref: 004058C9
                                                                                          • cvReleaseMat.CXCORE099(?,?,?,?,00000000), ref: 00405A9A
                                                                                          • cvReleaseMat.CXCORE099(?), ref: 00405AA7
                                                                                          • cvReleaseMat.CXCORE099(?), ref: 00405AB4
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateRelease
                                                                                          • String ID:
                                                                                          • API String ID: 557197377-0
                                                                                          • Opcode ID: ba2c734ec160b10dc2be184458e091322f75ff8d3104fcbc22788eb87a98d7e3
                                                                                          • Instruction ID: 043076e51676209564484e982c9936a884ec24064fff71ead1165430e30ebd4e
                                                                                          • Opcode Fuzzy Hash: ba2c734ec160b10dc2be184458e091322f75ff8d3104fcbc22788eb87a98d7e3
                                                                                          • Instruction Fuzzy Hash: C6311574605201DFD304DF10D499E26BBA1BFC8704F5289CCE2941B2E6DB71D936CB82
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00402BB0 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • cvCreateImage.CXCORE099(?,?,00000008,00000001,?,?,00403181,?,?), ref: 00402BC0
                                                                                          • cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,00000000,?,0040120F), ref: 00402BD4
                                                                                          • cvCreateImage.CXCORE099(?,?,00000020,00000003,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BE9
                                                                                          • cvReleaseImage.CXCORE099(?,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BFE
                                                                                          • cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C10
                                                                                          • cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C22
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image$CreateRelease
                                                                                          • String ID:
                                                                                          • API String ID: 3874174198-0
                                                                                          • Opcode ID: 90bf2cca833fb2c28ec0a48af1516d2f96f179e9554cc466a05b48644bb4997a
                                                                                          • Instruction ID: 6a9ac0958563a1589a8d938dd82cbe29a94ad790e47f913414e9d99cb75ce162
                                                                                          • Opcode Fuzzy Hash: 90bf2cca833fb2c28ec0a48af1516d2f96f179e9554cc466a05b48644bb4997a
                                                                                          • Instruction Fuzzy Hash: F901F9F590130176F630AB259D4EF4B76DCFF91701F04483AF55AA12C1F6B4E184C221
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004032A0 Relevance: 9.1, APIs: 6, Instructions: 54COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • cvReleaseImage.CXCORE099(004012A4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032CA
                                                                                          • cvReleaseImage.CXCORE099(004012A8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032DC
                                                                                          • cvReleaseImage.CXCORE099(004012AC,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032EA
                                                                                          • cvReleaseImage.CXCORE099(004012C0,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403302
                                                                                          • cvReleaseImage.CXCORE099(004012C4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403314
                                                                                          • cvReleaseImage.CXCORE099(004012C8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403326
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ImageRelease
                                                                                          • String ID:
                                                                                          • API String ID: 535124018-0
                                                                                          • Opcode ID: d5d590391344c0c731e22e2c0c0412fa703b525e44fcf2c6df5cf6810ee77da8
                                                                                          • Instruction ID: f6f80441a689a6daaa6ac2ab205e4bd6027bf7437223482053866a57996ed6f5
                                                                                          • Opcode Fuzzy Hash: d5d590391344c0c731e22e2c0c0412fa703b525e44fcf2c6df5cf6810ee77da8
                                                                                          • Instruction Fuzzy Hash: A91198F6801201E7EB309E11D889B4BBBACBF50302F44443AD84552285E778B78DCAAB
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00500760 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreatePen.GDI32(00000000,?,?), ref: 00500770
                                                                                          • SelectObject.GDI32(?,?), ref: 00500781
                                                                                          • MoveToEx.GDI32(00000000,?,?,00000000), ref: 0050079D
                                                                                          • LineTo.GDI32(?,?,?), ref: 005007B4
                                                                                          • SelectObject.GDI32(?,?), ref: 005007C2
                                                                                          • DeleteObject.GDI32(?), ref: 005007CC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Object$Select$CreateDeleteLineMove
                                                                                          • String ID:
                                                                                          • API String ID: 3907703346-0
                                                                                          • Opcode ID: 9d38677caad3bd7ce77eb5ab1a294411b075db9e3abd6b2e1ed079b8364021da
                                                                                          • Instruction ID: ebe4794baeb4ac7055bd3e8995aa24abe63a483cd3410c18cbb4b8d80212e508
                                                                                          • Opcode Fuzzy Hash: 9d38677caad3bd7ce77eb5ab1a294411b075db9e3abd6b2e1ed079b8364021da
                                                                                          • Instruction Fuzzy Hash: 5B1195B9610208EFDB04DFA8D898D9ABBB9EB9D301F108149FE0987350D730E955DBA0
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00434B70 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 152COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00447FF0: SendMessageW.USER32(?,0000110A,00000000,00000000), ref: 00448006
                                                                                          • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00434C17
                                                                                            • Part of subcall function 004DB530: _DebugHeapAllocator.LIBCPMTD ref: 004DB54A
                                                                                          • memset.MSVCR80 ref: 00434C2B
                                                                                            • Part of subcall function 00447E60: SendMessageW.USER32(?,00001132,00000000,yLC), ref: 00447E78
                                                                                          • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00434CEC
                                                                                            • Part of subcall function 004DAF40: _DebugHeapAllocator.LIBCPMTD ref: 004DAF57
                                                                                          • memset.MSVCR80 ref: 00434D1D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeapMessageSendmemset$Base::Concurrency::details::Concurrency::task_options::get_schedulerPolicyScheduler
                                                                                          • String ID: pzC
                                                                                          • API String ID: 1527497025-2444570644
                                                                                          • Opcode ID: e3d9d7585f77d899c6d2de3521e35a6c3d02375cb3cf3d8ffcf042e74bc981e3
                                                                                          • Instruction ID: ed1ee3073941a6660e753338659c4a22794240fa1e9d27d03445b3c6d8f704d4
                                                                                          • Opcode Fuzzy Hash: e3d9d7585f77d899c6d2de3521e35a6c3d02375cb3cf3d8ffcf042e74bc981e3
                                                                                          • Instruction Fuzzy Hash: 9C610CB1D01118DBDB14DFA5D891BEEBBB5FF48304F2041AEE10A67281DB386A45CF99
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00408360 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 116stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • lstrlenW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004083C6
                                                                                          • CompareStringW.KERNEL32(00000400,00000001,?,00000003,<A>,00000003), ref: 00408424
                                                                                          • CompareStringW.KERNEL32(00000400,00000001,?,00000004,</A>,00000004), ref: 00408474
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: CompareString$lstrlen
                                                                                          • String ID: </A>$<A>
                                                                                          • API String ID: 1657112622-2122467442
                                                                                          • Opcode ID: 71153d6a453ea1603edaace69c389d9b4173073ffd4576bfc9ed4d047b5a66fa
                                                                                          • Instruction ID: 8d4014fe370238e856f28d0c67f96b0aed6e5c53389ece421d0f182d8b12796b
                                                                                          • Opcode Fuzzy Hash: 71153d6a453ea1603edaace69c389d9b4173073ffd4576bfc9ed4d047b5a66fa
                                                                                          • Instruction Fuzzy Hash: CB5121B4A0421ADFDB04CF88C990BAEB7B2FF84304F108159E915AB3D0DB75A946CF95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004098C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00409943
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00409981
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,?,?,0053CC2C,data\images\addEffectDlg\,?,?,?,3D2007F9), ref: 004099A1
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@Load@
                                                                                          • String ID: .png$data\images\addEffectDlg\
                                                                                          • API String ID: 1315443971-2820274302
                                                                                          • Opcode ID: b1f5f912a3a6442a3cc382653bc540b1293c177797d8700b4929a6cfcbca8e46
                                                                                          • Instruction ID: 99387fa8a9a4026cbf0ab0abdc8698a1dc38235ed2b893dafecf0ce6710d2d8a
                                                                                          • Opcode Fuzzy Hash: b1f5f912a3a6442a3cc382653bc540b1293c177797d8700b4929a6cfcbca8e46
                                                                                          • Instruction Fuzzy Hash: 363117B1D1520CABCB04EFA9D945BDDBFB4FB08304F10852EE42577281D7745909CB98
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041C830 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0041C8AC
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0041C8EA
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,0041C80E,00000049,0053F620,data\images\maindlg\,00000049,?,00000000,3D2007F9,?,0041C80E,0000000C,00000049), ref: 0041C90D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@Load@
                                                                                          • String ID: .png$data\images\maindlg\
                                                                                          • API String ID: 1315443971-2402009575
                                                                                          • Opcode ID: 1ae46db1c05b4e9d5e20b3199a0bbc276ac8498851860a350528a00f3f14c102
                                                                                          • Instruction ID: 95f2c906bb04f7db6848c29b7cfe536fa7cadaced1f5336b0e2a281727f52370
                                                                                          • Opcode Fuzzy Hash: 1ae46db1c05b4e9d5e20b3199a0bbc276ac8498851860a350528a00f3f14c102
                                                                                          • Instruction Fuzzy Hash: AD312DB1D05248EBCB04EFA5D986BDDBBB4FF18714F10452EE01577291D7746A08CBA8
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041DB20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0041DB9C
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0041DBDA
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,?,?,005405C4,data\images\maindlg\,?,?,?,3D2007F9,Zoom in,CameraDlg\btn_zoomIn,00000000,?), ref: 0041DBFD
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@Load@
                                                                                          • String ID: .png$data\images\maindlg\
                                                                                          • API String ID: 1315443971-2402009575
                                                                                          • Opcode ID: 339cf44c9e6672a47bb4ab3fad3452b9ff9abffd4164bb4841253d5f49bda66a
                                                                                          • Instruction ID: d4b00160755fc9498c9e644aa4a373da1a989c0672b95b20752ea7274bdd65c2
                                                                                          • Opcode Fuzzy Hash: 339cf44c9e6672a47bb4ab3fad3452b9ff9abffd4164bb4841253d5f49bda66a
                                                                                          • Instruction Fuzzy Hash: 03313AB1D052089BCB04EF94D945BDEBBB4FB48318F20852EE516772C1D7746A48CBA8
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004AE0D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,3D2007F9,?,?,?,?,?,?,?,00000000,00533079,000000FF,?,004CA363,004C9539), ref: 004AE0FD
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 004AE111
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004AE11F
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00533079,000000FF,?,004CA363,004C9539), ref: 004AE12E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: ae87a26418053443f0edf2846f8f275329f855a056418cc1095f19f45bc3fa38
                                                                                          • Instruction ID: 992c7d1c538af7c9c0ce4edad66a1111de3b001cb72a08a5d5271ad12714ae45
                                                                                          • Opcode Fuzzy Hash: ae87a26418053443f0edf2846f8f275329f855a056418cc1095f19f45bc3fa38
                                                                                          • Instruction Fuzzy Hash: CCF04FB1944648EBCB14DF94ED45FDDBB78FB14720F50426AF812A32D0DB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004307E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,3D2007F9,?,?,?,?,?,?,?,00000000,0052A649,000000FF,?,004304C6,?,3D2007F9), ref: 0043080D
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 00430821
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0043082F
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,0052A649,000000FF,?,004304C6,?), ref: 0043083E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: e084c971732a66b90e1072e7244ee56ba224c388b66ba4f93c615bfa38d58c9c
                                                                                          • Instruction ID: 84ce0209dc11d6b23fc1989ca18a4f5fc0ac43ec5a2d3810fda43137453e27bd
                                                                                          • Opcode Fuzzy Hash: e084c971732a66b90e1072e7244ee56ba224c388b66ba4f93c615bfa38d58c9c
                                                                                          • Instruction Fuzzy Hash: FCF0A9B1944248EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004E27F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,3D2007F9,?,?,?,?,?,?,?,?,00000000,00536A69,000000FF,?,004E144B,3D2007F9), ref: 004E281D
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 004E2831
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004E283F
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,?,00000000,00536A69,000000FF,?,004E144B), ref: 004E284E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: dc35638380dab2938959a34dbcce56baedfc7c7e4cd6927fef2e7d6d97a3b54c
                                                                                          • Instruction ID: 0a4d440cb5536f40db0fd076e9c7fc5d2a12fc606929b1cb6c9b0b09eff913f8
                                                                                          • Opcode Fuzzy Hash: dc35638380dab2938959a34dbcce56baedfc7c7e4cd6927fef2e7d6d97a3b54c
                                                                                          • Instruction Fuzzy Hash: B4F03CB1944648EBCB14DF94ED45B9DBB78FB14720F50426AA812A32D0DB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00412890 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,3D2007F9,?,?,?,?,?,?,?,00000000,00528FB9,000000FF,?,00411C76,?,3D2007F9), ref: 004128BD
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 004128D1
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004128DF
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00528FB9,000000FF,?,00411C76,?), ref: 004128EE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: c780cc5cd66b70a61fb923b6734da329fed68386e0d1462283d30a24de8a1d3f
                                                                                          • Instruction ID: 4f722f1132bf029aa43680a0f31b4d6b59234f2f3b0eea29470ee80f38ab1d71
                                                                                          • Opcode Fuzzy Hash: c780cc5cd66b70a61fb923b6734da329fed68386e0d1462283d30a24de8a1d3f
                                                                                          • Instruction Fuzzy Hash: B3F08CB1904248EBCB14DF90ED41B9DBB78FB04720F40022AB812A32C0EB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004D4940 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,3D2007F9,?,?,?,?,?,?,?,00000000,00535729,000000FF,?,004D3CB6,00000000,3D2007F9), ref: 004D496D
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 004D4981
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004D498F
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00535729,000000FF,?,004D3CB6,00000000), ref: 004D499E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: f5e9ddf57e258ff8f81d687b94cbb6babb7938dca145e5172867018050d52fb0
                                                                                          • Instruction ID: 2198fcef12488e2d17d3691da39b82749544227340ee56d3737a145847e009f6
                                                                                          • Opcode Fuzzy Hash: f5e9ddf57e258ff8f81d687b94cbb6babb7938dca145e5172867018050d52fb0
                                                                                          • Instruction Fuzzy Hash: 21F0A9B1904648EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0048EBA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,3D2007F9,?,?,?,?,?,?,?,00000000,00531039,000000FF,?,0048BAC3,?), ref: 0048EBCD
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 0048EBE1
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048EBEF
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531039,000000FF,?,0048BAC3,?), ref: 0048EBFE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: 1ea01a54b671203e94099090e90c6f810493855dc45a6ce695e3d5e9399e45a7
                                                                                          • Instruction ID: 92daabea73afc4e90302cbcf7baf13e44f6b9f868eface51cfc7e975ed78bb7a
                                                                                          • Opcode Fuzzy Hash: 1ea01a54b671203e94099090e90c6f810493855dc45a6ce695e3d5e9399e45a7
                                                                                          • Instruction Fuzzy Hash: 95F03CB1944648EBCB14DFA4ED45B9DBB78FB14720F50426AE812A32D0DB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0044ED50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,3D2007F9,?,?,?,?,?,?,?,00000000,0052CF99,000000FF,?,0044CB83,00000000), ref: 0044ED7D
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 0044ED91
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0044ED9F
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,0052CF99,000000FF,?,0044CB83,00000000), ref: 0044EDAE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: 5b8e1bbaaa4858481c8b052d95aae316f4802631e30b8cefb630b981b18aab31
                                                                                          • Instruction ID: f5a7866f547bb55f07dc25e2db114e65ea79899798aec203e725cd6f1ff4eb0e
                                                                                          • Opcode Fuzzy Hash: 5b8e1bbaaa4858481c8b052d95aae316f4802631e30b8cefb630b981b18aab31
                                                                                          • Instruction Fuzzy Hash: E2F0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0EB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00430D10 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,3D2007F9,?,?,?,?,?,?,?,00000000,0052A699,000000FF,?,004301A3,00000000), ref: 00430D3D
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 00430D51
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 00430D5F
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,0052A699,000000FF,?,004301A3,00000000), ref: 00430D6E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: 4e7c7e61b8e4b61418f89952c155b68a96c666f8f64ae422fdef5ea6b294711e
                                                                                          • Instruction ID: 2c432eddfbe67746ec497c333af96acf5ab7e20aac0011f52034aeffc7690669
                                                                                          • Opcode Fuzzy Hash: 4e7c7e61b8e4b61418f89952c155b68a96c666f8f64ae422fdef5ea6b294711e
                                                                                          • Instruction Fuzzy Hash: 43F0A9B1904248EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32D0EB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0049EEA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,3D2007F9,?,?,?,?,?,?,?,00000000,00531FD9,000000FF,?,0049E8F3,?), ref: 0049EECD
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 0049EEE1
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0049EEEF
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531FD9,000000FF,?,0049E8F3,?), ref: 0049EEFE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: 164d6ffe732d9fa8baa0de175643794e8cd3c3d995353351aea268910f753e13
                                                                                          • Instruction ID: 9df2125c4ef5457798524062e3a11b60d2f3a7f222f2b8b9a439bf1f8e3d57c1
                                                                                          • Opcode Fuzzy Hash: 164d6ffe732d9fa8baa0de175643794e8cd3c3d995353351aea268910f753e13
                                                                                          • Instruction Fuzzy Hash: 0DF03CB1944648EBCB14DFA4ED45B9DBB78FB14720F50426AB812A32D0DB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0048F010 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,3D2007F9,?,?,?,?,?,?,?,00000000,00531089,000000FF,?,0048BDE3,?), ref: 0048F03D
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 0048F051
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048F05F
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531089,000000FF,?,0048BDE3,?), ref: 0048F06E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: 71dadd736df40f3aec662dc85990cd5a9acc2abe6039822e8930e788f3d2d61d
                                                                                          • Instruction ID: 682a0ac2237076830f2f8a4780188971040c04754dbc9da0d02d05fab003b1b6
                                                                                          • Opcode Fuzzy Hash: 71dadd736df40f3aec662dc85990cd5a9acc2abe6039822e8930e788f3d2d61d
                                                                                          • Instruction Fuzzy Hash: EAF04FB1944648EBCB14DFA4ED45FDDBB78FB14720F50426AF812A32D0DB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 005154A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,3D2007F9,?,?,?,?,?,?,?,00000000,00539FA9,000000FF,?,00514D33,00000000), ref: 005154CD
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 005154E1
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 005154EF
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00539FA9,000000FF,?,00514D33,00000000), ref: 005154FE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: 21906fa773c1a88a46cbeca3caa33a554fe8bf6e2e2ae55b577b5ad68c6107b2
                                                                                          • Instruction ID: 3b973596a2f941747c7d90d8fc74631754525317a6dec37d5ee4e5a0a6c799d4
                                                                                          • Opcode Fuzzy Hash: 21906fa773c1a88a46cbeca3caa33a554fe8bf6e2e2ae55b577b5ad68c6107b2
                                                                                          • Instruction Fuzzy Hash: 5EF0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0DB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0048F5A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,3D2007F9,?,?,?,?,?,?,?,00000000,005310F9,000000FF,?,0048C0E3,?), ref: 0048F5CD
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 0048F5E1
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048F5EF
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,005310F9,000000FF,?,0048C0E3,?), ref: 0048F5FE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: 2e5544c3049f0ddd4019a116dffb44736a158589b34b35f21578acc8ae9f3b44
                                                                                          • Instruction ID: 08e9fbeb3975674469a3edd29ebdb77383574d31636ade62e638ab3924d92cf8
                                                                                          • Opcode Fuzzy Hash: 2e5544c3049f0ddd4019a116dffb44736a158589b34b35f21578acc8ae9f3b44
                                                                                          • Instruction Fuzzy Hash: 3DF0AFB1944648EBCB14DFA4ED45FDDBB78FB04720F40022AF812A32C0DB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 005158F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,3D2007F9,?,?,?,?,?,?,?,00000000,00539FF9,000000FF,?,00515013,00000000), ref: 0051591D
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 00515931
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0051593F
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00539FF9,000000FF,?,00515013,00000000), ref: 0051594E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: c03e804887ee8c35b5c9129f015bd810eaabdc85a554e80187cf2ad872c0fd71
                                                                                          • Instruction ID: 51a0fa11ac444c003223335a96b02d8df365eee37e9292b937eae9cfb1e93a6e
                                                                                          • Opcode Fuzzy Hash: c03e804887ee8c35b5c9129f015bd810eaabdc85a554e80187cf2ad872c0fd71
                                                                                          • Instruction Fuzzy Hash: ABF0A9B1944248EBCB14DFA4ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004B5A70 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,3D2007F9,?,?,?,?,?,?,?,00000000,00533789,000000FF,?,004B5203,?), ref: 004B5A9D
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 004B5AB1
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004B5ABF
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00533789,000000FF,?,004B5203,?), ref: 004B5ACE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: 7d4be2965033fb03e547b7350437180e22248366361f058fced24ed85baafd60
                                                                                          • Instruction ID: fc41df5464ddba924a0dc626ab5e99040adcc0584381bc92148727cb0a18adb2
                                                                                          • Opcode Fuzzy Hash: 7d4be2965033fb03e547b7350437180e22248366361f058fced24ed85baafd60
                                                                                          • Instruction Fuzzy Hash: C9F0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0DB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0048FA20 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,3D2007F9,?,?,?,?,?,?,?,00000000,00531159,000000FF,?,0048C3E3,?), ref: 0048FA4D
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 0048FA61
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048FA6F
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531159,000000FF,?,0048C3E3,?), ref: 0048FA7E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: e43f4da5e34bbdf5da09b38449cb6b4d10e80e7ee71886185af6db6e9ad99d86
                                                                                          • Instruction ID: c8a4cafde9e9d18d89a6ec27ab975a93f5cc337054f01616f8720c420af3b1d3
                                                                                          • Opcode Fuzzy Hash: e43f4da5e34bbdf5da09b38449cb6b4d10e80e7ee71886185af6db6e9ad99d86
                                                                                          • Instruction Fuzzy Hash: 9BF087B1904648EBCB14DFA0ED41BDDBB78FB04720F40022AE822A32C0EB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00411B80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,3D2007F9,?,?,?,?,?,?,?,00000000,00528E99,000000FF,?,00410AF3,00000000), ref: 00411BAD
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 00411BC1
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 00411BCF
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00528E99,000000FF,?,00410AF3,00000000), ref: 00411BDE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: 91c4acec3fcf390d7650ee22321e3af3fea277019d6c7fd99ac7c15ae0389148
                                                                                          • Instruction ID: ab577654a64f9acfc70fc64036853a5e06cda14a9969e1db11fea8e1d234e52f
                                                                                          • Opcode Fuzzy Hash: 91c4acec3fcf390d7650ee22321e3af3fea277019d6c7fd99ac7c15ae0389148
                                                                                          • Instruction Fuzzy Hash: 4EF08CB1904248EBCB14DF90ED41B9DBB78FB14720F40022AA822A32C0DB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00413D60 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,3D2007F9,?,?,?,?,?,?,?,?,00000000,00529039,000000FF,?,0041396B,3D2007F9), ref: 00413D8D
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 00413DA1
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 00413DAF
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,?,00000000,00529039,000000FF,?,0041396B), ref: 00413DBE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: 448ea5f94cb60192865ba4fbef2add8389144e365060ecc549b7188aeb5b01d7
                                                                                          • Instruction ID: 9c1b3f4287bc4e1579ca5606d1e83d7bd75289f32f9710707e675685a1b0ed81
                                                                                          • Opcode Fuzzy Hash: 448ea5f94cb60192865ba4fbef2add8389144e365060ecc549b7188aeb5b01d7
                                                                                          • Instruction Fuzzy Hash: 35F08CB1904248EBCB14DF90ED45B9DBB78FB04720F40022AA822A32C0DB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0048FE80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,3D2007F9,?,?,?,?,?,?,?,00000000,005311A9,000000FF,?,0048C6C3,?), ref: 0048FEAD
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 0048FEC1
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048FECF
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,005311A9,000000FF,?,0048C6C3,?), ref: 0048FEDE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: 27461d1cee31f37f4b12f43d61b2addfb9a3f208f85983c24dba573d14a14082
                                                                                          • Instruction ID: 5f6de052f28c2a1b459ecf3d81b30dea1840ef8b00bbd3f5c657bc7d8005cdfb
                                                                                          • Opcode Fuzzy Hash: 27461d1cee31f37f4b12f43d61b2addfb9a3f208f85983c24dba573d14a14082
                                                                                          • Instruction Fuzzy Hash: 0AF0A9B1904648EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0050D790 Relevance: 7.7, APIs: 6, Instructions: 164COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: wcscatwcscpy
                                                                                          • String ID:
                                                                                          • API String ID: 1670345547-0
                                                                                          • Opcode ID: e2b6f5d47b797e7b3fc719e1e1982e1acc003f1d96efd1ad022790a38e43f0aa
                                                                                          • Instruction ID: 3389ee2cf22810ea72753d2d0cc2d0bc4eb9618de903a8545642f9e6fbc98239
                                                                                          • Opcode Fuzzy Hash: e2b6f5d47b797e7b3fc719e1e1982e1acc003f1d96efd1ad022790a38e43f0aa
                                                                                          • Instruction Fuzzy Hash: BF714EB5A0010ADFCB14CF54D984AAEBBB5FF85310F148998E90AAB381D770EE44CF65
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00503DF0 Relevance: 7.7, APIs: 5, Instructions: 164COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ?good@ios_base@std@@QBE_NXZ.MSVCP80(3D2007F9,?,?,?,3D2007F9,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,3D2007F9), ref: 00503E2C
                                                                                          • ?flags@ios_base@std@@QBEHXZ.MSVCP80(?,?,?,3D2007F9,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,3D2007F9), ref: 00503E81
                                                                                          • ?getloc@ios_base@std@@QBE?AVlocale@2@XZ.MSVCP80(0050260E,?,?,?,3D2007F9,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,3D2007F9), ref: 00503E9F
                                                                                          • ??1locale@std@@QAE@XZ.MSVCP80(?,3D2007F9,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,3D2007F9), ref: 00503ECE
                                                                                          • ?good@ios_base@std@@QBE_NXZ.MSVCP80(?,?,?,3D2007F9,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,3D2007F9), ref: 00503FD0
                                                                                            • Part of subcall function 00503AA0: ?fail@ios_base@std@@QBE_NXZ.MSVCP80 ref: 00503ABD
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ?good@ios_base@std@@$??1locale@std@@?fail@ios_base@std@@?flags@ios_base@std@@?getloc@ios_base@std@@Vlocale@2@
                                                                                          • String ID:
                                                                                          • API String ID: 1501252752-0
                                                                                          • Opcode ID: ddfaf7a637f4d78839835dee01d19acffd7136be91526d35f5f5c0920258139d
                                                                                          • Instruction ID: 6ba259f0433efdbda44c084f56a44e9fe0f1a453adb065355b40409e40917acf
                                                                                          • Opcode Fuzzy Hash: ddfaf7a637f4d78839835dee01d19acffd7136be91526d35f5f5c0920258139d
                                                                                          • Instruction Fuzzy Hash: 9961F874E002099FCB04DFA4D995AEEBBF5FF89300F248159E502A7392DB36AE05DB50
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00506EF0 Relevance: 7.6, APIs: 5, Instructions: 104memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00506F28
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                          • ??2@YAPAXI@Z.MSVCR80 ref: 00506F2F
                                                                                          • codecvt.LIBCPMTD ref: 00506F9F
                                                                                          • wcstol.MSVCR80 ref: 00506FEE
                                                                                          • codecvt.LIBCPMTD ref: 00507011
                                                                                            • Part of subcall function 00415BF0: ??3@YAXPAX@Z.MSVCR80 ref: 00415C0B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeapcodecvt$??2@??3@wcstol
                                                                                          • String ID:
                                                                                          • API String ID: 74129304-0
                                                                                          • Opcode ID: f820b669af4b91f01ff1afac2cb9a1d8ae762e6116985bebba3912421fffcbed
                                                                                          • Instruction ID: 6d66b3f1b8e0294eece4e25a7ed8cbe839a85e6d975fee0ec5976f71f30e8fe7
                                                                                          • Opcode Fuzzy Hash: f820b669af4b91f01ff1afac2cb9a1d8ae762e6116985bebba3912421fffcbed
                                                                                          • Instruction Fuzzy Hash: 7E4103B0D05209EFDB14DF94D895BEEBBB0BB48314F20852AE416AB2C0DB756A45CF94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0046C100 Relevance: 7.6, APIs: 5, Instructions: 96stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • lstrlenW.KERNEL32(00000000,00569E8C), ref: 0046C121
                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080), ref: 0046C16B
                                                                                          • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080), ref: 0046C17D
                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080), ref: 0046C19E
                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080,?,00000000,00000000,00000000), ref: 0046C1DC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                          • String ID:
                                                                                          • API String ID: 3322701435-0
                                                                                          • Opcode ID: cbcd1fa559f8ae4230e768bd00e513c0907913d8661ee28b925d20b683ff2109
                                                                                          • Instruction ID: c9f41260a9b7f310c3a2772d0b559dbbeee8ca943a5465fee336bfd2e85e9abf
                                                                                          • Opcode Fuzzy Hash: cbcd1fa559f8ae4230e768bd00e513c0907913d8661ee28b925d20b683ff2109
                                                                                          • Instruction Fuzzy Hash: E3310DB5A40208BFEB04DF94CC96FAF77B9FB48704F108549F615EB280D675A940DB94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042AD80 Relevance: 7.6, APIs: 5, Instructions: 95COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,3D2007F9,3D2007F9,3D2007F9), ref: 0042ADFD
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,?,3D2007F9,3D2007F9,3D2007F9), ref: 0042AE22
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,?,3D2007F9,3D2007F9,3D2007F9), ref: 0042AE36
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,3D2007F9,3D2007F9,3D2007F9), ref: 0042AE5D
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,3D2007F9,3D2007F9,3D2007F9), ref: 0042AE88
                                                                                            • Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image@@$C__@@Draw@U3@_Utag$Width@$ClientRect
                                                                                          • String ID:
                                                                                          • API String ID: 193267685-0
                                                                                          • Opcode ID: cc610818231fedaec0e2e8761d4cd92ccf62e2b5e813100fd3daefcb6bb4828e
                                                                                          • Instruction ID: 8553715beaca9bac7e41af40e2054756d9585b963120416201abcc36e36c20fb
                                                                                          • Opcode Fuzzy Hash: cc610818231fedaec0e2e8761d4cd92ccf62e2b5e813100fd3daefcb6bb4828e
                                                                                          • Instruction Fuzzy Hash: 2A410771D002099BDB08EFD8D951BEEBBB8FF44304F10412EE512A7295DB742A44CB55
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00405E10 Relevance: 7.6, APIs: 5, Instructions: 82COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00405E22
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005,00000004,00000004,00000005), ref: 00405E2F
                                                                                            • Part of subcall function 004052F0: cvSet.CXCORE099(?,?,?,?,?,?,00000000,?,00401783), ref: 0040530E
                                                                                          • cvGEMM.CXCORE099(00000000,?), ref: 00405E67
                                                                                          • cvCopy.CXCORE099(00000000,00000000,00000000,00000000,?), ref: 00405E70
                                                                                          • cvScaleAdd.CXCORE099(00000000), ref: 00405EC9
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Create$CopyScale
                                                                                          • String ID:
                                                                                          • API String ID: 461463502-0
                                                                                          • Opcode ID: 9b155aa8d9b7d350014ff22c71609d5e50d78062370eef75407f380a65ed93fa
                                                                                          • Instruction ID: 243994d87a2382b29a994a3e478baa9f1873f37bc1af83bd278c7c66fdfcfe6b
                                                                                          • Opcode Fuzzy Hash: 9b155aa8d9b7d350014ff22c71609d5e50d78062370eef75407f380a65ed93fa
                                                                                          • Instruction Fuzzy Hash: 322129B2E0061076D7103B65DC4BB577B68DF40754F410869FE84AB2E2F97289208BD6
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00523211 Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 59memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetProcessHeap.KERNEL32(00000000,0000000D,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?,0000040A,00000000), ref: 0052318D
                                                                                          • HeapAlloc.KERNEL32(00000000,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?,0000040A,00000000,00000000), ref: 00523194
                                                                                            • Part of subcall function 0052309D: IsProcessorFeaturePresent.KERNEL32(0000000C,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?,0000040A), ref: 005230A0
                                                                                          • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?), ref: 005231B6
                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?), ref: 005231E3
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocHeapVirtual$FeatureFreePresentProcessProcessor
                                                                                          • String ID: Ogt
                                                                                          • API String ID: 4058086966-2271539866
                                                                                          • Opcode ID: 0c4867eb5bd92bb6381ce8f4e327ffa02bccf704549b714ad9cee9f0e79b5bb8
                                                                                          • Instruction ID: b5a60a9bbef02a3c563d751fc20c4e74480abeb514ab3cab8f797184bd5a284a
                                                                                          • Opcode Fuzzy Hash: 0c4867eb5bd92bb6381ce8f4e327ffa02bccf704549b714ad9cee9f0e79b5bb8
                                                                                          • Instruction Fuzzy Hash: 3711D631240231AFEB21176CFC0AB663E65BF67741F100820FA11D62E0D738CD08EAA0
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00520C30 Relevance: 7.5, APIs: 5, Instructions: 30synchronizationCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C38
                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C45
                                                                                          • SetEvent.KERNEL32(0000000A,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C60
                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?), ref: 00520C6C
                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C76
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$Leave$EnterEventObjectSingleWait
                                                                                          • String ID:
                                                                                          • API String ID: 2480823239-0
                                                                                          • Opcode ID: 69de553fff6750679b5045ee798069faca8b5646966b91e150a6d47a83d5acfd
                                                                                          • Instruction ID: 20fc61db396638aa89e1fa09a044bcff496ff3b65396fda0f4d22a802af35d76
                                                                                          • Opcode Fuzzy Hash: 69de553fff6750679b5045ee798069faca8b5646966b91e150a6d47a83d5acfd
                                                                                          • Instruction Fuzzy Hash: 12F05E761002109BD320DB19EC4899BF7B8EFE5731B008A1EF66693760C774A84ADB50
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0048B460 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(00000000,00000000,?,0047AE1E), ref: 0048B46C
                                                                                          • ?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z.MSVCP80(?,?,0047AE1E), ref: 0048B47E
                                                                                          • ?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ.MSVCP80(?,0047AE1E), ref: 0048B487
                                                                                          • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,0047AE1E), ref: 0048B497
                                                                                          • ?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z.MSVCP80(00000000,?,0047AE1E), ref: 0048B4A7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$?at@?$basic_string@_?empty@?$basic_string@_?resize@?$basic_string@_?size@?$basic_string@D@2@@std@@D@std@@Myptr@?$basic_string@_U?$char_traits@V?$allocator@
                                                                                          • String ID:
                                                                                          • API String ID: 4057328569-0
                                                                                          • Opcode ID: c7ba979821146be9279d2770a084e86471b0649c4ca3e01649a5b532db9d5204
                                                                                          • Instruction ID: d80ad3f19352604951a50fa2e2320d740545fe158bc114347127201c31090748
                                                                                          • Opcode Fuzzy Hash: c7ba979821146be9279d2770a084e86471b0649c4ca3e01649a5b532db9d5204
                                                                                          • Instruction Fuzzy Hash: 20F05434901208EFDF04DF94E9969ACBBB5FF54301F1040A9E906A7362CB306F54EB94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042C4D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0042F960: _invalid_parameter_noinfo.MSVCR80(-0000003E,?,004AB3E0,00000000,0000000A,00000001,3D2007F9,000000FF,?,004AB79D), ref: 0042F974
                                                                                          • GetActiveWindow.USER32 ref: 0042C558
                                                                                            • Part of subcall function 0042EC20: ??2@YAPAXI@Z.MSVCR80 ref: 0042EC47
                                                                                            • Part of subcall function 0042EC20: Concurrency::details::GlobalCore::TopologyObject::TopologyObject.LIBCMTD ref: 0042EC66
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                            • Part of subcall function 0042F230: _DebugHeapAllocator.LIBCPMTD ref: 0042F268
                                                                                            • Part of subcall function 0042F230: _DebugHeapAllocator.LIBCPMTD ref: 0042F2AB
                                                                                          • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,?,?,00546DD4,?), ref: 0042C637
                                                                                            • Part of subcall function 004CC090: memset.MSVCR80 ref: 004CC0AE
                                                                                            • Part of subcall function 004CC090: memset.MSVCR80 ref: 004CC0CB
                                                                                            • Part of subcall function 004CC090: wcscpy.MSVCR80 ref: 004CC0DF
                                                                                            • Part of subcall function 004CC090: wcscat.MSVCR80 ref: 004CC0F8
                                                                                            • Part of subcall function 004CC090: CreateProcessW.KERNEL32 ref: 004CC124
                                                                                          Strings
                                                                                          • Do you want to open the folder where you extracted the effect?, xrefs: 0042C68F
                                                                                          • ManyCam Virtual Webcam, xrefs: 0042C68A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$CreateTopologymemset$??2@ActiveConcurrency::details::Core::DirectoryGlobalObjectObject::ProcessWindow_invalid_parameter_noinfowcscatwcscpy
                                                                                          • String ID: Do you want to open the folder where you extracted the effect?$ManyCam Virtual Webcam
                                                                                          • API String ID: 2966790006-840973437
                                                                                          • Opcode ID: 4456fef813581474ad17b04e903aea3c79cb10fd0b1b3a40ebacd1bc8f792851
                                                                                          • Instruction ID: 0e7f259c902b1048372bebf6408b9f5c93a9d60f78888f7267b81aec5d9c5c05
                                                                                          • Opcode Fuzzy Hash: 4456fef813581474ad17b04e903aea3c79cb10fd0b1b3a40ebacd1bc8f792851
                                                                                          • Instruction Fuzzy Hash: FD514AB09006289FCB24EB55DC51BEFB7B4AF45309F4041EDE10AA7281DB756B88CF99
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042C9B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042C9E5
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042C9F7
                                                                                            • Part of subcall function 0042F960: _invalid_parameter_noinfo.MSVCR80(-0000003E,?,004AB3E0,00000000,0000000A,00000001,3D2007F9,000000FF,?,004AB79D), ref: 0042F974
                                                                                            • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E198
                                                                                            • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E1D1
                                                                                            • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E203
                                                                                            • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E23C
                                                                                            • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E258
                                                                                            • Part of subcall function 0042E150: GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000400), ref: 0042E295
                                                                                            • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E2A5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$DateFormat_invalid_parameter_noinfo
                                                                                          • String ID: www.manycam.com$www.manycam.com
                                                                                          • API String ID: 553431348-1145362033
                                                                                          • Opcode ID: 907b669c7419f88507c8a825532ba4f2d68d0285e46d80b14031e18f66ef58df
                                                                                          • Instruction ID: 55a663fd7b0127f2866d6ce172646f00f7e0cf50757378cb7dafc49b07509b25
                                                                                          • Opcode Fuzzy Hash: 907b669c7419f88507c8a825532ba4f2d68d0285e46d80b14031e18f66ef58df
                                                                                          • Instruction Fuzzy Hash: 47414271A001199BCB08DB99E891BEEB7B5FF48318F54412EE212B7391DB385944CBA9
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004AD340 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004AD389
                                                                                            • Part of subcall function 004AC570: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004AC59F
                                                                                            • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_clock$AllocatorDebugHeap
                                                                                          • String ID: CFileMapping::GetClientInfo$Client %s connected at resolution %dx%d.$d
                                                                                          • API String ID: 3697921549-1386559697
                                                                                          • Opcode ID: 7fe720bde0584b662ff5a6456fcc0a7a9370bb05cd906dda38ab630ce944b94b
                                                                                          • Instruction ID: 7d5e3eb7a6a05b16b4464e10eb127672eeae9fc856bbeaa4b7ff7cd70146af52
                                                                                          • Opcode Fuzzy Hash: 7fe720bde0584b662ff5a6456fcc0a7a9370bb05cd906dda38ab630ce944b94b
                                                                                          • Instruction Fuzzy Hash: 5E515971D00109DFCB08DB94D892BEEBBB1FB65314F10822EE4126B6D2DB786A05CB95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00473410 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                            • Part of subcall function 00474150: _DebugHeapAllocator.LIBCPMTD ref: 00474184
                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004734D8
                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004734ED
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorBase::Concurrency::details::ContextDebugHeapIdentityQueueWork
                                                                                          • String ID: Success.$Unspecified error.
                                                                                          • API String ID: 1131629171-706436185
                                                                                          • Opcode ID: b3f4d17c8da6cdcfc0b6d0ff55324c749d524ae8afab65f8b4ff8dddb847087a
                                                                                          • Instruction ID: bc827c14786d1c61271ce0a8054c91633283c620aa6f54ee5145cccaa2d137c5
                                                                                          • Opcode Fuzzy Hash: b3f4d17c8da6cdcfc0b6d0ff55324c749d524ae8afab65f8b4ff8dddb847087a
                                                                                          • Instruction Fuzzy Hash: BA417071801148EECB04EBD5D956BEEBBB4EF14308F10815EE416771D1EB782B08CBA6
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004B1320 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 109COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          • _Smanip.LIBCPMTD ref: 004B1372
                                                                                            • Part of subcall function 00520530: memset.MSVCR80 ref: 00520538
                                                                                          • _Smanip.LIBCPMTD ref: 004B1421
                                                                                            • Part of subcall function 005204F0: CoTaskMemFree.OLE32(?,?,004B1A46,000000FF,000000FF,?,?,?,?,3D2007F9), ref: 005204FD
                                                                                            • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Smanipclock$AllocatorDebugFreeHeapTaskmemset
                                                                                          • String ID: CGraphMgr::GetCameraResolution$vids
                                                                                          • API String ID: 3774843521-3834299117
                                                                                          • Opcode ID: 57f87322dc0667cbc6c92d53d1968dbb6fd63cc6e5eefb218d5141586365d371
                                                                                          • Instruction ID: e56a76c056f848615ba6731e9865e0c3898b4e488a6d99c30ba1f2ebbdeffdb9
                                                                                          • Opcode Fuzzy Hash: 57f87322dc0667cbc6c92d53d1968dbb6fd63cc6e5eefb218d5141586365d371
                                                                                          • Instruction Fuzzy Hash: 45411A70900209DFCB14DF95D991BDEBBB4BF48304F50819EE509AB392DB34AA45CFA4
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00418180 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SendMessageW.USER32(00000000,?,0000004E,00000000), ref: 004181E3
                                                                                          • SendMessageW.USER32(00000000,?,00000111), ref: 00418234
                                                                                            • Part of subcall function 004182A0: GetDlgCtrlID.USER32 ref: 004182AD
                                                                                            • Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$CtrlParent
                                                                                          • String ID: open
                                                                                          • API String ID: 1383977212-2758837156
                                                                                          • Opcode ID: 01cc08d3ab3f4a93a3031a1c368f21ad3e1f66622c4ad21caec5fa85ffc382d2
                                                                                          • Instruction ID: c0f4561a2c49f87f87505e6ad243b5dafbf5b9024aec12e38c733bc4d86155cd
                                                                                          • Opcode Fuzzy Hash: 01cc08d3ab3f4a93a3031a1c368f21ad3e1f66622c4ad21caec5fa85ffc382d2
                                                                                          • Instruction Fuzzy Hash: FD313E70A042599FEF08DBA5DC51BFEBBB5BF48304F14415DE506B73C2CA38A9418B69
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042C870 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0042C916
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042C93C
                                                                                          Strings
                                                                                          • ManyCam Virtual Webcam, xrefs: 0042C8DA
                                                                                          • The effect name is missing. Please name the effect., xrefs: 0042C8DF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorBase::Concurrency::details::ContextDebugHeapIdentityQueueWork
                                                                                          • String ID: ManyCam Virtual Webcam$The effect name is missing. Please name the effect.
                                                                                          • API String ID: 1131629171-2986969597
                                                                                          • Opcode ID: 50f9dc068afc3ea2bc3b5c8dad93f4b45884fc86520afec70ce9849f97ae527c
                                                                                          • Instruction ID: f548a94b20067d4d2e648bd6b739c8dff4aaef88bf7f8ff5a9c1d1d40970e620
                                                                                          • Opcode Fuzzy Hash: 50f9dc068afc3ea2bc3b5c8dad93f4b45884fc86520afec70ce9849f97ae527c
                                                                                          • Instruction Fuzzy Hash: D63129B0A001099FCB08EF99D891BEEB7B5FF48318F10412EE516B72D1DB386944CB68
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0040D710 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 89memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00406640: GetDlgItem.USER32 ref: 00406651
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0040D74B
                                                                                            • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                                            • Part of subcall function 0040E970: GetWindowRect.USER32 ref: 0040E981
                                                                                          • MoveWindow.USER32(00000064,00000000,00000000,?,?,00000000,?,0053D874,00000000,?,00000499), ref: 0040D7C2
                                                                                            • Part of subcall function 0040E950: SendMessageW.USER32(00000000,00000445,?,0040D7DD), ref: 0040E963
                                                                                            • Part of subcall function 0040EFF0: SendMessageW.USER32(?,000000C5,00000000,00000000), ref: 0040F008
                                                                                            • Part of subcall function 0040E990: SetFocus.USER32(?,?,?,00434E57,?,00000000,?), ref: 0040E99D
                                                                                            • Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD
                                                                                            • Part of subcall function 00406670: GetParent.USER32 ref: 0040669A
                                                                                            • Part of subcall function 00406670: GetWindowRect.USER32 ref: 004066C0
                                                                                            • Part of subcall function 00406670: GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
                                                                                            • Part of subcall function 00406670: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$AllocatorDebugHeapMessageParentRectSend$FocusInfoItemLongMoveParametersSystem
                                                                                          • String ID: d$d
                                                                                          • API String ID: 3921613472-195624457
                                                                                          • Opcode ID: be6d5f90de31245e1e353859d4c1b30396a498e5700c83b75fcdaf14fb3ee6aa
                                                                                          • Instruction ID: 3ca6db3b2f9967b65cd4f0e061b2cad756e61815fc9b19dab2999dc164d22b62
                                                                                          • Opcode Fuzzy Hash: be6d5f90de31245e1e353859d4c1b30396a498e5700c83b75fcdaf14fb3ee6aa
                                                                                          • Instruction Fuzzy Hash: F3312D71A01109AFDB04DFEDD995FAEB7B6AF48308F14455CF202B72C1CA74AA10CB68
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042C720 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0042F960: _invalid_parameter_noinfo.MSVCR80(-0000003E,?,004AB3E0,00000000,0000000A,00000001,3D2007F9,000000FF,?,004AB79D), ref: 0042F974
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                          • memset.MSVCR80 ref: 0042C7B2
                                                                                            • Part of subcall function 004CB2C0: _DebugHeapAllocator.LIBCPMTD ref: 004CB2DC
                                                                                          • UrlEscapeW.SHLWAPI(00000000,?,?,00000104,00003000,http://manycam.com/upload_effect?filepath=,?,3D2007F9), ref: 0042C7F2
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042C81A
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                            • Part of subcall function 004CBEE0: _DebugHeapAllocator.LIBCPMTD ref: 004CBF12
                                                                                            • Part of subcall function 004CBEE0: ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 004CBF84
                                                                                          Strings
                                                                                          • http://manycam.com/upload_effect?filepath=, xrefs: 0042C782
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$EscapeExecuteShell_invalid_parameter_noinfomemset
                                                                                          • String ID: http://manycam.com/upload_effect?filepath=
                                                                                          • API String ID: 2685471194-4228746029
                                                                                          • Opcode ID: f474d8a17c69ee73db076593b281a7d49717d1ab03933d9e87b073d459428043
                                                                                          • Instruction ID: 1ebb1af0b2b9467f4388abbf65d4e58c0fdf4eb3bcc8d7c7d81431b3f3e3b6ed
                                                                                          • Opcode Fuzzy Hash: f474d8a17c69ee73db076593b281a7d49717d1ab03933d9e87b073d459428043
                                                                                          • Instruction Fuzzy Hash: 44315E71D01219ABCB14EF94EC99BEEB7B8EF48704F0001ADE516A72D0DB386A44CF94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004F7BB0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 75COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.MSVCR80 ref: 004F7BE9
                                                                                            • Part of subcall function 00407140: RegOpenKeyExW.ADVAPI32(?,80000002,00000000,00000000,00000000,80000002,SOFTWARE\ManyCam), ref: 00407162
                                                                                            • Part of subcall function 00407190: RegQueryValueExW.ADVAPI32(00000040,?,00000000,00000040,?,?,004C7AEB,AppVersion,?,00000040,80000002,SOFTWARE\ManyCam,00020019), ref: 004071CC
                                                                                          • GetFileAttributesW.KERNEL32(?,00000000,?,00000104,80000000,CLSID\{1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}\InprocServer32,00020019), ref: 004F7C93
                                                                                          Strings
                                                                                          • CLSID\Wow6432Node\{1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}\InprocServer32, xrefs: 004F7C29
                                                                                          • CLSID\{1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}\InprocServer32, xrefs: 004F7C00
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AttributesFileOpenQueryValuememset
                                                                                          • String ID: CLSID\Wow6432Node\{1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}\InprocServer32$CLSID\{1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}\InprocServer32
                                                                                          • API String ID: 3939751075-913962288
                                                                                          • Opcode ID: 3840a6ca819f7f34091c4b7d5c6b2d5f23737126413177e4e2a7be65fe58f5f8
                                                                                          • Instruction ID: fe429155339af8bf9c2b104aac238ba22da98f5507a0d985da42f2aa98c5e5ac
                                                                                          • Opcode Fuzzy Hash: 3840a6ca819f7f34091c4b7d5c6b2d5f23737126413177e4e2a7be65fe58f5f8
                                                                                          • Instruction Fuzzy Hash: 56314074C8522C9ADB24EF10EC9DBE9B374AF24304F6001E9E509662D1DB786F85CF95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041D690 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • Error opening properties for this camera., xrefs: 0041D751
                                                                                          • Error, xrefs: 0041D74C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Error$Error opening properties for this camera.
                                                                                          • API String ID: 0-2118436274
                                                                                          • Opcode ID: 19554b0057f9a520c76bc3dad455c1dc10b7e99a60b9304a2b7680d00d384350
                                                                                          • Instruction ID: 147417b0d663a9565f7becfaf8392b6f7256af2672039c8dcafe371fef67c71d
                                                                                          • Opcode Fuzzy Hash: 19554b0057f9a520c76bc3dad455c1dc10b7e99a60b9304a2b7680d00d384350
                                                                                          • Instruction Fuzzy Hash: 1B212CB0D00208EFDB04EFA5DD92BEEBBB4EB04718F10052EE416A72D1DB786945DB95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00438A10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
                                                                                            • Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852
                                                                                          • clock.MSVCR80 ref: 00438AA7
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeapclockfflushfwprintf
                                                                                          • String ID: >>> Entering: %s$ob@
                                                                                          • API String ID: 1338021872-1849792878
                                                                                          • Opcode ID: 096be4365fe6ecaff6f57c3d342fa79fd521a6c5a1afd4c32245b02c1f24962e
                                                                                          • Instruction ID: e5c4b020fe9bb3bd421ac8dd4bd2dede87d7f0cb66a8b34f549f2a89e30843bb
                                                                                          • Opcode Fuzzy Hash: 096be4365fe6ecaff6f57c3d342fa79fd521a6c5a1afd4c32245b02c1f24962e
                                                                                          • Instruction Fuzzy Hash: 9D216075900209AFDB04EF94C942AEEBB74FF44718F10852DF816A73C1DB746A04CBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00418380 Relevance: 6.3, APIs: 4, Instructions: 316windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetFocus.USER32(?,000000FF,?,00000000,?,?), ref: 004186F4
                                                                                            • Part of subcall function 00408360: lstrlenW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004083C6
                                                                                            • Part of subcall function 00408360: CompareStringW.KERNEL32(00000400,00000001,?,00000003,<A>,00000003), ref: 00408424
                                                                                            • Part of subcall function 00408360: CompareStringW.KERNEL32(00000400,00000001,?,00000004,</A>,00000004), ref: 00408474
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                            • Part of subcall function 00418A60: SetBkMode.GDI32(?,00000001), ref: 00418A71
                                                                                            • Part of subcall function 00418A40: SelectObject.GDI32(?,?), ref: 00418A51
                                                                                          • GetSysColor.USER32(00000011), ref: 004184AA
                                                                                            • Part of subcall function 00418810: DeleteDC.GDI32(00000000), ref: 00418824
                                                                                          • GetFocus.USER32(?,00000000,00000000,00000000,?,00000010,?,?), ref: 0041858A
                                                                                            • Part of subcall function 00418AF0: DrawTextW.USER32(00000000,?,00000000,?,000000FF), ref: 00418B0D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: CompareFocusString$ClientColorDeleteDrawModeObjectRectSelectTextlstrlen
                                                                                          • String ID:
                                                                                          • API String ID: 1926319676-0
                                                                                          • Opcode ID: 26e55d2ddd3d839f70efe0ddea58adb9d72dd7b4482a26fa95ec74e06393aeaf
                                                                                          • Instruction ID: 8fd3581a3690b51667abaed722c69e7692ca1fee28cda492897b23429118541a
                                                                                          • Opcode Fuzzy Hash: 26e55d2ddd3d839f70efe0ddea58adb9d72dd7b4482a26fa95ec74e06393aeaf
                                                                                          • Instruction Fuzzy Hash: DCD1FA719002089FDB08DF95C891AEEBBB5FF48344F14811EE5166B392DF39A985CF94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004731C0 Relevance: 6.2, APIs: 4, Instructions: 177memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0047326B
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004732C6
                                                                                            • Part of subcall function 0040EDB0: _DebugHeapAllocator.LIBCPMTD ref: 0040EDE7
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00473373
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004733BF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap
                                                                                          • String ID:
                                                                                          • API String ID: 571936431-0
                                                                                          • Opcode ID: 8d22956a6eca960c08d3dff8719a7386b74edfd0f08a11446174f923434c786a
                                                                                          • Instruction ID: ba553dcd13a5858e603f1fb76aea40c35e3a739926aa5d8f94fbf40c4e6c359d
                                                                                          • Opcode Fuzzy Hash: 8d22956a6eca960c08d3dff8719a7386b74edfd0f08a11446174f923434c786a
                                                                                          • Instruction Fuzzy Hash: 38716C71D04248EFCB08EFA5C891BEEBBB1AF44304F10856EE416BB2D1DB385A05CB94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004377F0 Relevance: 6.1, APIs: 4, Instructions: 141COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00437873
                                                                                            • Part of subcall function 004DB530: _DebugHeapAllocator.LIBCPMTD ref: 004DB54A
                                                                                          • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00437893
                                                                                          • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00437911
                                                                                          • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00437931
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Base::Concurrency::details::Concurrency::task_options::get_schedulerPolicyScheduler$AllocatorDebugHeap
                                                                                          • String ID:
                                                                                          • API String ID: 3769596188-0
                                                                                          • Opcode ID: ae50dedc5bff3189a4c5ee1f5f7d387c5ef5596cba0e4c588fdb73d77bb84b94
                                                                                          • Instruction ID: e04cd424ada27803d4de57edeb00dc09ccd5da108a2e1a4cd45ff0b3344883ed
                                                                                          • Opcode Fuzzy Hash: ae50dedc5bff3189a4c5ee1f5f7d387c5ef5596cba0e4c588fdb73d77bb84b94
                                                                                          • Instruction Fuzzy Hash: 2551C9B1D052089BCB08EFD5D851AEEBBB5EF48304F10816EE415AB391DB386905CB95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 005128B0 Relevance: 6.1, APIs: 4, Instructions: 129memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 005128FB
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0051292B
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00512953
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0051297B
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                                            • Part of subcall function 0050E580: wcscpy.MSVCR80 ref: 0050E5EC
                                                                                            • Part of subcall function 0050E580: wcscpy.MSVCR80 ref: 0050E623
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$wcscpy
                                                                                          • String ID:
                                                                                          • API String ID: 147117728-0
                                                                                          • Opcode ID: d0bbc9be73f287d5b3265cda2ea85270813d23556e8a0590b6fb4fd8d4f8cf1c
                                                                                          • Instruction ID: 4db675f979ab1b4fcf933bf1fc0f7ec6c4e65dab18244cadebc46eb2865c177d
                                                                                          • Opcode Fuzzy Hash: d0bbc9be73f287d5b3265cda2ea85270813d23556e8a0590b6fb4fd8d4f8cf1c
                                                                                          • Instruction Fuzzy Hash: FF512AB0906259DFEB14DF58D899BAEBBB5BF48304F1042EDE409A7281C7385E44CF95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004DBFF0 Relevance: 6.1, APIs: 4, Instructions: 119memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004DC033
                                                                                            • Part of subcall function 004DBE90: _DebugHeapAllocator.LIBCPMTD ref: 004DBEC9
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004DC086
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap
                                                                                          • String ID:
                                                                                          • API String ID: 571936431-0
                                                                                          • Opcode ID: c59892185d700c258966fea98a3a67c139e76443b60bb6cbe48b80099f68f78a
                                                                                          • Instruction ID: 57ad7a94b4f17953cceabe80b37dddf1255517824b701b9908fe33c64e9df595
                                                                                          • Opcode Fuzzy Hash: c59892185d700c258966fea98a3a67c139e76443b60bb6cbe48b80099f68f78a
                                                                                          • Instruction Fuzzy Hash: 855108B1D01209EFCB04DF98D991BEEBBB5EF48314F20821EE415A7381D7786A05CBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00424150 Relevance: 6.1, APIs: 4, Instructions: 107COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041AA40: GetWindowLongW.USER32(?,3D2007F9), ref: 0041AA51
                                                                                            • Part of subcall function 0041E880: SetWindowLongW.USER32(3D2007F9,00000001,3D2007F9), ref: 0041E895
                                                                                          • memset.MSVCR80 ref: 00424199
                                                                                            • Part of subcall function 00424C20: SendMessageW.USER32(?,00000418,00000000,?), ref: 00424C38
                                                                                          • memset.MSVCR80 ref: 0042420A
                                                                                            • Part of subcall function 00424CB0: SendMessageW.USER32(?,00000432,00000000,004234AC), ref: 00424CC8
                                                                                          • GetSysColor.USER32(0000000D), ref: 00424246
                                                                                            • Part of subcall function 00424C50: SendMessageW.USER32(?,00000413,00000000,00000000), ref: 00424C68
                                                                                          • GetSysColor.USER32(0000000E), ref: 0042425A
                                                                                            • Part of subcall function 00424C80: SendMessageW.USER32(?,00000414,00000000,00000000), ref: 00424C98
                                                                                            • Part of subcall function 00424BF0: SendMessageW.USER32(?,0000041A,00000000,00000000), ref: 00424C08
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$ColorLongWindowmemset
                                                                                          • String ID:
                                                                                          • API String ID: 364163598-0
                                                                                          • Opcode ID: ca4f91228ccd88ec06df88587eba8f35eadc2edbafeba585f7b4b6ebc1d4d150
                                                                                          • Instruction ID: b7621caee83b87087722d0fc06bec11bb6e010a42a84f963952b34725cf3772b
                                                                                          • Opcode Fuzzy Hash: ca4f91228ccd88ec06df88587eba8f35eadc2edbafeba585f7b4b6ebc1d4d150
                                                                                          • Instruction Fuzzy Hash: 5D410EB0A451289BDB04DB99DCA1FADBB75BF8C714F14021DF505BB3C2CA78A450CB69
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004DBE90 Relevance: 6.1, APIs: 4, Instructions: 106memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004DBEC9
                                                                                            • Part of subcall function 004DBD20: Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 004DBD89
                                                                                          • ??2@YAPAXI@Z.MSVCR80 ref: 004DBF07
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004DBF32
                                                                                          • codecvt.LIBCPMTD ref: 004DBF91
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$??2@Base::Concurrency::details::PolicySchedulercodecvt
                                                                                          • String ID:
                                                                                          • API String ID: 2274784594-0
                                                                                          • Opcode ID: b34eaf5f8b4bc995a75b7663f0490cbbca256718e0fc2991ba0d564274ad3819
                                                                                          • Instruction ID: a5f5fe00beb6dc335f7db01107ea1e8339e23b863d8d973fd5a3badf8319c300
                                                                                          • Opcode Fuzzy Hash: b34eaf5f8b4bc995a75b7663f0490cbbca256718e0fc2991ba0d564274ad3819
                                                                                          • Instruction Fuzzy Hash: 4241C3B1D00209EFCB04DF99D855BEEBBB5FB48314F10822EE825A7380D7786A41CB95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004CB670 Relevance: 6.1, APIs: 4, Instructions: 105memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                            • Part of subcall function 004CDD10: _DebugHeapAllocator.LIBCPMTD ref: 004CDD47
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                            • Part of subcall function 0040EDB0: _DebugHeapAllocator.LIBCPMTD ref: 0040EDE7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap
                                                                                          • String ID:
                                                                                          • API String ID: 571936431-0
                                                                                          • Opcode ID: d8dd091d62933aa0e0d22cb533b24b345fb768a8967b578f071013b0fdbbec97
                                                                                          • Instruction ID: 38e3a450d274fc90888437ce31c1c227629e1880207a410873065ac097306c4e
                                                                                          • Opcode Fuzzy Hash: d8dd091d62933aa0e0d22cb533b24b345fb768a8967b578f071013b0fdbbec97
                                                                                          • Instruction Fuzzy Hash: 9B411771D01109EFDB04EFA5C992BEEBBB4AF14304F10852EE512B72D1DB746A08CBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004233E0 Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0040DB90: EnableWindow.USER32(?,004233F6), ref: 0040DBA1
                                                                                          • memset.MSVCR80 ref: 00423401
                                                                                            • Part of subcall function 00424C20: SendMessageW.USER32(?,00000418,00000000,?), ref: 00424C38
                                                                                          • memset.MSVCR80 ref: 00423472
                                                                                            • Part of subcall function 00424CB0: SendMessageW.USER32(?,00000432,00000000,004234AC), ref: 00424CC8
                                                                                          • GetSysColor.USER32(0000000D), ref: 004234AE
                                                                                            • Part of subcall function 00424C50: SendMessageW.USER32(?,00000413,00000000,00000000), ref: 00424C68
                                                                                          • GetSysColor.USER32(0000000E), ref: 004234C2
                                                                                            • Part of subcall function 00424C80: SendMessageW.USER32(?,00000414,00000000,00000000), ref: 00424C98
                                                                                            • Part of subcall function 00424BF0: SendMessageW.USER32(?,0000041A,00000000,00000000), ref: 00424C08
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$Colormemset$EnableWindow
                                                                                          • String ID:
                                                                                          • API String ID: 3254005938-0
                                                                                          • Opcode ID: 9547226adb342bfd39b01646857f65c79a1ef8127a810dff08a050f6dd987676
                                                                                          • Instruction ID: 106a6f500417accf57ea954c1e823afec406d325b5afcb2095aae49042dfd20f
                                                                                          • Opcode Fuzzy Hash: 9547226adb342bfd39b01646857f65c79a1ef8127a810dff08a050f6dd987676
                                                                                          • Instruction Fuzzy Hash: FF311270E441069BDB04DB99DCA2F7EB7B5AF88708F04811DF5157B3C2CA78A416CB69
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00406040 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Iatan$Isqrt
                                                                                          • String ID:
                                                                                          • API String ID: 1025909456-0
                                                                                          • Opcode ID: 57f5941b643651e987862c1e0d1d6f7d17b30a8860795f25dd51119af805d3df
                                                                                          • Instruction ID: 369849f07fd1038270b353e5a516803fc2d99b3ba7736fd5bc0cfa9b85f71fc3
                                                                                          • Opcode Fuzzy Hash: 57f5941b643651e987862c1e0d1d6f7d17b30a8860795f25dd51119af805d3df
                                                                                          • Instruction Fuzzy Hash: 8631E671609302EFC701AF44E64816ABFA4FFC1751FA18D88E4E922199D73198758F8B
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00403480 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • cvPyrDown.CV099(?,?,00000007,FFFFFFFE,?,?,?,0040176B,?,?), ref: 004034E8
                                                                                          • cvPyrDown.CV099(?,?,00000007,?,?,00000007,FFFFFFFE,?,?,?,0040176B,?,?), ref: 004034F7
                                                                                          • cvSobel.CV099(?,?,00000001,00000000,00000003,?,?,00000007,?,?,00000007,FFFFFFFE,?,?,?,0040176B), ref: 0040350A
                                                                                          • cvSobel.CV099(?,?,00000000,00000001,00000003,?,?,00000001,00000000,00000003,?,?,00000007,?,?,00000007), ref: 0040351D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: DownSobel
                                                                                          • String ID:
                                                                                          • API String ID: 2091289516-0
                                                                                          • Opcode ID: 608739ef99aa2b8ac6037748a2c71a64cfb87480d08a35d0b3f2b324fed52bd1
                                                                                          • Instruction ID: b26035920ab24ae20490de8e438dd73d2ed62edcb4c8bde505a6cb4d7121f0fe
                                                                                          • Opcode Fuzzy Hash: 608739ef99aa2b8ac6037748a2c71a64cfb87480d08a35d0b3f2b324fed52bd1
                                                                                          • Instruction Fuzzy Hash: 46215EB5700701ABD724DE28DD81F67B7E9BB88711F448929FA869B6D0C671F5018B10
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0050DF50 Relevance: 6.1, APIs: 4, Instructions: 77memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0050DF91
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0050DFAD
                                                                                            • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4E3
                                                                                            • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4FF
                                                                                          • ?Decode@CxImage@@QAE_NPAEKK@Z.CXIMAGECRT(?,?,00000000,?,?,?,?), ref: 0050DFFE
                                                                                          • ??3@YAXPAX@Z.MSVCR80 ref: 0050E00D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$??3@Decode@Image@@
                                                                                          • String ID:
                                                                                          • API String ID: 2750522454-0
                                                                                          • Opcode ID: 769ab098ef2205272df9c02d6f4271a03703872ce89b94fc88ef9a4cb5e21456
                                                                                          • Instruction ID: 3c37372c448fd1ff81ab42699f4e176843c1d29902be1aeb85d09944e11fd3e7
                                                                                          • Opcode Fuzzy Hash: 769ab098ef2205272df9c02d6f4271a03703872ce89b94fc88ef9a4cb5e21456
                                                                                          • Instruction Fuzzy Hash: 9B3118B1D05248EFCB04DFA8D985BDEBBB4FB48314F10861DF815A7281DB746A04CBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00446480 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetTopWindow.USER32(?), ref: 0044648F
                                                                                          • GetWindow.USER32(00000000,00000002), ref: 004464A0
                                                                                          • SendMessageW.USER32(00000000,?,?,?), ref: 004464BF
                                                                                          • GetTopWindow.USER32(00000000), ref: 004464CF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$MessageSend
                                                                                          • String ID:
                                                                                          • API String ID: 1496643700-0
                                                                                          • Opcode ID: 0fc2dd0073c28b6c66ec9f54719fca97d74c0b9b452a9e8b98ab4c061e3703d5
                                                                                          • Instruction ID: 5599d8aec985cfa69e8589d1268fc08193e69a2bbc754be235a44f600a99598a
                                                                                          • Opcode Fuzzy Hash: 0fc2dd0073c28b6c66ec9f54719fca97d74c0b9b452a9e8b98ab4c061e3703d5
                                                                                          • Instruction Fuzzy Hash: 9411FA75A00208FFDB04DFE8D944EAE77B9AB88300F10855EFA0697390D734AE05DB69
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00491B50 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _invalid_parameter_noinfo.MSVCR80(?,000000FF,?,0048E333,0048B283,00495099,?,0048B283,000000FF,000000FF,00495099,3D2007F9,00531700,000000FF,?,00495099), ref: 00491B68
                                                                                          • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,000000FF,?,0048E333,0048B283,00495099,?,0048B283,000000FF,000000FF,00495099,3D2007F9,00531700,000000FF,?,00495099), ref: 00491B83
                                                                                          • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,0048E333,0048B283,00495099,?,0048B283,000000FF,000000FF,00495099,3D2007F9,00531700,000000FF,?,00495099,?), ref: 00491BA9
                                                                                          • _invalid_parameter_noinfo.MSVCR80(?,0048E333,0048B283,00495099,?,0048B283,000000FF,000000FF,00495099,3D2007F9,00531700,000000FF,?,00495099,?), ref: 00491BB3
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Myptr@?$basic_string@_U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@_invalid_parameter_noinfo
                                                                                          • String ID:
                                                                                          • API String ID: 2188846742-0
                                                                                          • Opcode ID: cf415323ecff6b965b9dcc6927c72044f43967f3e5d630dff8fedc2412618fef
                                                                                          • Instruction ID: 54e63703126b4be510269095b0d1381d719784210473edfb5369c30f1e79e64e
                                                                                          • Opcode Fuzzy Hash: cf415323ecff6b965b9dcc6927c72044f43967f3e5d630dff8fedc2412618fef
                                                                                          • Instruction Fuzzy Hash: 1C11C634A0000ADFCF14DF58C694CADBBB2EF99315B2182A9E9055B361EB34BF45DB84
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00475460 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Delete$??3@Objectmemset
                                                                                          • String ID:
                                                                                          • API String ID: 2240089121-0
                                                                                          • Opcode ID: f775acb041dbfe5c56a33f25cd465f9aa31629570cacb76639abf9799f9fa6fa
                                                                                          • Instruction ID: 33d3a3a66d25ed9f4d03f09c9153b39c32194220fa2733effb8460e3d87a6c1a
                                                                                          • Opcode Fuzzy Hash: f775acb041dbfe5c56a33f25cd465f9aa31629570cacb76639abf9799f9fa6fa
                                                                                          • Instruction Fuzzy Hash: 55112AB4A00208EFDB44DF94D888B9EBBB1FF84315F548098D9052B391D779EA85CF80
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004223E0 Relevance: 6.0, APIs: 4, Instructions: 43windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.MSVCR80 ref: 00422406
                                                                                            • Part of subcall function 004232A0: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004232B6
                                                                                          • wcslen.MSVCR80 ref: 00422427
                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000000), ref: 00422448
                                                                                          • SendMessageW.USER32(?,0000100F,?,00000000), ref: 00422460
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$memsetwcslen
                                                                                          • String ID:
                                                                                          • API String ID: 1629969563-0
                                                                                          • Opcode ID: 27b4e246d41088bd54c352e73dc6f3ec4014a33d544db1ace6c82cc66d73829c
                                                                                          • Instruction ID: fd28faf10420b3e9cf0d4e7cd47fee78e406ddaa3a8982db2d9a389e17546391
                                                                                          • Opcode Fuzzy Hash: 27b4e246d41088bd54c352e73dc6f3ec4014a33d544db1ace6c82cc66d73829c
                                                                                          • Instruction Fuzzy Hash: F901E9B1D00208EBEB14DFD0EC8ABDEBBB5BB58704F044118F601AB391DB75A9058B95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00403340 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005,00000000,00401253,?,?), ref: 00403347
                                                                                          • cvCreateImage.CXCORE099(?,?,00000008,00000001,00401253,?,?), ref: 00403366
                                                                                          • cvReleaseMat.CXCORE099(000000A4,00401253,?,?), ref: 0040337A
                                                                                          • cvReleaseImage.CXCORE099(000000A0,00401253,?,?), ref: 00403388
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: CreateImageRelease
                                                                                          • String ID:
                                                                                          • API String ID: 3144300847-0
                                                                                          • Opcode ID: ffbb64d3606a58d76dd273cbc426d93207a52b513e33f185116b626fbda38bd7
                                                                                          • Instruction ID: 4452188ac5ececaf9476ffc26b46a09e5286b645042c6e493afe79c57806edd9
                                                                                          • Opcode Fuzzy Hash: ffbb64d3606a58d76dd273cbc426d93207a52b513e33f185116b626fbda38bd7
                                                                                          • Instruction Fuzzy Hash: 9DF0E0B5500312B6E7206F146C4AB9B7B94AF52301F040425FE44652C0FB749991C656
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 005212D0 Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,?,004BA301,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 005212D9
                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,004BA301,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 005212E6
                                                                                          • CreateThread.KERNEL32 ref: 00521303
                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,?,004BA301,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00521311
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$Leave$CreateEnterThread
                                                                                          • String ID:
                                                                                          • API String ID: 2283434278-0
                                                                                          • Opcode ID: 418f5b227edb57f9a6f757c2f81d22d4be826a1a10dd088fbaa45c80337aa0d5
                                                                                          • Instruction ID: 8814811c4dcae3b6cb02d0e2ce8d72e62d21bf38926ec32fb9567c6bbb799682
                                                                                          • Opcode Fuzzy Hash: 418f5b227edb57f9a6f757c2f81d22d4be826a1a10dd088fbaa45c80337aa0d5
                                                                                          • Instruction Fuzzy Hash: 01F03E72201610AAE3705B55FC08BD77BB8EFD1B62F10051EF106D15D0D7A06445D765
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041E370 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: MetricsSystem
                                                                                          • String ID:
                                                                                          • API String ID: 4116985748-0
                                                                                          • Opcode ID: 22b1d73353d5bc3e7bbfce1216fdfc9bbe2c5f0851a8470d3ca0ef857e634515
                                                                                          • Instruction ID: 0309d501508c84c491e30ef2097f10fb6b95fe06418acfa07dbdd42ca1e239de
                                                                                          • Opcode Fuzzy Hash: 22b1d73353d5bc3e7bbfce1216fdfc9bbe2c5f0851a8470d3ca0ef857e634515
                                                                                          • Instruction Fuzzy Hash: 69018078E00209AFE704DF94E8499ACBBB1FF58300F1482AAEE5997781DB702A54DB45
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00488730 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,?,00488724,3D2007F9,0049A100,3D2007F5,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?,?), ref: 00488737
                                                                                          • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,00488724,3D2007F9,0049A100,3D2007F5,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?,?,0049A100), ref: 00488742
                                                                                          • ?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z.MSVCP80(00000000,?,?,00488724,3D2007F9,0049A100,3D2007F5,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?), ref: 00488759
                                                                                          • ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z.MSVCP80(?,?,?,00488724,3D2007F9,0049A100,3D2007F5,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?), ref: 00488766
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$Myptr@?$basic_string@_$??4?$basic_string@_?erase@?$basic_string@_V01@V01@@V12@
                                                                                          • String ID:
                                                                                          • API String ID: 3537912873-0
                                                                                          • Opcode ID: 5056e8f042ebb5b06e388abe9d7013084b117bbf253dc20301d42485009f9af0
                                                                                          • Instruction ID: 68c4d93e9c4a580dced358607109a40fa72366f08dc93a0fa3c65411e4fd161c
                                                                                          • Opcode Fuzzy Hash: 5056e8f042ebb5b06e388abe9d7013084b117bbf253dc20301d42485009f9af0
                                                                                          • Instruction Fuzzy Hash: 6CE01235200108AFEB14EF54EC58D99777BFB98391F008125FA0A8B362DB30AD44DB94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00435780 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 159COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 4NC$4NC
                                                                                          • API String ID: 0-1717309502
                                                                                          • Opcode ID: 636313644eab2cc9ed53f4b1fb6c7fe5ccbcacf0ac8ecf14d2ef5cb6642a3b42
                                                                                          • Instruction ID: edff85f3833ba22acf9ab8710c3cb5385f553245e4d39bd84e7972ae7c9abc0b
                                                                                          • Opcode Fuzzy Hash: 636313644eab2cc9ed53f4b1fb6c7fe5ccbcacf0ac8ecf14d2ef5cb6642a3b42
                                                                                          • Instruction Fuzzy Hash: 93616D70900508DFDB08EFA6D896BEEBBB5BF44318F10452EE5166B2D1DB782945CB88
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0050DC80 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0050F800: _DebugHeapAllocator.LIBCPMTD ref: 0050F815
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0050DCC9
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap
                                                                                          • String ID: MCE-$_mAnnnYca@aM_
                                                                                          • API String ID: 571936431-899104912
                                                                                          • Opcode ID: f40b280ed1325e6bba48490bd75d2d284572e43d25bd79c82fdd87b9afc39f8c
                                                                                          • Instruction ID: 1e720448ac6b5cb3d8f353a52fb492bd5fc10a5b1a629d097a1df7f28f5dd433
                                                                                          • Opcode Fuzzy Hash: f40b280ed1325e6bba48490bd75d2d284572e43d25bd79c82fdd87b9afc39f8c
                                                                                          • Instruction Fuzzy Hash: 03715A30905258CBEB24DB54CD64FADBBB6BF61304F1482D8D5096B2C2CB75AE84CF65
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004B3190 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157comCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          • OleCreatePropertyFrame.OLEAUT32(?,00000000,00000000,?,00000001,?,00000000,?,00000000,00000000,00000000), ref: 004B335F
                                                                                          • CoTaskMemFree.OLE32(?,?,?,3D2007F9), ref: 004B337C
                                                                                            • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                          Strings
                                                                                          • CGraphMgr::ShowCameraProperties, xrefs: 004B31C1
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: clock$AllocatorCreateDebugFrameFreeHeapPropertyTask
                                                                                          • String ID: CGraphMgr::ShowCameraProperties
                                                                                          • API String ID: 2338886374-3071715877
                                                                                          • Opcode ID: b892e083cea794b7bef9db6e71d19fafbfb14f69ee18f4ad05b9c8b3defac545
                                                                                          • Instruction ID: 691d08390fa4834040d12ba73b1f3886b5f8bcf1a23ad6f21803c9f1b6b811bf
                                                                                          • Opcode Fuzzy Hash: b892e083cea794b7bef9db6e71d19fafbfb14f69ee18f4ad05b9c8b3defac545
                                                                                          • Instruction Fuzzy Hash: 7B611571904618DBDB14DF95CC95BEEB7B4BF48304F10419AE00AAB291DB786F84CFA4
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0050D9E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateDirectoryW.KERNEL32(0050E57A,00000000,3D2007F9), ref: 0050DA14
                                                                                          • wcscat.MSVCR80 ref: 0050DA27
                                                                                            • Part of subcall function 00500B70: ?fail@ios_base@std@@QBE_NXZ.MSVCP80(0050DAA4,00000000,00000002,00000000,00000020,00000040,00000001), ref: 00500B86
                                                                                            • Part of subcall function 00500BF0: ?fail@ios_base@std@@QBE_NXZ.MSVCP80(?,?,0050DAB6,?,00000000,00000002,00000000,00000020,00000040,00000001), ref: 00500C04
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ?fail@ios_base@std@@$CreateDirectorywcscat
                                                                                          • String ID: zP
                                                                                          • API String ID: 2898546159-257844785
                                                                                          • Opcode ID: 4f0b56061c965f2f2cf825f5a83e1c041622dd382fe08cce812f0975218b0ce2
                                                                                          • Instruction ID: fef8abd74728a25b5cf643a3bcb35e4a0f4abb1658a775f4a695eedb0014710f
                                                                                          • Opcode Fuzzy Hash: 4f0b56061c965f2f2cf825f5a83e1c041622dd382fe08cce812f0975218b0ce2
                                                                                          • Instruction Fuzzy Hash: 7F414970A012189FDB24DB54CD56FAEBBB4BF84310F008299E2096B2D1DB70AE84CF51
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041E140 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00406640: GetDlgItem.USER32 ref: 00406651
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A415
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A437
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A455
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A47D
                                                                                            • Part of subcall function 0041A3B0: ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,?,00000000,?,0053E990,?,?,?,?,?,\class.xml,?,?,?,data\images\), ref: 0041A530
                                                                                            • Part of subcall function 0041DE10: ??_V@YAXPAX@Z.MSVCR80 ref: 0041DE55
                                                                                            • Part of subcall function 0040DA40: MoveWindow.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,?,?,00408A2E,0000006D,0000002D,00000157,00000017,00000001,00000000,?), ref: 0040DA61
                                                                                            • Part of subcall function 0041AA40: GetWindowLongW.USER32(?,3D2007F9), ref: 0041AA51
                                                                                            • Part of subcall function 0041E880: SetWindowLongW.USER32(3D2007F9,00000001,3D2007F9), ref: 0041E895
                                                                                          • SetLayeredWindowAttributes.USER32(?,00000000,000000B2,00000002,000000EC,00000000,000000EC,0000000A,0000000A,0000002D,00000014,00000001,Apply the selection,button,00000000,3D2007F9), ref: 0041E1F1
                                                                                            • Part of subcall function 0041E8B0: MoveWindow.USER32(?,?,00000000,?,00000000,00000001,-00000003,?,0041E25F,?,00000001,?,?), ref: 0041E8E7
                                                                                            • Part of subcall function 0041E370: GetSystemMetrics.USER32 ref: 0041E37B
                                                                                            • Part of subcall function 0041E370: GetSystemMetrics.USER32 ref: 0041E386
                                                                                            • Part of subcall function 0041E370: GetSystemMetrics.USER32 ref: 0041E391
                                                                                            • Part of subcall function 0041E370: GetSystemMetrics.USER32 ref: 0041E3A2
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$AllocatorDebugHeapMetricsSystem$LongMove$AttributesImage@@ItemLayeredLoad@
                                                                                          • String ID: Apply the selection$button
                                                                                          • API String ID: 70508497-2603280126
                                                                                          • Opcode ID: 325f42cf690be37cc5bd74bc9656fe42c8c439b5651ae68e07e9d9de847688b4
                                                                                          • Instruction ID: 04a5c8e6f4919bc5989b0440a3589c8b02fa676512b2dbfed97fa3f5bca5e94e
                                                                                          • Opcode Fuzzy Hash: 325f42cf690be37cc5bd74bc9656fe42c8c439b5651ae68e07e9d9de847688b4
                                                                                          • Instruction Fuzzy Hash: 6D310B70A40208ABDB08EBA5DD92FADB775AF44718F10011EF502A72D2DB797941CB59
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00435670 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 82memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                            • Part of subcall function 0041E040: SendMessageW.USER32(?,000000F5,00000000,00000000), ref: 0041E056
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00435704
                                                                                          • memcpy.MSVCR80(00000020,00000000,00000000,00000000,?,?,?,3D2007F9,00000001,00000000,?,?,?,00000020,?,00000000), ref: 00435723
                                                                                            • Part of subcall function 00419570: PostMessageW.USER32(?,00000000,?,?), ref: 00419589
                                                                                            • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                          Strings
                                                                                          • CMainDlg::OpenAddEffectDialog, xrefs: 00435698
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeapMessageclock$PostSendmemcpy
                                                                                          • String ID: CMainDlg::OpenAddEffectDialog
                                                                                          • API String ID: 7737251-3153126156
                                                                                          • Opcode ID: 5a6f9c85550b11fb3c54acd39933119bb4ee69e21832babafbe1f14f516fe882
                                                                                          • Instruction ID: f2d46c62957b3d269f85c1c68510b4d6c97596dd61a1effc0ae980705c6bf08d
                                                                                          • Opcode Fuzzy Hash: 5a6f9c85550b11fb3c54acd39933119bb4ee69e21832babafbe1f14f516fe882
                                                                                          • Instruction Fuzzy Hash: 3E314FB1D01118ABDB04EFA5D852BEEBBB4FF48314F00452EE416A72D1DB39AA44CB65
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041EED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetSystemMetrics.USER32 ref: 0041EEDD
                                                                                            • Part of subcall function 0040DA70: SetWindowPos.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,0040880B,?,?,0040880B,00000000,00000000,00000000,000001E2,-0000012B), ref: 0040DA95
                                                                                            • Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD
                                                                                            • Part of subcall function 00406670: GetParent.USER32 ref: 0040669A
                                                                                            • Part of subcall function 00406670: GetWindowRect.USER32 ref: 004066C0
                                                                                            • Part of subcall function 00406670: GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
                                                                                            • Part of subcall function 00406670: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D
                                                                                            • Part of subcall function 00406640: GetDlgItem.USER32 ref: 00406651
                                                                                            • Part of subcall function 00408120: ??_V@YAXPAX@Z.MSVCR80 ref: 0040815C
                                                                                            • Part of subcall function 00408120: lstrlenW.KERNEL32(0040641C,?,?,00000000,00000000,00000000,00000000,0040641C,00000000), ref: 00408172
                                                                                            • Part of subcall function 0040DA40: MoveWindow.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,?,?,00408A2E,0000006D,0000002D,00000157,00000017,00000001,00000000,?), ref: 0040DA61
                                                                                          • MoveWindow.USER32(00000000,00000000,00000001,000000E7,0000005F,00000048,00000017,00000001,00000113,00000034,000000C6,00000017,00000001,http://www.manycam.com/codec,00000000,00000211), ref: 0041EF99
                                                                                          Strings
                                                                                          • http://www.manycam.com/codec, xrefs: 0041EF48
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$MoveParentSystem$InfoItemLongMetricsParametersRectlstrlen
                                                                                          • String ID: http://www.manycam.com/codec
                                                                                          • API String ID: 3918154117-1165702928
                                                                                          • Opcode ID: 3c772632c4e0218f7060b3e77bd1fd24f4dad1a2c19bf84bf2807e60cca908d2
                                                                                          • Instruction ID: 149f93423e983da9d283a3b54f422c1b69b7f72d1b3e7c1b80e5497dd6e0fc8b
                                                                                          • Opcode Fuzzy Hash: 3c772632c4e0218f7060b3e77bd1fd24f4dad1a2c19bf84bf2807e60cca908d2
                                                                                          • Instruction Fuzzy Hash: 5C110D70B802096BFB18E7A5CC67FBE7225AF44708F00042DB717BA2C2DAB96520865D
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004C4AC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _invalid_parameter_noinfo.MSVCR80(00000000,00533F58,?,?,?,?,?,?,004BCB55,?,00533F58,000000FF,00533F58,004B85D2,00000000,00000000), ref: 004C4AD1
                                                                                          • _invalid_parameter_noinfo.MSVCR80(?,00000000,00533F58,?,?,?,?,?,?,004BCB55,?,00533F58,000000FF,00533F58,004B85D2,00000000), ref: 004C4AEE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: X?S
                                                                                          • API String ID: 3215553584-928156776
                                                                                          • Opcode ID: 300afce18172fda367b1e5a93a3139029df3230341556c5fc4a0edfbb8e029cc
                                                                                          • Instruction ID: 6e252d52473bf057cc5c9ab3544af976a75f27afc912d5b1b1ccf3972680467b
                                                                                          • Opcode Fuzzy Hash: 300afce18172fda367b1e5a93a3139029df3230341556c5fc4a0edfbb8e029cc
                                                                                          • Instruction Fuzzy Hash: 7B214178E00204EFCB44EFA5C6A0E6FBB75AF89315B14819EE4055B311D738EE41CBA8
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00490E90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _invalid_parameter_noinfo.MSVCR80(?,0049315F,?,00000000,?,?,0048D60B,000000FF,?,?,00499CB6,?,?,?,00531AE6,000000FF), ref: 00490EA1
                                                                                          • _invalid_parameter_noinfo.MSVCR80(00000003,?,0049315F,?,00000000,?,?,0048D60B,000000FF,?,?,00499CB6,?,?,?,00531AE6), ref: 00490EBE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: _1I
                                                                                          • API String ID: 3215553584-1375489561
                                                                                          • Opcode ID: f8a0f0cd8858169583a3bfb7bac23ac9426c047314b7327a1f008bdd9c0947f0
                                                                                          • Instruction ID: 39ed61a2cd6add22cacd6874f090497504692926125bc87bb284fc13d1f3f6b2
                                                                                          • Opcode Fuzzy Hash: f8a0f0cd8858169583a3bfb7bac23ac9426c047314b7327a1f008bdd9c0947f0
                                                                                          • Instruction Fuzzy Hash: 12213E74A00204EFCF04EFA5C58086EBF76AF89315B1489AEE4459B305CB38EA41CBA4
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00407190 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67registryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RegQueryValueExW.ADVAPI32(00000040,?,00000000,00000040,?,?,004C7AEB,AppVersion,?,00000040,80000002,SOFTWARE\ManyCam,00020019), ref: 004071CC
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: QueryValue
                                                                                          • String ID: zL$zL
                                                                                          • API String ID: 3660427363-3006479296
                                                                                          • Opcode ID: 9f65d8b26e372b6834f41cd3cc3a1fe9bf163b5c16fb74d4df2668fbdcee74fa
                                                                                          • Instruction ID: fe241e5347fe9cda23539dab786d815e97edc30d153e6fd0c4fb1542d65cb657
                                                                                          • Opcode Fuzzy Hash: 9f65d8b26e372b6834f41cd3cc3a1fe9bf163b5c16fb74d4df2668fbdcee74fa
                                                                                          • Instruction Fuzzy Hash: 90211074A04209EBDB18CF99C454BAFB7B1FF84300F1085AEE911AB3D0D778A941CB96
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00427F30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SetTextColor.GDI32(,0059762F), ref: 00427FCA
                                                                                          • SetBkMode.GDI32(?,00000001), ref: 00427FD6
                                                                                            • Part of subcall function 005239F0: __onexit.MSVCRT ref: 005239F4
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ColorModeText__onexit
                                                                                          • String ID:
                                                                                          • API String ID: 1701786345-2740779761
                                                                                          • Opcode ID: 689978be591b18eec5e87da8d3ec2dc317c5454d46cfb10375b040861179c69b
                                                                                          • Instruction ID: 1cf352d44300871225d6d724bb19b2db8170b7edca805ab37ad0752b5d1858d6
                                                                                          • Opcode Fuzzy Hash: 689978be591b18eec5e87da8d3ec2dc317c5454d46cfb10375b040861179c69b
                                                                                          • Instruction Fuzzy Hash: 661188B1A047189BCB04DF98EC96B6A7BF9FB4A710F004A1AF511977C0CBB56804DB09
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004535B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
                                                                                            • Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852
                                                                                          • clock.MSVCR80 ref: 00453606
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00453624
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeapclockfflushfwprintf
                                                                                          • String ID: Entering: %s
                                                                                          • API String ID: 1338021872-1508582857
                                                                                          • Opcode ID: 0a03b20c66a4bdf864266057b93037efe44b4c8f81b8abca9714b6f92b0e190a
                                                                                          • Instruction ID: 630723a52c49dda7b07cbf3efddf69ebd1aec7d1a56bd84d85dfb89b8348d68f
                                                                                          • Opcode Fuzzy Hash: 0a03b20c66a4bdf864266057b93037efe44b4c8f81b8abca9714b6f92b0e190a
                                                                                          • Instruction Fuzzy Hash: CE1130B5904209EFDB04DF98D841AAEB7B4FF48714F00865DF82597381D7746904CBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004AE2E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _invalid_parameter_noinfo.MSVCR80(?,?,004AE1A3,CJ,00000000,?,004AE043,?,?,00000000,000000FF,004AD900,00000000,?,?,000000FF), ref: 004AE2EF
                                                                                          • _invalid_parameter_noinfo.MSVCR80(?,?,004AE1A3,CJ,00000000,?,004AE043,?,?,00000000,000000FF,004AD900,00000000,?,?,000000FF), ref: 004AE32B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: CJ
                                                                                          • API String ID: 3215553584-1577928124
                                                                                          • Opcode ID: 70cad1bad6b93677a8aa04d1a4551bdbb9f1c5421a9a58d61efe08efc66d9194
                                                                                          • Instruction ID: 1e5a07180b79b9d77b03a7b872fd22e8548e40f80d8fa90e55785185c90aae0e
                                                                                          • Opcode Fuzzy Hash: 70cad1bad6b93677a8aa04d1a4551bdbb9f1c5421a9a58d61efe08efc66d9194
                                                                                          • Instruction Fuzzy Hash: A401D731600008DFCB08DF59D694A6EFBB6EF66301F258199E9069B355C734AE50DB88
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004E29E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _invalid_parameter_noinfo.MSVCR80(?,?,004E1883,CN,000000FF,?,004E0A43,?,?,000000FF,?), ref: 004E29EF
                                                                                          • _invalid_parameter_noinfo.MSVCR80(?,?,004E1883,CN,000000FF,?,004E0A43,?,?,000000FF,?), ref: 004E2A25
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: CN
                                                                                          • API String ID: 3215553584-3860229782
                                                                                          • Opcode ID: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
                                                                                          • Instruction ID: 055c263bba3631ac84532d8d275a506bca3ff744e03e32cc4505f628b268f32f
                                                                                          • Opcode Fuzzy Hash: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
                                                                                          • Instruction Fuzzy Hash: 6D110234A00049EFCB14DF45C280DADB7B6FB99305B25C299E8068B315DB31AF46DB84
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00412C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _invalid_parameter_noinfo.MSVCR80(?,?,004129C3,C A,00000000,?,00412043,?,?,00000000,-0000012B,0040F9E0,00000000,?,?,-0000012B), ref: 00412C2F
                                                                                          • _invalid_parameter_noinfo.MSVCR80(?,?,004129C3,C A,00000000,?,00412043,?,?,00000000,-0000012B,0040F9E0,00000000,?,?,-0000012B), ref: 00412C65
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: C A
                                                                                          • API String ID: 3215553584-432193327
                                                                                          • Opcode ID: dd3759dd0edff71de197c755aad0b75e312425a4acb4d65829b04bcd21f34736
                                                                                          • Instruction ID: d50c8c72ee7c7c5e73367f5c550ec2d48e9c8be17f747839894a4a99daa275eb
                                                                                          • Opcode Fuzzy Hash: dd3759dd0edff71de197c755aad0b75e312425a4acb4d65829b04bcd21f34736
                                                                                          • Instruction Fuzzy Hash: 0E01E931600008DFCB08CF48D7D49ADFBB6EF69345B668199E5069B315D730EE90DB98
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00413CB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _invalid_parameter_noinfo.MSVCR80(?,?,004138F3,c7A,00000000,?,00413763,?,?,00000000,?,004136D0,?,?,?,45A), ref: 00413CBF
                                                                                          • _invalid_parameter_noinfo.MSVCR80(?,?,004138F3,c7A,00000000,?,00413763,?,?,00000000,?,004136D0,?,?,?,45A), ref: 00413CF5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: c7A
                                                                                          • API String ID: 3215553584-604798297
                                                                                          • Opcode ID: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
                                                                                          • Instruction ID: 4f8a117557595d7ace3a85e6c39e7ac69620622392f626f59c62cc3483bdb0bb
                                                                                          • Opcode Fuzzy Hash: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
                                                                                          • Instruction Fuzzy Hash: 3511D335A00009EFCB14DF48C290C9DB7B6FF99305B258199E9069B315EB31AF86DB88
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004228B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCursorInfo.USER32(00000014), ref: 004228C4
                                                                                          • ScreenToClient.USER32 ref: 004228D5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ClientCursorInfoScreen
                                                                                          • String ID: (B
                                                                                          • API String ID: 1381309574-891251851
                                                                                          • Opcode ID: 183b5d1f9ba3f3a11c0528ae00216a5e4976ffd3210267904aec7597f6dd3387
                                                                                          • Instruction ID: 56ec9ec03ba55985748cef6039b39fbaea006a6cc74428b082933960e72c1f85
                                                                                          • Opcode Fuzzy Hash: 183b5d1f9ba3f3a11c0528ae00216a5e4976ffd3210267904aec7597f6dd3387
                                                                                          • Instruction Fuzzy Hash: 89F0ECB5A00209AFCB04DF98D985C9EBBB9FF88310F10C158FA49A7350D730EA45DB91
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004B7880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00454C20: _time64.MSVCR80 ref: 00454C25
                                                                                          • fwprintf.MSVCR80 ref: 004B78B3
                                                                                          • fflush.MSVCR80 ref: 004B78C3
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: _time64fflushfwprintf
                                                                                          • String ID: | %x %X |
                                                                                          • API String ID: 804399740-1669508960
                                                                                          • Opcode ID: a995debcebdf332dee2d0cd15bea4d7e243787ad81cf3f31d987c7b7fad9b84e
                                                                                          • Instruction ID: 998b554e6e78045c2d5deda0b84162204a47a87edbaee598bb3a96ab0b245df9
                                                                                          • Opcode Fuzzy Hash: a995debcebdf332dee2d0cd15bea4d7e243787ad81cf3f31d987c7b7fad9b84e
                                                                                          • Instruction Fuzzy Hash: 4BF05471C01108ABDF04FB95DD868AEB738FF54309B5045A9E91667242DB34AA1CCBE5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004150C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: memmove_s
                                                                                          • String ID: nAA$nAA
                                                                                          • API String ID: 1646303785-1657967095
                                                                                          • Opcode ID: 48a814f637bbc169a426d2c1a272fa5cac1a1cc5ee3381e8494429463483b6d0
                                                                                          • Instruction ID: 831bdc283bfef77eb9b1cad694d4ede0d3f081278f3ad19dba345cc0dbbac6ca
                                                                                          • Opcode Fuzzy Hash: 48a814f637bbc169a426d2c1a272fa5cac1a1cc5ee3381e8494429463483b6d0
                                                                                          • Instruction Fuzzy Hash: 0CF0D47090010DEFCB14DF9CC885D9EBBB8FB88344F10829DE919A7300E630EAA5CB90
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00452560 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.MSVCR80 ref: 00452578
                                                                                          • SendMessageW.USER32(00000000,0000102B,00000003,00000000), ref: 0045259F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.195031279.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000001.00000002.195027808.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195052371.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195062564.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195068228.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195072948.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.195079725.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSendmemset
                                                                                          • String ID: sF
                                                                                          • API String ID: 568519121-1799171085
                                                                                          • Opcode ID: 4f7f968d2f1bddc4f09a461e00c76bc8674273fced99d0374c36e351c40e598a
                                                                                          • Instruction ID: 820b5049f95e3a72b0bc4be9787ca9bc2384040a12e4f1db62f2bb420236fa95
                                                                                          • Opcode Fuzzy Hash: 4f7f968d2f1bddc4f09a461e00c76bc8674273fced99d0374c36e351c40e598a
                                                                                          • Instruction Fuzzy Hash: BEF07AB5D44208ABDB14DF94E885EDEB779BB58700F008119F915A7380E770A9158B95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Non-executed Functions

                                                                                          Function 004164A0 Relevance: 6.1, APIs: 4, Instructions: 97filestringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00416650: FindClose.KERNEL32(55C35DE5,00000000,?,004164B1,00000000,000001E2,-0000012B), ref: 00416686
                                                                                          • lstrlenW.KERNEL32(00000000,00000000,000001E2), ref: 004164C4
                                                                                          • FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                                          • GetFullPathNameW.KERNEL32(00000000,00000104,?,00000000), ref: 0041652C
                                                                                          • SetLastError.KERNEL32(0000007B), ref: 0041654D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Find$CloseErrorFileFirstFullLastNamePathlstrlen
                                                                                          • String ID:
                                                                                          • API String ID: 333540133-0
                                                                                          • Opcode ID: 171f62d7d2e46f7442e9afe65942f367c9dc7a9140c3c81f7060891864299191
                                                                                          • Instruction ID: f4e42fcc4f8ec7ae6713741ac17fac935eec9a5453ba0a6ca1ec1d98cf041219
                                                                                          • Opcode Fuzzy Hash: 171f62d7d2e46f7442e9afe65942f367c9dc7a9140c3c81f7060891864299191
                                                                                          • Instruction Fuzzy Hash: 8E413AB0A00219AFDB00DFA4DC84BEE77B2BF44305F11856AE515AB385C778D984CB98
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00512040 Relevance: 67.0, APIs: 29, Strings: 9, Instructions: 499memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                                            • Part of subcall function 004CB5F0: SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004CB626
                                                                                            • Part of subcall function 004CB5F0: _wmkdir.MSVCR80 ref: 004CB633
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,?,00000001,\ManyCam,00000000,00569E94,?,00569E90,?,00569E8C,?,00000000,00000000), ref: 0051221A
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0051222B
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00512251
                                                                                            • Part of subcall function 004167E0: _DebugHeapAllocator.LIBCPMTD ref: 004167EE
                                                                                            • Part of subcall function 004CC140: wcscpy_s.MSVCR80 ref: 004CC168
                                                                                            • Part of subcall function 004CC140: SHFileOperationW.SHELL32(00000000), ref: 004CC1BD
                                                                                          • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,NewEffect,00569EAC,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,F30A7BBC), ref: 00512270
                                                                                          • CreateDirectoryW.KERNEL32(00000000,?,?,?,?,00569ED4,640x480,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002), ref: 005122D0
                                                                                          • CreateDirectoryW.KERNEL32(00000000,?,?,?,?,00569EE8,352x288,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002), ref: 0051234A
                                                                                          • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,F30A7BBC), ref: 00512372
                                                                                          • ?SetFrame@CxImage@@QAEXJ@Z.CXIMAGECRT(00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,F30A7BBC), ref: 00512383
                                                                                          • ?SetRetreiveAllFrames@CxImage@@QAEX_N@Z.CXIMAGECRT(00000001,00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,F30A7BBC), ref: 00512390
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,00000001,00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,F30A7BBC), ref: 005123A6
                                                                                          • ~_Mpunct.LIBCPMTD ref: 005123C8
                                                                                            • Part of subcall function 004166C0: ?DestroyFrames@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166D3
                                                                                            • Part of subcall function 004166C0: ?Destroy@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166DB
                                                                                          • ?GetNumFrames@CxImage@@QBEJXZ.CXIMAGECRT(00000000,00000000,00000001,00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,F30A7BBC), ref: 005123F6
                                                                                          • ?GetNumFrames@CxImage@@QBEJXZ.CXIMAGECRT(?,?,?,?,00569F04,preview.jpg,00000000,00000000,00000001,00000000,00000000,?,00569E90,?,00569E8C), ref: 00512474
                                                                                          • ?SetFrame@CxImage@@QAEXJ@Z.CXIMAGECRT(00000000,00000000,00000002,F30A7BBC), ref: 005124F5
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,00000000,00000000,00000002,F30A7BBC), ref: 0051250B
                                                                                          • ?GetFrameDelay@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000002,F30A7BBC), ref: 00512516
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000,00000000,00000001,00000000,00000000), ref: 005125AD
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000,00000000,00000001,00000000), ref: 005125B6
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image@@$AllocatorDebugHeap$CreateDirectoryFrames@$Frame@Load@$Delay@DestroyDestroy@FileFolderFrameHeight@MpunctOperationPathRetreiveSpecialWidth@_wmkdirwcscpy_s
                                                                                          • String ID: .mce$352x288$640x480$InternalProperties$NewEffect$\ManyCam$blocked=0type_id=%dcategory_name=%screator_info=preview=%s$preview.jpg$preview.jpg
                                                                                          • API String ID: 2719232945-3254136489
                                                                                          • Opcode ID: edb56aa18bfe84e8b2a6fcb1c4672e86fafff6400bd075d5d8bb305b2034b014
                                                                                          • Instruction ID: 9b3459efdfe137e0bd21340dd663e66a4f958181f4942486322fc66185ab85f6
                                                                                          • Opcode Fuzzy Hash: edb56aa18bfe84e8b2a6fcb1c4672e86fafff6400bd075d5d8bb305b2034b014
                                                                                          • Instruction Fuzzy Hash: D43219B19002599BDB24EB65CC95BEEBBB8BF44304F0041EDE509A7282DB746F84CF95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004FE9C0 Relevance: 63.2, APIs: 19, Strings: 17, Instructions: 153memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEA15
                                                                                            • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEA2B
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEA41
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEA57
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEA6D
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEA83
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEA99
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEAAF
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEACA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEAE0
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEAF6
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEB0C
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEB22
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEB38
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEB4E
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEB64
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEB90
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FEB9C
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000004,00000000,data\effect_data\dateTime\,?,?,F30A7BBC), ref: 004FEBB2
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@Load@
                                                                                          • String ID: clock_analog_black.png$clock_analog_blue.png$clock_analog_green.png$clock_analog_orange.png$clock_analog_pink.png$clock_analog_violet.png$clock_analog_white.png$clock_analog_yellow.png$clock_digital_black.png$clock_digital_blue.png$clock_digital_green.png$clock_digital_orange.png$clock_digital_pink.png$clock_digital_violet.png$clock_digital_white.png$clock_digital_yellow.png$data\effect_data\dateTime\
                                                                                          • API String ID: 1315443971-1631216271
                                                                                          • Opcode ID: 747f7d782d11fa2e0d7beee0116b0fc85c130efa3bd3a1f2cfbfa411f50ad014
                                                                                          • Instruction ID: 9f3b7328a67c5534ac5b9426a16a074336d8bfd3d1576c03120503d92f7e5980
                                                                                          • Opcode Fuzzy Hash: 747f7d782d11fa2e0d7beee0116b0fc85c130efa3bd3a1f2cfbfa411f50ad014
                                                                                          • Instruction Fuzzy Hash: AE512B30D0020ADBCB14EB91C952AFFB771BB1170AF61446EE121371E1DB79AD49CB99
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00409060 Relevance: 54.7, APIs: 22, Strings: 9, Instructions: 435COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                            • Part of subcall function 00418B80: CreateSolidBrush.GDI32(F30A7BBC), ref: 00418B8B
                                                                                          • FillRect.USER32 ref: 0040910F
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000), ref: 00409152
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040917C
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409191
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004091BC
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004091DB
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(000000E8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409212
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409231
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040924D
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000006,?,000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409269
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,-00000006,00000006,?,000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000), ref: 00409287
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(000000E8,00000000,00000000,00000000,-00000006,00000006,?,000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000), ref: 004092A3
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000006,00000000,000000E8,00000000,00000000,00000000,-00000006,00000006,?,000000E8,00000000,00000000,00000000,00000006), ref: 004092C4
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,005952B0,00000000,00000000,00000000,?,00000006,00000000,000000E8,00000000,00000000,00000000,-00000006,00000006,?,000000E8), ref: 004092E7
                                                                                          • memset.MSVCR80 ref: 00409647
                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00409676
                                                                                          • SetTextColor.GDI32(00000000,00945121), ref: 0040968D
                                                                                            • Part of subcall function 00415F90: CopyRect.USER32 ref: 00415F9F
                                                                                          • DrawTextW.USER32(00000000,00000000,00000000,00000018,00000020), ref: 004096E4
                                                                                          • SelectObject.GDI32(00000000,?), ref: 004096F9
                                                                                          • GetWindowRect.USER32 ref: 0040971D
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,000000FF,000000FF,00000000,00000000,?), ref: 0040974D
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,000000FF,000000FF,00000000,00000000,?), ref: 00409770
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image@@$C__@@Draw@Utag$T@@_$Width@$Rect$Height@$ObjectSelectText$BrushClientColorCopyCreateDrawFillSolidU3@_Windowmemset
                                                                                          • String ID: ,$Category:$Created by:$Name:$Select Resource File:$Tahoma$Type:$]$k
                                                                                          • API String ID: 333958392-4118964679
                                                                                          • Opcode ID: 57c0907e371b0e5315c579a3b0ab3a5d9bb1bc661649efe18dc397683e395b28
                                                                                          • Instruction ID: c7ad2873c58e454c86f9403bdf801017c004aeaca137986ed775093af6690a25
                                                                                          • Opcode Fuzzy Hash: 57c0907e371b0e5315c579a3b0ab3a5d9bb1bc661649efe18dc397683e395b28
                                                                                          • Instruction Fuzzy Hash: 1712F970900258DFEB24EB64CC59BEEBB74AF55308F1081E9E10A7B291DB746E88CF55
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004F6BD0 Relevance: 38.7, APIs: 15, Strings: 7, Instructions: 165fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,Dynamic), ref: 004F6C39
                                                                                          • GetFileSize.KERNEL32(000000FF,00000000), ref: 004F6C72
                                                                                          • CloseHandle.KERNEL32(000000FF), ref: 004F6C83
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                          • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,?,Dynamic), ref: 004F6CD4
                                                                                          Strings
                                                                                          • The Resource File is corrupted. Please select another., xrefs: 004F6CE3
                                                                                          • Dynamic, xrefs: 004F6C05
                                                                                          • You have selected an image with the dimension larger than 3000x2000., xrefs: 004F6DDB
                                                                                          • The Resource File is corrupted. Please select another., xrefs: 004F6C48
                                                                                          • The file size is larger than the maximum allowed (10 Mb)., xrefs: 004F6C89
                                                                                          • You have selected a file with the size larger than 3Mb., xrefs: 004F6D24
                                                                                          • The Resource File is corrupted. Please select another., xrefs: 004F6D81
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: File$Create$AllocatorCloseDebugHandleHeapSize
                                                                                          • String ID: Dynamic$The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$The file size is larger than the maximum allowed (10 Mb).$You have selected a file with the size larger than 3Mb.$You have selected an image with the dimension larger than 3000x2000.
                                                                                          • API String ID: 1944681888-4013501048
                                                                                          • Opcode ID: db53ed9e86c52f9cf1fd276464b43294e0c4f6e7b9bf3ea5ce6500d8ea47b909
                                                                                          • Instruction ID: 602c555bb4c1e2a523d70d8c740280473e2c328c7d9138f782ffa9abfa287272
                                                                                          • Opcode Fuzzy Hash: db53ed9e86c52f9cf1fd276464b43294e0c4f6e7b9bf3ea5ce6500d8ea47b909
                                                                                          • Instruction Fuzzy Hash: 27613C70A00258ABDB14EF54DC96BEEBB75FB40314F50465AF91AAB2D0CB34AF81DB44
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00420D30 Relevance: 37.7, APIs: 25, Instructions: 218windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Color$Rect$BrushCreateDeleteObjectSolidText$Fill$DrawFocusFrameModewcslen
                                                                                          • String ID:
                                                                                          • API String ID: 2925841201-0
                                                                                          • Opcode ID: 26bd2938b346416d1ad719aebc76d141ac748537c15b6b170e29b0edcf1e6a47
                                                                                          • Instruction ID: 66e9c8a567400198a530f2ea5b8cee96818a293c6e558f9a1399f5342b62ddb8
                                                                                          • Opcode Fuzzy Hash: 26bd2938b346416d1ad719aebc76d141ac748537c15b6b170e29b0edcf1e6a47
                                                                                          • Instruction Fuzzy Hash: 36A1BAB5A00208DFDB08CFD8D9989AEBBB5FF9C310F108119EA19AB355D734A945DF90
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041EA80 Relevance: 35.3, APIs: 16, Strings: 4, Instructions: 259windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 0041EAEF
                                                                                          • FillRect.USER32 ref: 0041EB03
                                                                                          • LoadIconW.USER32(00000000,00000087), ref: 0041EB51
                                                                                          • DrawIconEx.USER32(00000000,0000000A,0000000A,?,00000020,00000020,00000000,00000000,00000003), ref: 0041EB75
                                                                                          • DeleteObject.GDI32(?), ref: 0041EB7F
                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 0041EBB2
                                                                                          • GetTextColor.GDI32(00000000), ref: 0041EBC1
                                                                                          • SetTextColor.GDI32(00000000,00000000), ref: 0041EBD2
                                                                                          • memset.MSVCR80 ref: 0041EC7C
                                                                                            • Part of subcall function 00417240: CreateFontIndirectW.GDI32(00409661), ref: 0041724B
                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0041ECBC
                                                                                          • memset.MSVCR80 ref: 0041ECE8
                                                                                          • memset.MSVCR80 ref: 0041ED12
                                                                                          • memset.MSVCR80 ref: 0041ED3C
                                                                                          • wcslen.MSVCR80 ref: 0041EDE0
                                                                                          • DrawTextW.USER32(00000000,?,00000000), ref: 0041EE04
                                                                                          • SelectObject.GDI32(00000000,?), ref: 0041EE1C
                                                                                          Strings
                                                                                          • Verdana, xrefs: 0041EC42
                                                                                          • For more information please visit , xrefs: 0041ED1F
                                                                                          • To run ManyCam's dynamic background effects it is necessary to have the Indeo(R) codec installed and registered on your computer., xrefs: 0041ECCD
                                                                                          • Please confirm that ManyCam has permission to add this codec to your computer., xrefs: 0041ECF5
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: memset$ColorObjectText$DrawIconRectSelect$BrushClientCreateDeleteFillFontIndirectLoadModewcslen
                                                                                          • String ID: For more information please visit $Please confirm that ManyCam has permission to add this codec to your computer.$To run ManyCam's dynamic background effects it is necessary to have the Indeo(R) codec installed and registered on your computer.$Verdana
                                                                                          • API String ID: 744489110-1759026381
                                                                                          • Opcode ID: 58b7292fdbef0849fd6a32aea5d5f1962e852a66df7108f83bd5b60b6f2a3ebe
                                                                                          • Instruction ID: 8647ecc2d404d113b85be19741f6e1cb79f34e612718a269b33a6944d2f87c5b
                                                                                          • Opcode Fuzzy Hash: 58b7292fdbef0849fd6a32aea5d5f1962e852a66df7108f83bd5b60b6f2a3ebe
                                                                                          • Instruction Fuzzy Hash: 00C147B0D00219DBDB14CF94DC94BEEBBB9BF54304F1081AAE509AB381DB746A89CF54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00402130 Relevance: 33.7, APIs: 16, Strings: 3, Instructions: 433COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • cvError.CXCORE099(000000FB,cvCylDrawCylinder,Invalid parameter.,.\src\cylaux.cpp,0000009A), ref: 00402670
                                                                                            • Part of subcall function 00405340: cvSet.CXCORE099(?,?,?,?,00000000,0040217B), ref: 0040535D
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 004021A7
                                                                                          • _CIcos.MSVCR80 ref: 004021DD
                                                                                          • _CIsin.MSVCR80 ref: 004021EA
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 0040225F
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 004022C4
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 00402325
                                                                                          • _CIsqrt.MSVCR80 ref: 004023DC
                                                                                          • _CIsqrt.MSVCR80 ref: 004023F7
                                                                                          • _CIacos.MSVCR80 ref: 00402431
                                                                                          • cvSet2D.CXCORE099(?,?,?), ref: 00402488
                                                                                          • _CIcos.MSVCR80 ref: 004024E9
                                                                                          • _CIsin.MSVCR80 ref: 00402517
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 00402559
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 004025DA
                                                                                          • cvLine.CXCORE099(?,?,?,?,?), ref: 0040264C
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: IcosIsinIsqrt$ErrorIacosLineSet2
                                                                                          • String ID: .\src\cylaux.cpp$Invalid parameter.$cvCylDrawCylinder
                                                                                          • API String ID: 3689646513-1738803442
                                                                                          • Opcode ID: 8deb28bca9f0b0be666a0c88b69cf3ae356be30c15ac8f98f76c123cc54bb843
                                                                                          • Instruction ID: ee0604925432baceefbd38c3e5584ac40f80a2529fa49fd9d4d055b72c52293a
                                                                                          • Opcode Fuzzy Hash: 8deb28bca9f0b0be666a0c88b69cf3ae356be30c15ac8f98f76c123cc54bb843
                                                                                          • Instruction Fuzzy Hash: C8F1A171A05601DBD304AF60D989696BFF0FF84780F614D88E5D4672A9EB3198B4CFC6
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041EFD0 Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 268windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                          • GetSysColorBrush.USER32(0000000F), ref: 0041F03F
                                                                                          • FillRect.USER32 ref: 0041F053
                                                                                          • LoadIconW.USER32(00000000,00000087), ref: 0041F0A1
                                                                                          • DrawIconEx.USER32(00000000,0000000A,0000000A,00529873,0000000A,0000000A,00000000,00000000,00000003), ref: 0041F0D3
                                                                                          • DeleteObject.GDI32(00529873), ref: 0041F0DD
                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 0041F110
                                                                                          • GetTextColor.GDI32(00000000), ref: 0041F11F
                                                                                          • SetTextColor.GDI32(00000000,00000000), ref: 0041F130
                                                                                          • memset.MSVCR80 ref: 0041F1DA
                                                                                            • Part of subcall function 00417240: CreateFontIndirectW.GDI32(00409661), ref: 0041724B
                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 0041F21A
                                                                                          • memset.MSVCR80 ref: 0041F293
                                                                                          • memset.MSVCR80 ref: 0041F2BA
                                                                                          • wcslen.MSVCR80 ref: 0041F35E
                                                                                          • DrawTextW.USER32(00000000,?,00000000), ref: 0041F385
                                                                                          • SelectObject.GDI32(00000000,?), ref: 0041F39D
                                                                                          Strings
                                                                                          • Verdana, xrefs: 0041F1A0
                                                                                          • This feature requires a special video codec to function properly. Unfortunately, xrefs: 0041F22B
                                                                                          • visit the ManyCam website help page , xrefs: 0041F2A0
                                                                                          • this codec doesn, xrefs: 0041F27B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ColorObjectTextmemset$DrawIconRectSelect$BrushClientCreateDeleteFillFontIndirectLoadModewcslen
                                                                                          • String ID: This feature requires a special video codec to function properly. Unfortunately$Verdana$this codec doesn$visit the ManyCam website help page
                                                                                          • API String ID: 923866622-1098169901
                                                                                          • Opcode ID: 3f31620da8421e62cd21c6cfa0caa7031ff0a88d6dc715023633d5f283328bfa
                                                                                          • Instruction ID: 6f95be4a3cc1c25362b5af6b12462e5a34df96a0e09e544e1f1783aa57f49324
                                                                                          • Opcode Fuzzy Hash: 3f31620da8421e62cd21c6cfa0caa7031ff0a88d6dc715023633d5f283328bfa
                                                                                          • Instruction Fuzzy Hash: 83D1F7B0D002189FDB14DF99DC54BDEBBB8BF58304F1081AAE509AB391DB746A89CF54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004C8720 Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 318COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C878C
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C879B
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C87D2
                                                                                          • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C87E1
                                                                                            • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                          Strings
                                                                                          • CManyCamModel::UpdateGraphTopologyOnSourceChange, xrefs: 004C8755
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Concurrency::cancellation_token_source::~cancellation_token_source$clock$AllocatorDebugHeap
                                                                                          • String ID: CManyCamModel::UpdateGraphTopologyOnSourceChange
                                                                                          • API String ID: 952932671-1321120180
                                                                                          • Opcode ID: 0b90ff5f2a21a3f5109c721d4de8bebc9373ba52e13293d6d0797d08fd4d5099
                                                                                          • Instruction ID: 10940e179f8bca40d99c735d3df1e6ff842ee16e2e5db1de052c77a05b9f2183
                                                                                          • Opcode Fuzzy Hash: 0b90ff5f2a21a3f5109c721d4de8bebc9373ba52e13293d6d0797d08fd4d5099
                                                                                          • Instruction Fuzzy Hash: 5BE13E70D04248DECB04EFA5D961BEEBBB0AF15308F10815FF4166B282EF785A45DB99
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004B2A80 Relevance: 31.7, APIs: 3, Strings: 15, Instructions: 169COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004B76D0: fwprintf.MSVCR80 ref: 004B7764
                                                                                            • Part of subcall function 004B76D0: fflush.MSVCR80 ref: 004B7774
                                                                                          • StringFromGUID2.OLE32()K,?,00000040,)K,0056F910,)K,00574DDC), ref: 004B2C30
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: FromStringfflushfwprintf
                                                                                          • String ID: Bit count = %d$Format type = %s$Format type = FORMAT_VideoInfo$Format type = GUID_NULL$Frame size = %dx%d$Major type = %s$Major type = GUID_NULL$Major type = MEDIATYPE_Video$Mediatype info:$Subtype = %s$Subtype = GUID_NULL$Subtype = MEDIASUBTYPE_RGB24$Subtype = MEDIASUBTYPE_RGB32$vids$)K
                                                                                          • API String ID: 2684700382-3987823964
                                                                                          • Opcode ID: e2d8f3dbb539b25badfc673ac368b6ee49d21c1c39eb2143ec57eff8d32f1992
                                                                                          • Instruction ID: 0a30e523ff0296b33be7bff9fb0a9039800934aade4f4bd872009a2dad4e24fd
                                                                                          • Opcode Fuzzy Hash: e2d8f3dbb539b25badfc673ac368b6ee49d21c1c39eb2143ec57eff8d32f1992
                                                                                          • Instruction Fuzzy Hash: A951C870E5420867DB10AF19DC57EDE3B34BF44705F00841AB908A6283EFB4EA59D7BA
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00402C80 Relevance: 30.2, APIs: 20, Instructions: 174COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00403140: cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,0040120F), ref: 00403198
                                                                                            • Part of subcall function 00403140: cvCreateImage.CXCORE099(?,?,80000010,00000001,?,00000000,?,0040120F), ref: 004031AF
                                                                                            • Part of subcall function 00403140: cvCreateImage.CXCORE099(?,?,80000010,00000001,?,?,?,?,?,00000000,?,0040120F), ref: 004031C7
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005,0040120F), ref: 00402C98
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,0040120F), ref: 00402CB4
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,0040120F), ref: 00402CD0
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,0040120F), ref: 00402CEC
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,?,?,?,0040120F), ref: 00402D08
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00402D24
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00402D40
                                                                                          • cvCreateMat.CXCORE099(00000003,00000004,00000005), ref: 00402D5C
                                                                                          • cvCreateMat.CXCORE099(00000003,00000004,00000005), ref: 00402D78
                                                                                          • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402D94
                                                                                          • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402DB0
                                                                                          • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402DCC
                                                                                          • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402DE8
                                                                                          • cvCreateMat.CXCORE099(00000003,00000001,00000005), ref: 00402E04
                                                                                          • cvCreateMat.CXCORE099(00000006,00000006,00000005), ref: 00402E20
                                                                                          • cvCreateMat.CXCORE099(00000006,00000001,00000005), ref: 00402E38
                                                                                          • cvCreateMat.CXCORE099(00000006,00000001,00000005), ref: 00402E50
                                                                                          • cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00402E68
                                                                                          • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402E80
                                                                                          • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402E98
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Create$Image
                                                                                          • String ID:
                                                                                          • API String ID: 1237808576-0
                                                                                          • Opcode ID: ae6bf935b923b4879af12b20d1e7ba834aac778abf3f025c7bd5bd2a014dc142
                                                                                          • Instruction ID: 61334a59a6328505146fa154266dd27d5a2e39e93b606410563eabcbac9550f4
                                                                                          • Opcode Fuzzy Hash: ae6bf935b923b4879af12b20d1e7ba834aac778abf3f025c7bd5bd2a014dc142
                                                                                          • Instruction Fuzzy Hash: 225106B0A81B027AF67057719E0BB9326912B26B01F050539BB4DB83C6FBF59521CA99
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004B8960 Relevance: 30.1, APIs: 7, Strings: 10, Instructions: 397COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • Error: camera name is empty., xrefs: 004B89BB
                                                                                          • Desired frame size is invalid., xrefs: 004B8A49
                                                                                          • Creating the graph for camera %s, xrefs: 004B8C3E
                                                                                          • Graph creation failed with hr=%X, xrefs: 004B8E3F
                                                                                          • CManyCamGraphMgr::AddCameraInput, xrefs: 004B8995
                                                                                          • Creating new entry for camera %s, xrefs: 004B8D86
                                                                                          • Destroy the graph for camera %s, xrefs: 004B8B94
                                                                                          • Moniker is NULL., xrefs: 004B89FF
                                                                                          • Failed to create the graph with hr=%X, xrefs: 004B8C85
                                                                                          • Such camera is already in the list: %s, xrefs: 004B8AC7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: clock$AllocatorDebugHeapfflushfwprintf
                                                                                          • String ID: CManyCamGraphMgr::AddCameraInput$Creating new entry for camera %s$Creating the graph for camera %s$Desired frame size is invalid.$Destroy the graph for camera %s$Error: camera name is empty.$Failed to create the graph with hr=%X$Graph creation failed with hr=%X$Moniker is NULL.$Such camera is already in the list: %s
                                                                                          • API String ID: 2739697835-1067953073
                                                                                          • Opcode ID: 8320536623643fb9a82ccd93883c4b51503a044c0bfe6443a3796fe1dcf3ba29
                                                                                          • Instruction ID: 0c2db78db8441f90a5655b608386306daf3177cd87543fca05d57ae7838a8fe2
                                                                                          • Opcode Fuzzy Hash: 8320536623643fb9a82ccd93883c4b51503a044c0bfe6443a3796fe1dcf3ba29
                                                                                          • Instruction Fuzzy Hash: F5024C70900208EFDB14EF95CC92BEEBBB5BF54304F10415EE5066B2D2DB786A45CBA9
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00402EC0 Relevance: 30.1, APIs: 20, Instructions: 126COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012A4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032CA
                                                                                            • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012A8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032DC
                                                                                            • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012AC,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032EA
                                                                                            • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012C0,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403302
                                                                                            • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012C4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403314
                                                                                            • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012C8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403326
                                                                                          • cvReleaseMat.CXCORE099(00000118,?), ref: 00402ED9
                                                                                          • cvReleaseMat.CXCORE099(00000114), ref: 00402EEB
                                                                                          • cvReleaseMat.CXCORE099(0000011C), ref: 00402EFD
                                                                                          • cvReleaseMat.CXCORE099(00000120), ref: 00402F0F
                                                                                          • cvReleaseMat.CXCORE099(00000124), ref: 00402F21
                                                                                          • cvReleaseMat.CXCORE099(00000128), ref: 00402F33
                                                                                          • cvReleaseMat.CXCORE099(0000012C), ref: 00402F45
                                                                                          • cvReleaseMat.CXCORE099(00000130), ref: 00402F57
                                                                                          • cvReleaseMat.CXCORE099(00000134), ref: 00402F69
                                                                                          • cvReleaseMat.CXCORE099(00000100), ref: 00402F77
                                                                                          • cvReleaseMat.CXCORE099(00000104), ref: 00402F89
                                                                                          • cvReleaseMat.CXCORE099(00000110), ref: 00402F9B
                                                                                          • cvReleaseMat.CXCORE099(00000108), ref: 00402FAD
                                                                                          • cvReleaseMat.CXCORE099(0000010C), ref: 00402FBF
                                                                                          • cvReleaseMat.CXCORE099(00000138), ref: 00402FD1
                                                                                          • cvReleaseMat.CXCORE099(0000013C), ref: 00402FE3
                                                                                          • cvReleaseMat.CXCORE099(00000140), ref: 00402FF5
                                                                                          • cvReleaseMat.CXCORE099(00000144), ref: 00403007
                                                                                          • cvReleaseMat.CXCORE099(00000148), ref: 00403019
                                                                                          • cvReleaseMat.CXCORE099(0000014C), ref: 0040302C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Release$Image
                                                                                          • String ID:
                                                                                          • API String ID: 1442443227-0
                                                                                          • Opcode ID: 18739cc84c4e819f13137b706e7aec6c30c3c301381e9e13cdbf496b20ef20f3
                                                                                          • Instruction ID: e9e9c9bdbcc23bd9ce4fc92c64f6ef92138ef717c9158f18fb2c09d524048864
                                                                                          • Opcode Fuzzy Hash: 18739cc84c4e819f13137b706e7aec6c30c3c301381e9e13cdbf496b20ef20f3
                                                                                          • Instruction Fuzzy Hash: 3A415AB1C01B11ABDA70DB60D94EB97B6EC7F01300F44493E914B929D0EB79F658CAA3
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004A8E90 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 328memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004A8F0A
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                            • Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                                          • wcscmp.MSVCR80 ref: 004A8F3A
                                                                                          • wcscmp.MSVCR80 ref: 004A8F53
                                                                                          • wcscmp.MSVCR80 ref: 004A8F80
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004A92EC
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004A9304
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004A9324
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$wcscmp$FileFindFirst
                                                                                          • String ID: InternalProperties
                                                                                          • API String ID: 1222566788-1350816593
                                                                                          • Opcode ID: c6da74deea4d9cd51fd66fbdb8e43503fd6c04aced2bb07cda00fcb46decaaae
                                                                                          • Instruction ID: d461dac8b76a5e630202117bde1037354cd356562fc5738dbdf76f67a61ac83d
                                                                                          • Opcode Fuzzy Hash: c6da74deea4d9cd51fd66fbdb8e43503fd6c04aced2bb07cda00fcb46decaaae
                                                                                          • Instruction Fuzzy Hash: 30F13AB49001199FDB14DF54CC94BAEB7B5BF55304F1085DAEA0AA7381DB34AE88CF68
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042E4D0 Relevance: 26.5, APIs: 6, Strings: 9, Instructions: 253memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0042F320: SendMessageW.USER32(F30A7BB8,0000101E,00000000,F30A7BB8), ref: 0042F342
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042E628
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042E637
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042E647
                                                                                          • memset.MSVCR80 ref: 0042E75B
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042E6A0
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,?,?,tyTdyT,00547960,?,data\images\,?,?,?,00000003,00000072,00000002,00000072), ref: 0042E6C9
                                                                                            • Part of subcall function 00407D70: SendMessageW.USER32(?,00000432,00000000,00000000), ref: 00407DAB
                                                                                            • Part of subcall function 00424C20: SendMessageW.USER32(?,00000418,00000000,?), ref: 00424C38
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$MessageSend$Image@@Load@memset
                                                                                          • String ID: .png$Col1$Col2$Col3$Col4$Tahoma$data\images\$dyT$tyTdyT
                                                                                          • API String ID: 1838653368-352732241
                                                                                          • Opcode ID: 5240a672e344888a9dcc8595a84e68314da153b494bcf22761846ef33874b4da
                                                                                          • Instruction ID: 63107b193e0704695c5efb6fe35d957d42c89c1ca5e4e6b9e88f197d9dfb2259
                                                                                          • Opcode Fuzzy Hash: 5240a672e344888a9dcc8595a84e68314da153b494bcf22761846ef33874b4da
                                                                                          • Instruction Fuzzy Hash: 4AB15CB0A443589BEB24DB65CC62FAEB771BF04718F00419DE1197B2C2CBB46A44CB5A
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00506610 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 118fileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0050665D
                                                                                          • GetFileSize.KERNEL32(000000FF,00000000), ref: 0050669D
                                                                                          • CloseHandle.KERNEL32(000000FF), ref: 005066AE
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                          Strings
                                                                                          • The Resource File is corrupted. Please select another., xrefs: 0050666C
                                                                                          • You have selected an image with the dimension larger than 3000x2000., xrefs: 0050676F
                                                                                          • The Resource File is corrupted. Please select another., xrefs: 00506718
                                                                                          • You have selected a file with the size larger than 3Mb., xrefs: 005066B4
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: File$AllocatorCloseCreateDebugHandleHeapSize
                                                                                          • String ID: The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$You have selected a file with the size larger than 3Mb.$You have selected an image with the dimension larger than 3000x2000.
                                                                                          • API String ID: 1278540365-1045440647
                                                                                          • Opcode ID: a2995053e53532cd3cc61e84a4e3e243a16d3489957e33b38d496d8e3a878c98
                                                                                          • Instruction ID: bf2e516d7632956263a6d0b7edc6ab055445a249ca0629827ad9313cad8a857e
                                                                                          • Opcode Fuzzy Hash: a2995053e53532cd3cc61e84a4e3e243a16d3489957e33b38d496d8e3a878c98
                                                                                          • Instruction Fuzzy Hash: 3D513C70900259ABDB25EF14DC55BEDBBB0FF45704F1085AAF819AB2D0CB75AE84CB80
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0040C220 Relevance: 24.8, APIs: 9, Strings: 5, Instructions: 308memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0040FA80: List.LIBCMTD ref: 0040FA8A
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0040C2DC
                                                                                            • Part of subcall function 004DBD20: Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 004DBD89
                                                                                          • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 0040C305
                                                                                            • Part of subcall function 004DB530: _DebugHeapAllocator.LIBCPMTD ref: 004DB54A
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0040C35E
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0040C371
                                                                                            • Part of subcall function 004DAFB0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004DB014
                                                                                          • _snwprintf.MSVCR80 ref: 0040C591
                                                                                          • wcslen.MSVCR80 ref: 0040C59E
                                                                                          • wcscpy.MSVCR80 ref: 0040C5CE
                                                                                          • wcslen.MSVCR80 ref: 0040C5DB
                                                                                            • Part of subcall function 0040F760: _invalid_parameter_noinfo.MSVCR80(00000000,?,00409D5D,?,?,00000000,?,?,?,mce,?,?,?,?,?,?), ref: 0040F774
                                                                                          • wcscat.MSVCR80 ref: 0040C633
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Base::Concurrency::details::$PolicySchedulerwcslen$ContextIdentityListQueueWork_invalid_parameter_noinfo_snwprintfwcscatwcscpy
                                                                                          • String ID: %s files (%s)$*.%s$*.%s$;*.%s$;*.%s
                                                                                          • API String ID: 3673500439-2222090975
                                                                                          • Opcode ID: 410b57a6a7f9a888242e909b12c55668fef034fc55ece74735e624549ad644eb
                                                                                          • Instruction ID: 0f1205feb10db953e557daecc0f66cfc6334ceda2ae244769a0a321528e6ad92
                                                                                          • Opcode Fuzzy Hash: 410b57a6a7f9a888242e909b12c55668fef034fc55ece74735e624549ad644eb
                                                                                          • Instruction Fuzzy Hash: 7BC12F71D00208DBDB14EBA5E892BEEB775AF54308F10417EF116B72D1DB385A48CB99
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041A3B0 Relevance: 24.8, APIs: 6, Strings: 8, Instructions: 308memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0041A415
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0041A437
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0041A455
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0041A47D
                                                                                            • Part of subcall function 00472C60: _wfopen_s.MSVCR80 ref: 00472CBE
                                                                                            • Part of subcall function 00472C60: fclose.MSVCR80 ref: 00472CDF
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                            • Part of subcall function 004730D0: _DebugHeapAllocator.LIBCPMTD ref: 0047314B
                                                                                            • Part of subcall function 004730D0: _DebugHeapAllocator.LIBCPMTD ref: 0047316D
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,?,00000000,?,0053E990,?,?,?,?,?,\class.xml,?,?,?,data\images\), ref: 0041A530
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@Load@_wfopen_sfclose
                                                                                          • String ID: 8S$P$\class.xml$data\images\$icon$icon_and_text$style$S
                                                                                          • API String ID: 255584289-693003568
                                                                                          • Opcode ID: 603b225bfe0989b9d3390ef585aae42c8b49bc1da2bbc25a9b3d303a95ec7668
                                                                                          • Instruction ID: 810976337b1479ad00da3f975604671f65968c870661c51cbc195e462080606e
                                                                                          • Opcode Fuzzy Hash: 603b225bfe0989b9d3390ef585aae42c8b49bc1da2bbc25a9b3d303a95ec7668
                                                                                          • Instruction Fuzzy Hash: 4BD16EB0D012189BDB14DB95CD92BEDBBB4BF18304F10819EE14A77281DB746E85CF9A
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004B8420 Relevance: 23.0, APIs: 4, Strings: 9, Instructions: 284memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004B84DB
                                                                                          • ??2@YAPAXI@Z.MSVCR80 ref: 004B84E2
                                                                                            • Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
                                                                                            • Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852
                                                                                            • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                          Strings
                                                                                          • Destroying the graph., xrefs: 004B8725
                                                                                          • Creating frame grabbing graph for camera %s, xrefs: 004B84C0
                                                                                          • Setting graph state %d, xrefs: 004B8655
                                                                                          • CManyCamGraphMgr::CreateGraph, xrefs: 004B8448
                                                                                          • AppModel pointer is NULL! Returning E_FAIL., xrefs: 004B8472
                                                                                          • Creating frame grabbing graph for file %s, xrefs: 004B856B
                                                                                          • Failed creating graph with hr=%X; preparing to clean up., xrefs: 004B8697
                                                                                          • Couldn't find the graph %s!, xrefs: 004B86E7
                                                                                          • Setting current pos for the graph %s, xrefs: 004B8616
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeapclock$??2@fflushfwprintf
                                                                                          • String ID: AppModel pointer is NULL! Returning E_FAIL.$CManyCamGraphMgr::CreateGraph$Couldn't find the graph %s!$Creating frame grabbing graph for camera %s$Creating frame grabbing graph for file %s$Destroying the graph.$Failed creating graph with hr=%X; preparing to clean up.$Setting current pos for the graph %s$Setting graph state %d
                                                                                          • API String ID: 1778695617-1153812090
                                                                                          • Opcode ID: f1e7f66eff02cda7a9ed3db3bcb49d45f39b49662cdf193da7ba6901c3f1654f
                                                                                          • Instruction ID: f3cb85e83180b36cfd0b303413b5ba2857901d6173e86f69feec068597868732
                                                                                          • Opcode Fuzzy Hash: f1e7f66eff02cda7a9ed3db3bcb49d45f39b49662cdf193da7ba6901c3f1654f
                                                                                          • Instruction Fuzzy Hash: FBC11B75D00209AFDB04DF99CC92BEEB7B4AF48308F14411EF5167B292DB786A05CB69
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 005062D0 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 206memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00506312
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00506336
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00506352
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0050636E
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                                          • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,000000FF,?,?,?,?,?,?,?,?,?,00000000,?,00000002,F30A7BBC), ref: 005063A1
                                                                                          • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,00000000,000000FF,?,?,?,?,?,?,?,?,?,00000000,?,00000002,F30A7BBC), ref: 005063B5
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                            • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4E3
                                                                                            • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4FF
                                                                                          • memcpy.MSVCR80(?,?,?,F30A7BBC), ref: 0050646C
                                                                                          • ??3@YAXPAX@Z.MSVCR80 ref: 0050652C
                                                                                          • ??3@YAXPAX@Z.MSVCR80 ref: 0050653E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$??3@Image@@$memcpy
                                                                                          • String ID: anonymous_type$mask_reader_ver$mask_type$properties
                                                                                          • API String ID: 3418783136-1683271502
                                                                                          • Opcode ID: ea6c7d0e71fb220edab34224d6aa0e07e57cb9ccd2759369dc2a5b15c5864e21
                                                                                          • Instruction ID: 830ff7d4bb77275050dcf287e18c53aa9cee5c96830a24d37f20f8f55580aab9
                                                                                          • Opcode Fuzzy Hash: ea6c7d0e71fb220edab34224d6aa0e07e57cb9ccd2759369dc2a5b15c5864e21
                                                                                          • Instruction Fuzzy Hash: 8891F7B1E002489FDB04DFA8D896BEEBBB5BF88304F10816DE419A7381DB345A45CF91
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00514480 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 157memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(F30A7BBC,000000FF,?,005125AA,?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000), ref: 005144AB
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(F30A7BBC,000000FF,?,005125AA,?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000), ref: 005144B6
                                                                                          • ?Resample@CxImage@@QAE_NJJHPAV1@@Z.CXIMAGECRT(00000160,00000000,00000001,00000000,?,?,?,00000160,00000120,00000001,F30A7BBC,000000FF,?,005125AA,?,?), ref: 00514559
                                                                                          • ?IncreaseBpp@CxImage@@QAE_NK@Z.CXIMAGECRT(00000018,00000160,00000000,00000001,00000000,?,?,?,00000160,00000120,00000001,F30A7BBC,000000FF,?,005125AA,?), ref: 00514563
                                                                                          • ?AlphaCreate@CxImage@@QAE_NXZ.CXIMAGECRT(00000018,00000160,00000000,00000001,00000000,?,?,?,00000160,00000120,00000001,F30A7BBC,000000FF,?,005125AA,?), ref: 0051456B
                                                                                          • ?Save@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000004,00000160,00000120,00000001,F30A7BBC,000000FF,?,005125AA,?,?,?,00000000,?,?,?), ref: 005145B1
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 005145DC
                                                                                          • ?Resample@CxImage@@QAE_NJJHPAV1@@Z.CXIMAGECRT(?,00569E8C,00000001,00000000,00000000,0056A220,00000000,00000004,00000160,00000120,00000001,F30A7BBC,000000FF,?,005125AA,?), ref: 0051463E
                                                                                          • ?Save@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000004,?,00569E8C,00000001,00000000,00000000,0056A220,00000000,00000004,00000160,00000120,00000001,F30A7BBC,000000FF), ref: 00514651
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image@@$Resample@Save@V1@@$AllocatorAlphaBpp@Create@DebugHeapHeight@IncreaseWidth@
                                                                                          • String ID: %s\%d.png$%s\%d.png$352x288$640x480
                                                                                          • API String ID: 2860891125-2440275166
                                                                                          • Opcode ID: a43d91bb6eb54d53ff6a1737a5b0fe56c092a8fccabc49aed94ca0378de78455
                                                                                          • Instruction ID: acc42daae56a842fc35e0990e2763de5810e809cf3d34599ed660b5ee8a323ea
                                                                                          • Opcode Fuzzy Hash: a43d91bb6eb54d53ff6a1737a5b0fe56c092a8fccabc49aed94ca0378de78455
                                                                                          • Instruction Fuzzy Hash: 5A6107B5E00209AFDB04EF99D892AEEBBB5FF88300F108529F515B7291DB746941CF94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00472C60 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 270memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$_wfopen_sfclose
                                                                                          • String ID: base_class$class$name$prop$val
                                                                                          • API String ID: 1905607448-2961531382
                                                                                          • Opcode ID: 265c9ab7eb5baf22480eda760dc822cfc626c5c0d99404b903e2b5ff3dc1b93f
                                                                                          • Instruction ID: 751db2e67e60f486d96aaf90422ccf13f7de2e4e99e3856fc400571b524def08
                                                                                          • Opcode Fuzzy Hash: 265c9ab7eb5baf22480eda760dc822cfc626c5c0d99404b903e2b5ff3dc1b93f
                                                                                          • Instruction Fuzzy Hash: 47C14C70901258DEDB14EBA4CD55BEEBBB4BF50308F10819EE14A67292DB781F88CF95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042E150 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 171memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042E198
                                                                                            • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042E1D1
                                                                                            • Part of subcall function 004167E0: _DebugHeapAllocator.LIBCPMTD ref: 004167EE
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042E203
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042E23C
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042E258
                                                                                          • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000400), ref: 0042E295
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042E2A5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$DateFormat
                                                                                          • String ID: Created by: $Creation date: $Name: $www.manycam.com$www.manycam.com
                                                                                          • API String ID: 393568584-1701023392
                                                                                          • Opcode ID: 6ae18c8123b619394136c12ce8f0d690e019f5e653af45ce7849ef6131bd0f08
                                                                                          • Instruction ID: cbadc1f5ef3ad51f7f35ce95d366eb704496e5c2bb1529dbc726db86d70e8f02
                                                                                          • Opcode Fuzzy Hash: 6ae18c8123b619394136c12ce8f0d690e019f5e653af45ce7849ef6131bd0f08
                                                                                          • Instruction Fuzzy Hash: 65711771A001199FCB14EB64CD91BEEB7B4BF48304F10869DE55AA7291DF34AE88CF94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00406670 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 164COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00406840: GetWindowLongW.USER32(?,000000F0), ref: 0040684F
                                                                                          • GetParent.USER32 ref: 0040669A
                                                                                          • GetWindow.USER32(?,00000004), ref: 004066AD
                                                                                          • GetWindowRect.USER32 ref: 004066C0
                                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D
                                                                                          • GetWindowRect.USER32 ref: 0040673B
                                                                                          • GetParent.USER32(?), ref: 00406749
                                                                                          • GetClientRect.USER32 ref: 0040675A
                                                                                          • GetClientRect.USER32 ref: 00406768
                                                                                          • MapWindowPoints.USER32 ref: 0040677C
                                                                                          • SetWindowPos.USER32(F30A7BBC,00000000,00000000,F30A7BBC,000000FF,000000FF,00000015,?,?), ref: 00406826
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$Rect$ClientLongParent$InfoParametersPointsSystem
                                                                                          • String ID: *b@
                                                                                          • API String ID: 2289592163-3951841937
                                                                                          • Opcode ID: 85e0b70c33394ba71c68aafcb1af9cf7bac2a856a7ed6dfd4d8bfa7c3afbd8a7
                                                                                          • Instruction ID: 1e1c0fd00856f1237eb481f10da8126670bc63b2ce16d521bf68457a350c038b
                                                                                          • Opcode Fuzzy Hash: 85e0b70c33394ba71c68aafcb1af9cf7bac2a856a7ed6dfd4d8bfa7c3afbd8a7
                                                                                          • Instruction Fuzzy Hash: BA611975E00209EFDB04CFE8C984AEEBBB5BF88304F148629E516BB394D734A945CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041C950 Relevance: 19.7, APIs: 13, Instructions: 185COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                          • GetStockObject.GDI32(00000000), ref: 0041C9C4
                                                                                          • FillRect.USER32 ref: 0041C9D3
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT ref: 0041C9FF
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT ref: 0041CA2E
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000), ref: 0041CA56
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000), ref: 0041CA6D
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CA97
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CAC5
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB0E
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB36
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB4D
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB77
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CBA5
                                                                                            • Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image@@$C__@@Draw@U3@_Utag$Width@$Rect$ClientFillHeight@ObjectStock
                                                                                          • String ID:
                                                                                          • API String ID: 1214153398-0
                                                                                          • Opcode ID: 1d1617abfc9fbb8697bfd5c8fbec6c435857e0e2642eb5cd6e205186f3222b68
                                                                                          • Instruction ID: 64adb8edbe6d6a745132db4a95317a47dd4f78eb1bf019a77eab89ed2a27929a
                                                                                          • Opcode Fuzzy Hash: 1d1617abfc9fbb8697bfd5c8fbec6c435857e0e2642eb5cd6e205186f3222b68
                                                                                          • Instruction Fuzzy Hash: 8A81C3B4D002099FDB58EF98D991BEEB7B5BF48304F20816AE519B7381DB342A45CF64
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00502A40 Relevance: 19.7, APIs: 13, Instructions: 160COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 898b4d837ae699b25311b23fbbf044c2f725344d7131efd26da484f397ae12a6
                                                                                          • Instruction ID: 12e37dd4abdcf4f70f14d239c3f2fb0002299592faa212dd5bf358f334e534ec
                                                                                          • Opcode Fuzzy Hash: 898b4d837ae699b25311b23fbbf044c2f725344d7131efd26da484f397ae12a6
                                                                                          • Instruction Fuzzy Hash: 20615470904308EFDB14DFA4D85AAEEBFB6BF55310F204A19E516AB2D1EB305A48DB50
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00434E60 Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 254COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: #NC$Backgrounds$Date & Time$Drawing over video$Text over video
                                                                                          • API String ID: 0-745308588
                                                                                          • Opcode ID: e89cde5ceba465d579d9307fe3d900b605cbcdb901679e140c7094b8ba2244ab
                                                                                          • Instruction ID: 61b0055fb2e5cbe1d4e4773f87cdc9b928e12edc189f893c90bd2281fadebac5
                                                                                          • Opcode Fuzzy Hash: e89cde5ceba465d579d9307fe3d900b605cbcdb901679e140c7094b8ba2244ab
                                                                                          • Instruction Fuzzy Hash: D4B14271D052189FCF08EFE5D851BEEBBB5BF48308F14452EE10A6B282DB385945CB99
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00406B70 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 325stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetClassNameW.USER32 ref: 00406BCD
                                                                                          • lstrcmpiW.KERNEL32(00000000,static), ref: 00406BE4
                                                                                            • Part of subcall function 00407320: GetWindowLongW.USER32(-00000004,000000F0), ref: 00407331
                                                                                            • Part of subcall function 00406840: GetWindowLongW.USER32(?,000000F0), ref: 0040684F
                                                                                          • LoadCursorW.USER32(00000000,00007F89), ref: 00406C72
                                                                                          • GetStockObject.GDI32(0000000D), ref: 00406CC9
                                                                                          • memset.MSVCR80 ref: 00406D0D
                                                                                          • CreateFontIndirectW.GDI32(00000000), ref: 00406D7E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: LongWindow$ClassCreateCursorFontIndirectLoadNameObjectStocklstrcmpimemset
                                                                                          • String ID: Anchor Color$Anchor Color Visited$Software\Microsoft\Internet Explorer\Settings$static
                                                                                          • API String ID: 537339791-2739629574
                                                                                          • Opcode ID: 99ecedde21c05c3d22bbeafe7e2b67f4cdb7fe62b879cd42fd35616c0f2689b9
                                                                                          • Instruction ID: 199e44e7be4628ee2e688c610ba56af09b0a08d7a3a9a70c30624c5daa12086b
                                                                                          • Opcode Fuzzy Hash: 99ecedde21c05c3d22bbeafe7e2b67f4cdb7fe62b879cd42fd35616c0f2689b9
                                                                                          • Instruction Fuzzy Hash: 45E14970A042689FDB64DB65CC49BAEB7B1AF04304F1042EAE54A772D2DB346EC4CF59
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004AAFD0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 254COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: clock$AllocatorDebugHeapfflushfwprintf
                                                                                          • String ID: CEffectStack::SelectEffect$Effect pointer is NULL.$No such effect found in stack$AN
                                                                                          • API String ID: 2739697835-3664681806
                                                                                          • Opcode ID: 221cc7908e8e233be853d1dd1845420aec90c9ea438a58ddf34726c8fe8ac0e0
                                                                                          • Instruction ID: 60628f8e65fa033cdeac9a30f19292ee3b75e2ecbf0df95034a13fcf3e9652a5
                                                                                          • Opcode Fuzzy Hash: 221cc7908e8e233be853d1dd1845420aec90c9ea438a58ddf34726c8fe8ac0e0
                                                                                          • Instruction Fuzzy Hash: FEB13A70E00208DFDB14DFA9C895BEEBBB5FF59314F10811EE415AB292DB786905CB98
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 005047C0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0_Lockit@std@@QAE@H@Z.MSVCP80(00000000,F30A7BBC,?,?,?,00000000,00538D49,000000FF,?,0050405E,?), ref: 005047EA
                                                                                          • ??Bid@locale@std@@QAEIXZ.MSVCP80(?,?,?,00000000,00538D49,000000FF,?,0050405E), ref: 00504804
                                                                                          • ?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z.MSVCP80(00538D49,?,?,?,00000000,00538D49,000000FF,?,0050405E), ref: 00504814
                                                                                          • ??1_Lockit@std@@QAE@XZ.MSVCP80(00585C98,00585C98), ref: 00504898
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Getfacet@locale@std@@Vfacet@12@
                                                                                          • String ID: ^@P$bad cast
                                                                                          • API String ID: 2261832285-3230263104
                                                                                          • Opcode ID: 3b2a1131cef9067ba1ac1022581be8c82768a399d86bdfc45b63dcb7fc16c2e6
                                                                                          • Instruction ID: 824bbbae0ea1dedba38b35fd60e665a14d2ea96d15b6e9388a122e9d75c37290
                                                                                          • Opcode Fuzzy Hash: 3b2a1131cef9067ba1ac1022581be8c82768a399d86bdfc45b63dcb7fc16c2e6
                                                                                          • Instruction Fuzzy Hash: 4631F9B4D04209DFDB08DFA5E845AAEBBB5FF58310F108A2AE922A33D0DB745905DF50
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004087B0 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 464memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetSystemMetrics.USER32 ref: 004087E6
                                                                                            • Part of subcall function 0040DA70: SetWindowPos.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,0040880B,?,?,0040880B,00000000,00000000,00000000,000001E2,-0000012B), ref: 0040DA95
                                                                                            • Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD
                                                                                            • Part of subcall function 00406670: GetParent.USER32 ref: 0040669A
                                                                                            • Part of subcall function 00406670: GetWindowRect.USER32 ref: 004066C0
                                                                                            • Part of subcall function 00406670: GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
                                                                                            • Part of subcall function 00406670: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D
                                                                                            • Part of subcall function 004CB5F0: SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004CB626
                                                                                            • Part of subcall function 004CB5F0: _wmkdir.MSVCR80 ref: 004CB633
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                            • Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                                          • MoveWindow.USER32(00000000,?,00000485,00000015,0000002D,00000052,00000017,00000000,00000117,000000C6,000000AF,00000017,00000001,00000000,?,0000048A), ref: 00408C6C
                                                                                          • MoveWindow.USER32(00000000,?,0000048B,0000011C,00000104,00000058,00000017,00000000), ref: 00408CA4
                                                                                          • MoveWindow.USER32(00000000,?,0000048C,0000017A,00000104,00000058,00000017,00000000), ref: 00408CDC
                                                                                          • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00408D50
                                                                                          • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00408DF3
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00408E57
                                                                                          Strings
                                                                                          • \ManyCam\TempBackgroundPreview, xrefs: 00408853
                                                                                          • http://manycam.com/help/effects, xrefs: 00408A61
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$AllocatorDebugHeapMove$ParentSystem$Base::Concurrency::details::Concurrency::task_options::get_schedulerFileFindFirstFolderInfoLongMetricsParametersPathPolicyRectSchedulerSpecial_wmkdir
                                                                                          • String ID: \ManyCam\TempBackgroundPreview$http://manycam.com/help/effects
                                                                                          • API String ID: 802195438-2992585156
                                                                                          • Opcode ID: ad0380625fa3cecf4b5e51684995b29088e82c278d6510ee7f53ab51bdbc22ca
                                                                                          • Instruction ID: 373e2faf4f294b9354e902988eb878b0a96774ffebd8d1961b2fcec7c08dd6c9
                                                                                          • Opcode Fuzzy Hash: ad0380625fa3cecf4b5e51684995b29088e82c278d6510ee7f53ab51bdbc22ca
                                                                                          • Instruction Fuzzy Hash: 11121F70A041189BEB24EB55CD91BED7775AF44308F0044EEA20E7B2C2DE796E94CF69
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042C210 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 156memoryfileCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0042F960: _invalid_parameter_noinfo.MSVCR80(-0000003E,?,004AB3E0,00000000,0000000A,00000001,F30A7BBC,000000FF,?,004AB79D), ref: 0042F974
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • GetActiveWindow.USER32 ref: 0042C327
                                                                                            • Part of subcall function 00413FB0: ??2@YAPAXI@Z.MSVCR80 ref: 00413FD7
                                                                                            • Part of subcall function 00413FB0: Concurrency::details::GlobalCore::TopologyObject::TopologyObject.LIBCMTD ref: 00413FF6
                                                                                            • Part of subcall function 004CB2C0: _DebugHeapAllocator.LIBCPMTD ref: 004CB2DC
                                                                                          • CopyFileW.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 0042C370
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                          • wcslen.MSVCR80 ref: 0042C413
                                                                                            • Part of subcall function 0040EDB0: _DebugHeapAllocator.LIBCPMTD ref: 0040EDE7
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042C457
                                                                                            • Part of subcall function 004CC090: memset.MSVCR80 ref: 004CC0AE
                                                                                            • Part of subcall function 004CC090: memset.MSVCR80 ref: 004CC0CB
                                                                                            • Part of subcall function 004CC090: wcscpy.MSVCR80 ref: 004CC0DF
                                                                                            • Part of subcall function 004CC090: wcscat.MSVCR80 ref: 004CC0F8
                                                                                            • Part of subcall function 004CC090: CreateProcessW.KERNEL32 ref: 004CC124
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Topologymemset$??2@ActiveConcurrency::details::CopyCore::CreateFileGlobalObjectObject::ProcessWindow_invalid_parameter_noinfowcscatwcscpywcslen
                                                                                          • String ID: .mce$Do you want to open the folder where you saved the effect?$Effect file (*.mce)$ManyCam Virtual Webcam$mce
                                                                                          • API String ID: 4229144189-31463061
                                                                                          • Opcode ID: c8ce9ba4c6ac3e6fa5cccc0376bda836f198ede4cd0e84537055311324007d24
                                                                                          • Instruction ID: 755dc5116854decbce9ee1598fe2735ff65fd65bd7c172bae2ad841472dafe18
                                                                                          • Opcode Fuzzy Hash: c8ce9ba4c6ac3e6fa5cccc0376bda836f198ede4cd0e84537055311324007d24
                                                                                          • Instruction Fuzzy Hash: 387158B1D005289EDB24EB64DC95BEFBBB4AF49309F0041EEE509A7281DB345E88CF55
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0050E050 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 116memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0050E09D
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0050E0C5
                                                                                            • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4E3
                                                                                            • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4FF
                                                                                          • ??0CxImage@@QAE@PAEKK@Z.CXIMAGECRT(&<Q,?,00000000,?,?,?,&<Q), ref: 0050E12E
                                                                                          • ?Encode2RGBA@CxImage@@QAE_NAAPAEAAJ_N@Z.CXIMAGECRT(00000000,00000000,00000000,&<Q,?,00000000,?,?,?,&<Q), ref: 0050E155
                                                                                          • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,&<Q,?,00000000,?,?,?,&<Q), ref: 0050E160
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,&<Q,?,00000000,?,?,?,&<Q), ref: 0050E16C
                                                                                          • ??3@YAXPAX@Z.MSVCR80 ref: 0050E1B7
                                                                                          • ~_Mpunct.LIBCPMTD ref: 0050E1D3
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeapImage@@$??3@Encode2Height@MpunctWidth@
                                                                                          • String ID: &<Q
                                                                                          • API String ID: 2867035028-2887711709
                                                                                          • Opcode ID: fbbaa05d77a0a2c3aee7ba4de5523e50d8f2c9dc1e9e8a6a3e8fff9c4fd9968c
                                                                                          • Instruction ID: 4fa1d1e2ea6a526748637154a1db03ed3227427cf2602f353b57d12039db24cc
                                                                                          • Opcode Fuzzy Hash: fbbaa05d77a0a2c3aee7ba4de5523e50d8f2c9dc1e9e8a6a3e8fff9c4fd9968c
                                                                                          • Instruction Fuzzy Hash: 175137B1D00259AFDB14EF54CC46BEEBBB8AF54304F1082ADE519A7281DB746B84CF90
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00504470 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0_Lockit@std@@QAE@H@Z.MSVCP80(00000000,F30A7BBC,?,00538D19,000000FF,?,005028F6,?,?,00000000,00000001), ref: 0050449A
                                                                                          • ??Bid@locale@std@@QAEIXZ.MSVCP80(?,005028F6,?,?,00000000), ref: 005044B4
                                                                                          • ?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z.MSVCP80(005028F6,?,005028F6,?,?,00000000), ref: 005044C4
                                                                                          • ??1_Lockit@std@@QAE@XZ.MSVCP80(00585C98,00585C98), ref: 00504548
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Getfacet@locale@std@@Vfacet@12@
                                                                                          • String ID: bad cast
                                                                                          • API String ID: 2261832285-3145022300
                                                                                          • Opcode ID: 923687adefb6f0c19f08b85b92506c3169178af31264b40b8c27a0d15710eb83
                                                                                          • Instruction ID: daf008f5657916d2d0eedf94b6e793cb89aacae9b3ddac5973414a6306a2ac1a
                                                                                          • Opcode Fuzzy Hash: 923687adefb6f0c19f08b85b92506c3169178af31264b40b8c27a0d15710eb83
                                                                                          • Instruction Fuzzy Hash: CE31F7B5D04209DFDB18DFA4EC45AAEBBB4FB58310F10862AE922A33D0DB745945DF50
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 005005B0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 64COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.MSVCR80 ref: 005005BE
                                                                                          • GetDC.USER32(00000000), ref: 005005E7
                                                                                          • CreateCompatibleDC.GDI32(?), ref: 005005F4
                                                                                          • CreateDIBSection.GDI32(?,00000028,00000000,004FFD12,00000000,00000000), ref: 00500611
                                                                                          • SelectObject.GDI32(?,?), ref: 00500624
                                                                                          • CreateSolidBrush.GDI32(00646464), ref: 0050062F
                                                                                          • FillRect.USER32 ref: 00500660
                                                                                          • DeleteObject.GDI32(?), ref: 0050066A
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Create$Object$BrushCompatibleDeleteFillRectSectionSelectSolidmemset
                                                                                          • String ID: (
                                                                                          • API String ID: 350534114-3887548279
                                                                                          • Opcode ID: 3e1382d06632c1444c66c9e23b0b1d57039686e8e7ec12f8ecdf2cdf2c9d43f5
                                                                                          • Instruction ID: 6b77fbc94f0777f5953b629b7868787099419c0b5001c060241ffebfa8b2f360
                                                                                          • Opcode Fuzzy Hash: 3e1382d06632c1444c66c9e23b0b1d57039686e8e7ec12f8ecdf2cdf2c9d43f5
                                                                                          • Instruction Fuzzy Hash: FE21E9B5900308EFDB04DF94D888B9EBBB5FF88301F108119FA05A7390D7759A09DB61
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00402680 Relevance: 15.4, APIs: 10, Instructions: 409COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • cvSet.CXCORE099(?,?,?,?,?,?,00000000), ref: 004026F7
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 00402755
                                                                                          • _CIsqrt.MSVCR80 ref: 004027F6
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 00402852
                                                                                          • cvSet2D.CXCORE099(?,?,?), ref: 004028DB
                                                                                          • cvGEMM.CXCORE099(?,?,?,00000000,?,00000000), ref: 00402925
                                                                                          • cvSet2D.CXCORE099(?,?,?), ref: 0040299E
                                                                                          • cvGEMM.CXCORE099(?,?,?,00000000,?,00000000), ref: 00402A4D
                                                                                          • cvGEMM.CXCORE099(?,?), ref: 00402ADA
                                                                                          • cvLine.CXCORE099(?,?,?,?,?), ref: 00402B4D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Set2$IsqrtLine
                                                                                          • String ID:
                                                                                          • API String ID: 2296038289-0
                                                                                          • Opcode ID: 5380ecd6c58ae11980828ad1f4b84ea6df1e54ba14efa23bf64b0481e8ed7457
                                                                                          • Instruction ID: 98af563dca7e08dae4733c818569099b16958337ef14baff457f1a71e3476642
                                                                                          • Opcode Fuzzy Hash: 5380ecd6c58ae11980828ad1f4b84ea6df1e54ba14efa23bf64b0481e8ed7457
                                                                                          • Instruction Fuzzy Hash: C8F16CB1A05601DFC305AF60D589A6ABFF0FF84740F614D88E4D5262A9E731D8B5CF86
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004888F0 Relevance: 15.1, APIs: 10, Instructions: 73COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(F30A7BBC,?,?,?,?,?,?,00530C89,000000FF), ref: 00488924
                                                                                          • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 00488936
                                                                                          • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 00488941
                                                                                          • ?capacity@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 00488952
                                                                                          • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 0048895D
                                                                                          • ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z.MSVCP80(00000000,00000000,?,?,?,?,00530C89,000000FF), ref: 0048897B
                                                                                          • ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z.MSVCP80(?,?,?,?,?,00530C89,000000FF), ref: 00488998
                                                                                          • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 004889A8
                                                                                          • ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z.MSVCP80(00000000,00000000,?,?,?,?,00530C89,000000FF), ref: 004889B7
                                                                                          • ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z.MSVCP80(00000000,?,?,?,?,00530C89,000000FF), ref: 004889C6
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$?append@?$basic_string@_V12@$?size@?$basic_string@D@2@@std@@D@std@@Myptr@?$basic_string@_U?$char_traits@V?$allocator@$??0?$basic_string@_??1?$basic_string@_?capacity@?$basic_string@_V12@@
                                                                                          • String ID:
                                                                                          • API String ID: 2582929383-0
                                                                                          • Opcode ID: 99d232171a17d203477813e664fcae17ef49d5089341ea70655ec06df161d3e9
                                                                                          • Instruction ID: cf8cf326054b3b9829f24e0287d30cae8bbcd3a7b8d77b238681494193127ac1
                                                                                          • Opcode Fuzzy Hash: 99d232171a17d203477813e664fcae17ef49d5089341ea70655ec06df161d3e9
                                                                                          • Instruction Fuzzy Hash: 62316F75900118EFDB04EF64D844AADBBB6FF98350F00852AF91697390DB349D45CF84
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00426830 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 282COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                            • Part of subcall function 004DBD20: Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 004DBD89
                                                                                            • Part of subcall function 0041AA10: SendMessageW.USER32(?,000000F1,?,00000000), ref: 0041AA28
                                                                                          • EnableWindow.USER32(00000000,?), ref: 00426AE5
                                                                                          • EnableWindow.USER32(00000000,?), ref: 00426B0B
                                                                                          • EnableWindow.USER32(00000000,?), ref: 00426B31
                                                                                            • Part of subcall function 00406640: GetDlgItem.USER32 ref: 00406651
                                                                                          • EnableWindow.USER32(00000000,?), ref: 00426BA2
                                                                                          • EnableWindow.USER32(00000000,?), ref: 00426BC8
                                                                                          • EnableWindow.USER32(00000000,?), ref: 00426BEE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: EnableWindow$AllocatorBase::Concurrency::details::DebugHeapItemMessagePolicySchedulerSend
                                                                                          • String ID: Date & Time$Date & Time
                                                                                          • API String ID: 619755922-1824290
                                                                                          • Opcode ID: a5128ecf2bfc12e82fa0dba930c93669bde01c1fa38846d0eea276c6fef756bf
                                                                                          • Instruction ID: 7e53ba8ca3602d55db941a0292c8f540ac9753e8b76add4a113b5e3c50ff2c41
                                                                                          • Opcode Fuzzy Hash: a5128ecf2bfc12e82fa0dba930c93669bde01c1fa38846d0eea276c6fef756bf
                                                                                          • Instruction Fuzzy Hash: 78B12CB0E002199FDF08EFE5DD56AAEB7B5EF44308F40452EE202B7281DB785A54CB59
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004B2740 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 210memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CoTaskMemFree.OLE32(00000000,00000000), ref: 004B2816
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004B280A
                                                                                            • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004B284D
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004B287B
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004B2926
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004B2938
                                                                                          Strings
                                                                                          • - PIN Id=%s Name=%s Dir=%s ConnectedTo=%s (%s), xrefs: 004B29AF
                                                                                          • ConnectionMediaType:, xrefs: 004B29CD
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$FreeTask
                                                                                          • String ID: - PIN Id=%s Name=%s Dir=%s ConnectedTo=%s (%s)$ConnectionMediaType:
                                                                                          • API String ID: 2977454536-3767152877
                                                                                          • Opcode ID: 7365bd653b06ff7014c07b105e705209bc8ea7cbefe77dba3365ebff6c9963ec
                                                                                          • Instruction ID: 9de56078743278097fdae2ef512013b449c6826a7b1472736913757348bad0bc
                                                                                          • Opcode Fuzzy Hash: 7365bd653b06ff7014c07b105e705209bc8ea7cbefe77dba3365ebff6c9963ec
                                                                                          • Instruction Fuzzy Hash: 77A114719041189FCB29EB65CD84BDEB7B4AF49304F5081DAE00AA7291DB746F88CFA4
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0043CEA0 Relevance: 13.6, APIs: 9, Instructions: 97memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0043CEFB
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0043CF08
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0043CF15
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0043CF22
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0043CF2F
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0043CF4B
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0043CF58
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0043CF65
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0043CF72
                                                                                            • Part of subcall function 004285A0: _DebugHeapAllocator.LIBCPMTD ref: 004285E6
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap
                                                                                          • String ID:
                                                                                          • API String ID: 571936431-0
                                                                                          • Opcode ID: 7dde6df72e2f30a2c9bd449785fc4617a8159b5b431111dab642cfc3852a33a4
                                                                                          • Instruction ID: e3528f18f7450318784779ed7222ae790fc56f1f68400182586ad65bdeffc5e4
                                                                                          • Opcode Fuzzy Hash: 7dde6df72e2f30a2c9bd449785fc4617a8159b5b431111dab642cfc3852a33a4
                                                                                          • Instruction Fuzzy Hash: C44170B0A441699BDB08EB99DCA2BBFB771BF44308F14054DE5222B3C2CB796910CB59
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004887A0 Relevance: 13.6, APIs: 9, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z.MSVCP80(00000000,F30A7BBC,F30A7BBC,?,?,00488794,F30A7BBC,0049A100,0049A100), ref: 004887D9
                                                                                          • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(F30A7BBC,?,?,00488794,F30A7BBC,0049A100,0049A100), ref: 004887E7
                                                                                          • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,00488794,F30A7BBC,0049A100,0049A100), ref: 004887F5
                                                                                          • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(?,00488794,F30A7BBC,0049A100,0049A100), ref: 00488800
                                                                                          • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,?,00488794,F30A7BBC,0049A100,0049A100), ref: 00488819
                                                                                          • ?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z.MSVCP80(?,00000000,?,?,00488794,F30A7BBC,0049A100,0049A100), ref: 0048882E
                                                                                          • ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z.MSVCP80(?,?,?,00488794,F30A7BBC,0049A100,0049A100), ref: 0048884B
                                                                                          • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP80(?,?,00488794,F30A7BBC,0049A100,0049A100), ref: 0048885B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$Myptr@?$basic_string@_$V12@$??1?$basic_string@_??4?$basic_string@_?erase@?$basic_string@_?size@?$basic_string@?substr@?$basic_string@_D@2@@std@@D@std@@U?$char_traits@V01@V01@@V?$allocator@
                                                                                          • String ID:
                                                                                          • API String ID: 731949045-0
                                                                                          • Opcode ID: 2f69720e727eced4ed2275371a078fe7476b196afe62a487cd70bae6314d5383
                                                                                          • Instruction ID: 4406f9edcf3e418624fedf0353d0674b6ffa21746b1b988d8d39eeb2d4d24482
                                                                                          • Opcode Fuzzy Hash: 2f69720e727eced4ed2275371a078fe7476b196afe62a487cd70bae6314d5383
                                                                                          • Instruction Fuzzy Hash: 5C314D31900108EFDB04EF59E898A9DBBB6FB98350F40C52AF91A973A0DB30A944DF54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042A5B0 Relevance: 12.4, APIs: 1, Strings: 7, Instructions: 420COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00406640: GetDlgItem.USER32 ref: 00406651
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A415
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A437
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A455
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A47D
                                                                                            • Part of subcall function 0041A3B0: ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,?,00000000,?,0053E990,?,?,?,?,?,\class.xml,?,?,?,data\images\), ref: 0041A530
                                                                                            • Part of subcall function 0041DE10: ??_V@YAXPAX@Z.MSVCR80 ref: 0041DE55
                                                                                            • Part of subcall function 004065B0: SetWindowTextW.USER32(?,004062B3), ref: 004065C1
                                                                                            • Part of subcall function 0040DA40: MoveWindow.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,?,?,00408A2E,0000006D,0000002D,00000157,00000017,00000001,00000000,?), ref: 0040DA61
                                                                                            • Part of subcall function 0041DE10: lstrlenW.KERNEL32(00000000,F30A7BBC,?,?,?,0000001F,00000001,CameraDlg\btn_properties,00000000), ref: 0041DE94
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A79D
                                                                                          • memset.MSVCR80 ref: 0042AAEE
                                                                                            • Part of subcall function 0042AC80: _DebugHeapAllocator.LIBCPMTD ref: 0042ACE7
                                                                                            • Part of subcall function 0042AC80: _DebugHeapAllocator.LIBCPMTD ref: 0042AD25
                                                                                            • Part of subcall function 0042AC80: ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,000000CC,00000001,00545BC0,data\images\maindlg\,00000001,?,00000000,F30A7BBC,00000008,000000CC,0000003E,00000001), ref: 0042AD48
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@Load@Window$ItemMoveTextlstrlenmemset
                                                                                          • String ID: Tahoma$drawEffectDlg\btn_clear$drawEffectDlg\btn_large$drawEffectDlg\btn_middle$drawEffectDlg\btn_save$drawEffectDlg\btn_save$drawEffectDlg\btn_small
                                                                                          • API String ID: 917308447-3436469711
                                                                                          • Opcode ID: 270378d4c1d5f14f44e424ebb91537222281f9fe44b533ecab9fbbdcf32d1889
                                                                                          • Instruction ID: 3e0206703fa91518360c9a9f613824172eee4b2edee5d94e2292119dbd36ceb1
                                                                                          • Opcode Fuzzy Hash: 270378d4c1d5f14f44e424ebb91537222281f9fe44b533ecab9fbbdcf32d1889
                                                                                          • Instruction Fuzzy Hash: 7CF12474B407146FEB28E795CD62FAD72659F85708F0400ADB3477E2C2DAF829948B1E
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0050E6A0 Relevance: 12.4, APIs: 8, Instructions: 361memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeapmemset
                                                                                          • String ID:
                                                                                          • API String ID: 622753528-0
                                                                                          • Opcode ID: 2c09cb3bd4d98cd5ac2316cddb9aa19e67c7f66a0578b6bf1a6e020fd8d26f0b
                                                                                          • Instruction ID: 15c03739bf2cff661cf5d104c6130bcee5a7d3e6e4c58e74d1621743953f5b5e
                                                                                          • Opcode Fuzzy Hash: 2c09cb3bd4d98cd5ac2316cddb9aa19e67c7f66a0578b6bf1a6e020fd8d26f0b
                                                                                          • Instruction Fuzzy Hash: 81F17A719022199BDB28EB10CD9ABEEBBB4BF54304F1085E9E40A671D1DB745F88CF91
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0051C700 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 106memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0051C747
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0051C763
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0051C77F
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA07
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA16
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA37
                                                                                          • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,?,?,?,?,?,?,?,?,?,00000000,00000000,00000002,F30A7BBC,00000000,0053A3B3), ref: 0051C7AF
                                                                                            • Part of subcall function 004CB7D0: _DebugHeapAllocator.LIBCPMTD ref: 004CB82F
                                                                                            • Part of subcall function 004CB7D0: _DebugHeapAllocator.LIBCPMTD ref: 004CB866
                                                                                            • Part of subcall function 004CB7D0: _DebugHeapAllocator.LIBCPMTD ref: 004CB87E
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0051C7F9
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,data\effect_data\dynamic\thumb_flame.png,?,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 0051C80F
                                                                                          Strings
                                                                                          • data\effect_data\dynamic\thumb_flame.png, xrefs: 0051C7F1
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@$Load@
                                                                                          • String ID: data\effect_data\dynamic\thumb_flame.png
                                                                                          • API String ID: 1218648879-4109514639
                                                                                          • Opcode ID: dc45232efdd33dc5f7feb1d58bc7c2ec79794393a0ee461e2444023c402d1e55
                                                                                          • Instruction ID: f69a70a34f42c5d00329ef408a04b5ff72207269e3b6c083d69e23a25c086416
                                                                                          • Opcode Fuzzy Hash: dc45232efdd33dc5f7feb1d58bc7c2ec79794393a0ee461e2444023c402d1e55
                                                                                          • Instruction Fuzzy Hash: 71414A70901248EFCB04EFA8D952BDEBBF5AF48304F10855EF405BB281DB796A04CBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0051EAD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0051EB17
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0051EB33
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0051EB4F
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA07
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA16
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA37
                                                                                          • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,?,?,?,?,?,?,?,?,?,00000000,00000000,00000002,F30A7BBC,00000000,0053A4D3), ref: 0051EB7F
                                                                                            • Part of subcall function 004CB7D0: _DebugHeapAllocator.LIBCPMTD ref: 004CB82F
                                                                                            • Part of subcall function 004CB7D0: _DebugHeapAllocator.LIBCPMTD ref: 004CB866
                                                                                            • Part of subcall function 004CB7D0: _DebugHeapAllocator.LIBCPMTD ref: 004CB87E
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0051EBAF
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,data\effect_data\dynamic\thumb_water.png,?,?,?,00000000,?,?,?,?,?,?,?,?,?), ref: 0051EBC5
                                                                                          Strings
                                                                                          • data\effect_data\dynamic\thumb_water.png, xrefs: 0051EBA7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@$Load@
                                                                                          • String ID: data\effect_data\dynamic\thumb_water.png
                                                                                          • API String ID: 1218648879-3745058554
                                                                                          • Opcode ID: 47e3509cb4362d43f02672c40ae8f9df2603fe35c27b78ac875add5098c6c237
                                                                                          • Instruction ID: cda05a8648964da65df8300b1a1ac8ff815ce23c1016a18e823aa2bd9e5ef196
                                                                                          • Opcode Fuzzy Hash: 47e3509cb4362d43f02672c40ae8f9df2603fe35c27b78ac875add5098c6c237
                                                                                          • Instruction Fuzzy Hash: DB413A71D05248EFCB04EFA8D952BDEBBF5AB48304F10815EF415B7281DB786A04CBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004EE480 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 96COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ??2@_wfopen_sfclosesprintf
                                                                                          • String ID: Profile$Profile$version
                                                                                          • API String ID: 1390787408-4282614801
                                                                                          • Opcode ID: 51e016afbcfdb453cc329060a2081c16185e670bcf6b789de32307e65e810d69
                                                                                          • Instruction ID: 7dcd1aafccb1634e75f57b13e5294bdba7da441c125a8e789c6d80d11b892b87
                                                                                          • Opcode Fuzzy Hash: 51e016afbcfdb453cc329060a2081c16185e670bcf6b789de32307e65e810d69
                                                                                          • Instruction Fuzzy Hash: D0314AB0D003499BDB04DF99DC56BAEBBB4FF84709F00412EE51AAB381DB786904CB95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00428400 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 75memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042847C
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004284BA
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,000003EB,00000014,00544C8C,data\images\maindlg\,00000014,?,?,F30A7BBC,?,000003EB,000001B0,00000014), ref: 004284DD
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@Load@
                                                                                          • String ID: (MT$.png$TMT$data\images\maindlg\
                                                                                          • API String ID: 1315443971-3643503733
                                                                                          • Opcode ID: cbffbf393df03336253548ef9ff51fddc2804daf7bf0528a20e93201e72a3de5
                                                                                          • Instruction ID: f06250170feff65d0159650778f77ddb5d8cb4d0749f77b4883fa895b7a58ebd
                                                                                          • Opcode Fuzzy Hash: cbffbf393df03336253548ef9ff51fddc2804daf7bf0528a20e93201e72a3de5
                                                                                          • Instruction Fuzzy Hash: 98313AB1D05248EBCB04DF95E985BDDBBB4FF09318F14452EE01177281DB785A08CBA9
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004825C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75librarywindowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LoadCursorW.USER32(00000000,00007F89), ref: 00482602
                                                                                          • GetWindowsDirectoryW.KERNEL32(00000000,00000104,00000104,?,0049A100,F30A7BBC,?), ref: 00482644
                                                                                          • LoadLibraryW.KERNEL32(00000000,\winhlp32.exe,000000FF,?,0049A100,F30A7BBC,?), ref: 0048266A
                                                                                          • LoadCursorW.USER32(00000000,0000006A), ref: 0048267F
                                                                                          • CopyIcon.USER32 ref: 00482692
                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 004826A5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Load$CursorLibrary$CopyDirectoryFreeIconWindows
                                                                                          • String ID: \winhlp32.exe
                                                                                          • API String ID: 501009500-695620452
                                                                                          • Opcode ID: 72d25b9e93f0e45ffb332d077584a673b3d5e48780a8d95c32651a89c6593934
                                                                                          • Instruction ID: ec6d5bdbcb5f979a409084d156352cb5eef125df936233655878cf5ad0338882
                                                                                          • Opcode Fuzzy Hash: 72d25b9e93f0e45ffb332d077584a673b3d5e48780a8d95c32651a89c6593934
                                                                                          • Instruction Fuzzy Hash: 0D313A71D00208AFDB04EFA4E959BEDBBB5FB18314F50462AF916A72D0DB786948CB14
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004CC090 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 51processCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: memset$CreateProcesswcscatwcscpy
                                                                                          • String ID: D$explorer
                                                                                          • API String ID: 2548451390-59806483
                                                                                          • Opcode ID: 87fd29d6fdca06f79b8b93392fe1b8594b1ff79018bf0756e576e94cb8c1d6ac
                                                                                          • Instruction ID: 906bf29f722530e8e831fd4767c9bb697a1163fcdc31cec5d0d8c6568ad6c1cf
                                                                                          • Opcode Fuzzy Hash: 87fd29d6fdca06f79b8b93392fe1b8594b1ff79018bf0756e576e94cb8c1d6ac
                                                                                          • Instruction Fuzzy Hash: 0E019BB194021CABDB10DB60EC8AFED7738BF54700F440699F609961C1EB755B58CF55
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004042F0 Relevance: 12.1, APIs: 8, Instructions: 101COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • cvCopy.CXCORE099(?,?,00000000,?,?,?,FFFFFFFE,?,?,?,?,00401620), ref: 00404309
                                                                                          • cvInvert.CXCORE099(?,?,00000000,?,?,FFFFFFFE,?,?,?,?,00401620), ref: 00404321
                                                                                          • cvGEMM.CXCORE099(?,?,?,?,?,00000000,?,?,?,?,?,FFFFFFFE), ref: 0040436B
                                                                                            • Part of subcall function 00403550: cvResetImageROI.CXCORE099(?,?,FFFFFFFE), ref: 004035F7
                                                                                            • Part of subcall function 00403550: cvResetImageROI.CXCORE099(?,FFFFFFFE), ref: 00403603
                                                                                            • Part of subcall function 00403550: cvResetImageROI.CXCORE099(?,?,FFFFFFFE), ref: 0040360F
                                                                                            • Part of subcall function 00403550: cvSet.CXCORE099(?), ref: 00403636
                                                                                            • Part of subcall function 00403550: cvSet.CXCORE099(?), ref: 0040365D
                                                                                          • cvSetImageROI.CXCORE099(?), ref: 004043B7
                                                                                          • cvSetImageROI.CXCORE099(?), ref: 004043D9
                                                                                          • cvCopy.CXCORE099(?,?,00000000), ref: 004043E5
                                                                                          • cvResetImageROI.CXCORE099(?), ref: 004043EE
                                                                                          • cvResetImageROI.CXCORE099(?), ref: 004043F7
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image$Reset$Copy$Invert
                                                                                          • String ID:
                                                                                          • API String ID: 2642547888-0
                                                                                          • Opcode ID: e93eb0512fcc8a041c5aa665e6f27bd66d5727e802e950380074bd07c4e28349
                                                                                          • Instruction ID: 4832167a604e7eee410914a1b349f3b52c2c1ab0660e6587da0ebae9eec7833f
                                                                                          • Opcode Fuzzy Hash: e93eb0512fcc8a041c5aa665e6f27bd66d5727e802e950380074bd07c4e28349
                                                                                          • Instruction Fuzzy Hash: 5B3153F4A007009FC314EF14D886F57BBE4AF89710F04896DE98A57381D635E9158BA6
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004C27C0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 336COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,F30A7BBC,?,?,00000000,00534159,000000FF,?,004C2664,?,00000001,00000000,004BCB55,00000001,00000000,00000000), ref: 004C2804
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 004C2818
                                                                                          • _CxxThrowException.MSVCR80(d&L,0057CBF8), ref: 004C2826
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(d&L,0057CBF8,?,?,?,00000000,00534159,000000FF,?,004C2664,?,00000001,00000000,004BCB55,00000001,00000000), ref: 004C2835
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: d&L$map/set<T> too long
                                                                                          • API String ID: 3248949544-2396053701
                                                                                          • Opcode ID: 9e2109b489b36a333a9366bcbadb2707d019cd34c0dca1b399f2e05f1bc863c7
                                                                                          • Instruction ID: 0421590c6fc88a653ea049570befb3043dc480636a3316981a528d684021d55e
                                                                                          • Opcode Fuzzy Hash: 9e2109b489b36a333a9366bcbadb2707d019cd34c0dca1b399f2e05f1bc863c7
                                                                                          • Instruction Fuzzy Hash: 8DD11B74A002459FCB04FFA9C991EAF7776AF89304B20456EF4159B356CB78AC05CBB8
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004D4D80 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 336COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,F30A7BBC,?,?,00000000,00535759,000000FF,?,004D4C24,?,00000001,00000000,?,00000001,00000000,00000000), ref: 004D4DC4
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 004D4DD8
                                                                                          • _CxxThrowException.MSVCR80($LM,0057CBF8), ref: 004D4DE6
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80($LM,0057CBF8,?,?,?,00000000,00535759,000000FF,?,004D4C24,?,00000001,00000000,?,00000001,00000000), ref: 004D4DF5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: $LM$map/set<T> too long
                                                                                          • API String ID: 3248949544-3238143215
                                                                                          • Opcode ID: b3a5ef0cd3d0604de93e7cfc4f998ecbca4839092f53841d330d18dc272e40e7
                                                                                          • Instruction ID: a07927191520cae1e6be455f76438f534ad6819f987c116f95f500b89d554bea
                                                                                          • Opcode Fuzzy Hash: b3a5ef0cd3d0604de93e7cfc4f998ecbca4839092f53841d330d18dc272e40e7
                                                                                          • Instruction Fuzzy Hash: A9D10B71A142159FCB04EFE5E8A1E6F7776AFC9304B50455FF0129B359DA38AC02CBA8
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004AAB20 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 256COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                            • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 004AAC1D
                                                                                          • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 004AAC4F
                                                                                            • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                          Strings
                                                                                          • Inserting effect %s to stack at position %d., xrefs: 004AACE1
                                                                                          • CVideoProcessor::InsertEffectToStack, xrefs: 004AAB4B
                                                                                          • Inserting effect %s\%s\%s to stack at position %d., xrefs: 004AAC73
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: clock$AllocatorBase::Concurrency::details::Concurrency::task_options::get_schedulerDebugHeapPolicyScheduler
                                                                                          • String ID: CVideoProcessor::InsertEffectToStack$Inserting effect %s to stack at position %d.$Inserting effect %s\%s\%s to stack at position %d.
                                                                                          • API String ID: 1896687067-3121683814
                                                                                          • Opcode ID: 2f379fbdc71ef8fe106dd6932f9e4df42c7bfac42d585d9b32fea62b007a0ea8
                                                                                          • Instruction ID: 105fcc333d0e6ff14583993c1dd746094cb4f3fab98b4d368d8a839d86cc259d
                                                                                          • Opcode Fuzzy Hash: 2f379fbdc71ef8fe106dd6932f9e4df42c7bfac42d585d9b32fea62b007a0ea8
                                                                                          • Instruction Fuzzy Hash: 56B12B70900208EFCB14DFA8C891BDEBBB5BF59314F10825EE419AB391DB74AE45CB95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004F6860 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 180memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004F68AB
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004F68DB
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004F6903
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004F692B
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                                          • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,000000FF,?,?,?,?,?,?,?,?,?,00000000,?,00000001,F30A7BBC), ref: 004F696D
                                                                                            • Part of subcall function 004CB5F0: SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004CB626
                                                                                            • Part of subcall function 004CB5F0: _wmkdir.MSVCR80 ref: 004CB633
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                            • Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                                          Strings
                                                                                          • \ManyCam\BackgroundEffect, xrefs: 004F69A8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$FileFindFirstFolderImage@@PathSpecial_wmkdir
                                                                                          • String ID: \ManyCam\BackgroundEffect
                                                                                          • API String ID: 711174743-980167294
                                                                                          • Opcode ID: be2178804a92c928cd2aed66c8cbe30649dd095b03b0f11a4b1ac172dfbbafa9
                                                                                          • Instruction ID: 1d1004133df218b0561d43129003d36592f772ef424460559cb02d2d1cb950c8
                                                                                          • Opcode Fuzzy Hash: be2178804a92c928cd2aed66c8cbe30649dd095b03b0f11a4b1ac172dfbbafa9
                                                                                          • Instruction Fuzzy Hash: 5E8189B0901258DEDB14EF64DC41BDEBBB6AB94308F0081DEE449A3281DB795B98CF95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004266B0 Relevance: 10.6, APIs: 7, Instructions: 103COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                          • GetStockObject.GDI32(00000000), ref: 0042670E
                                                                                          • FillRect.USER32 ref: 0042671D
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT ref: 00426744
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000), ref: 00426769
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000), ref: 0042677D
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 004267A4
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 004267CF
                                                                                            • Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image@@$C__@@Draw@U3@_Utag$RectWidth@$ClientFillObjectStock
                                                                                          • String ID:
                                                                                          • API String ID: 3635710602-0
                                                                                          • Opcode ID: 2e902237a62102cc0783c26eea87632ae7e55b0e330416ba1cdccc3c8738a941
                                                                                          • Instruction ID: 636054c8f4e363f310d4610df5f6cab4c07c672653326205662c59b6922b00b1
                                                                                          • Opcode Fuzzy Hash: 2e902237a62102cc0783c26eea87632ae7e55b0e330416ba1cdccc3c8738a941
                                                                                          • Instruction Fuzzy Hash: FA41E6B1D00209ABDB08EFD8D991BEEBBB4FF48304F14812EE516A7284DB746945CB65
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004265B0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 72memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00426617
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00426655
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,?,?,00543BA0,data\images\maindlg\,?,?,?,F30A7BBC), ref: 00426678
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@Load@
                                                                                          • String ID: .png$data\images\maindlg\$;T
                                                                                          • API String ID: 1315443971-490103044
                                                                                          • Opcode ID: 25dd62ad1dffaf1f7697ce5bb85d4b016747b7766f05fd68e0ce10921046d88e
                                                                                          • Instruction ID: d6baf32a8499c7f25828db752c6f53ce77f9777766276abc85c2b1cdef14b565
                                                                                          • Opcode Fuzzy Hash: 25dd62ad1dffaf1f7697ce5bb85d4b016747b7766f05fd68e0ce10921046d88e
                                                                                          • Instruction Fuzzy Hash: B7314A71D052489BCF04EFA5D885BEEBBB8FB08318F10452EE41277291DB386609CBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042AC80 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 72memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042ACE7
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042AD25
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,000000CC,00000001,00545BC0,data\images\maindlg\,00000001,?,00000000,F30A7BBC,00000008,000000CC,0000003E,00000001), ref: 0042AD48
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@Load@
                                                                                          • String ID: .png$data\images\maindlg\$[T
                                                                                          • API String ID: 1315443971-2026572451
                                                                                          • Opcode ID: c6f48d1d889a1724de804aacf42f1e29f9f12b616ab2601b8390a8dfddbfe8a6
                                                                                          • Instruction ID: 945d218172822ab397b4e05be073ae2f2c5b6e28a5be2581afe793848f371de3
                                                                                          • Opcode Fuzzy Hash: c6f48d1d889a1724de804aacf42f1e29f9f12b616ab2601b8390a8dfddbfe8a6
                                                                                          • Instruction Fuzzy Hash: 22312C71D15248DBCF04DFA5D885BEEBBB4FB08318F50452EE41277281DB785609CBA9
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 005004E0 Relevance: 10.5, APIs: 7, Instructions: 33windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetDC.USER32(00000000), ref: 005004E8
                                                                                          • CreateCompatibleBitmap.GDI32(F30A7BBC,00000001,00000001), ref: 005004F9
                                                                                          • SelectObject.GDI32(004FFD5A,?), ref: 0050050A
                                                                                          • DeleteObject.GDI32(004FFD5A), ref: 00500517
                                                                                          • DeleteObject.GDI32(?), ref: 00500521
                                                                                          • DeleteDC.GDI32(004FFD5A), ref: 0050052B
                                                                                          • DeleteDC.GDI32(F30A7BBC), ref: 00500535
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Delete$Object$BitmapCompatibleCreateSelect
                                                                                          • String ID:
                                                                                          • API String ID: 3915743176-0
                                                                                          • Opcode ID: b63c2d31c0b96e8bb4f8e8f13ea308aed4bd4cf6168d262f444604c21e878b20
                                                                                          • Instruction ID: 1b2a2ef179f50e4d9ec7ba4aa31c39b7eea7e62ab75ac1a615a3d8bcab50b0f7
                                                                                          • Opcode Fuzzy Hash: b63c2d31c0b96e8bb4f8e8f13ea308aed4bd4cf6168d262f444604c21e878b20
                                                                                          • Instruction Fuzzy Hash: 7FF0E7B9900208FBDB04DFF4D88CA9EBB78AB58301F008146FB1993350C7359A48EB50
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004242A0 Relevance: 9.2, APIs: 6, Instructions: 168COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCursorInfo.USER32(00000014), ref: 004242CD
                                                                                          • ScreenToClient.USER32 ref: 004242E1
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                          • GetDC.USER32(?), ref: 004243EE
                                                                                          • wcslen.MSVCR80 ref: 00424408
                                                                                          • GetTextExtentPoint32W.GDI32(?,?,00000000), ref: 00424420
                                                                                          • ReleaseDC.USER32 ref: 00424437
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Client$CursorExtentInfoPoint32RectReleaseScreenTextwcslen
                                                                                          • String ID:
                                                                                          • API String ID: 1818624329-0
                                                                                          • Opcode ID: 0c1df39c5964b91920f54f72ee6645779ec71c993bd4406e2e7bfb2a43fad3da
                                                                                          • Instruction ID: dfbf29d46014c909a867da8c656cefcdd1fdc3d0d0c0ac4eb1bf690a27bc7e37
                                                                                          • Opcode Fuzzy Hash: 0c1df39c5964b91920f54f72ee6645779ec71c993bd4406e2e7bfb2a43fad3da
                                                                                          • Instruction Fuzzy Hash: B871FC71A00528DBCB54DB58DC91BAEB3B5FF88309F44818EE54AB7241DF34AA84CF94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004E2290 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,F30A7BBC,?,?,00000000,00536A39,000000FF,?,004E1A94,?,00000001,00000000,004E0575,00000001,00000000,00000000), ref: 004E22D4
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 004E22E8
                                                                                          • _CxxThrowException.MSVCR80(004E1A94,0057CBF8), ref: 004E22F6
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004E1A94,0057CBF8,?,?,?,00000000,00536A39,000000FF,?,004E1A94,?,00000001,00000000,004E0575,00000001,00000000), ref: 004E2305
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: map/set<T> too long
                                                                                          • API String ID: 3248949544-1285458680
                                                                                          • Opcode ID: 037b1c6f34042e82ce7b50c5ae10a42ae7eaf65c3770f3036ce6bbe0d0c371b4
                                                                                          • Instruction ID: eb3dced5db3925a888724237d041c26940005993663a78e11fc02054abcc7e87
                                                                                          • Opcode Fuzzy Hash: 037b1c6f34042e82ce7b50c5ae10a42ae7eaf65c3770f3036ce6bbe0d0c371b4
                                                                                          • Instruction Fuzzy Hash: E7D10F70A002C99FCB04EFAAC991D6F777ABF89345B10455EF4119F366CA78AC01DBA4
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0048C8C0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,F30A7BBC,?,?,?,00530F19,000000FF,?,0048A224,?,00000001,?,?,00000001,00000000,00000000), ref: 0048C904
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 0048C918
                                                                                          • _CxxThrowException.MSVCR80(0048A224,0057CBF8), ref: 0048C926
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(0048A224,0057CBF8,?,?,?,00530F19,000000FF,?,0048A224,?,00000001,?,?,00000001,00000000,00000000), ref: 0048C935
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: map/set<T> too long
                                                                                          • API String ID: 3248949544-1285458680
                                                                                          • Opcode ID: 5d9bd5cfefa7126eaa9cce7f59cf12a6ec2056fb24f196b19c599b19faf1435e
                                                                                          • Instruction ID: 781e3e5cdacf5d297dd74e0af013611e08a9c6e7430d9740113c692fd0013158
                                                                                          • Opcode Fuzzy Hash: 5d9bd5cfefa7126eaa9cce7f59cf12a6ec2056fb24f196b19c599b19faf1435e
                                                                                          • Instruction Fuzzy Hash: B0D1ED70A002499FCB04FFA5C891D6F7775EF8A708F20496EF6159B255CB38AD05CBA8
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00474C80 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,F30A7BBC,?,?,00000000,0052F989,000000FF,?,00474884,?,00000001,00000000,004A9763,00000001,00000000,00000000), ref: 00474CC4
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 00474CD8
                                                                                          • _CxxThrowException.MSVCR80(00474884,0057CBF8), ref: 00474CE6
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(00474884,0057CBF8,?,?,?,00000000,0052F989,000000FF,?,00474884,?,00000001,00000000,004A9763,00000001,00000000), ref: 00474CF5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: map/set<T> too long
                                                                                          • API String ID: 3248949544-1285458680
                                                                                          • Opcode ID: fb5a5b0bfe5d7466eb37912541b6a1e1978402ae83b6b00b3775f69bc8b7d628
                                                                                          • Instruction ID: 902e9eb1271cb93d2a72db74486b01d1d5c84e1b516abcfe74867b495f5f0d12
                                                                                          • Opcode Fuzzy Hash: fb5a5b0bfe5d7466eb37912541b6a1e1978402ae83b6b00b3775f69bc8b7d628
                                                                                          • Instruction Fuzzy Hash: 1ED1FB70A002099FCB04EFA5D891EEF7776AF89318B20855EF4159F295CB38AC51CBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0048CF10 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,F30A7BBC,?,?,?,00530F49,000000FF,?,0048A514,?,00000001,?,?,00000001,00000000,00000000), ref: 0048CF54
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 0048CF68
                                                                                          • _CxxThrowException.MSVCR80(0048A514,0057CBF8), ref: 0048CF76
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(0048A514,0057CBF8,?,?,?,00530F49,000000FF,?,0048A514,?,00000001,?,?,00000001,00000000,00000000), ref: 0048CF85
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: map/set<T> too long
                                                                                          • API String ID: 3248949544-1285458680
                                                                                          • Opcode ID: 6ffb65bce278b8fe47ce7c833305a1f3afc7f0cb37ed8eddf46bce9baa873d41
                                                                                          • Instruction ID: 50f8718e498666fa4da98437a76d4638b1e2a723603710fac9882f3192207998
                                                                                          • Opcode Fuzzy Hash: 6ffb65bce278b8fe47ce7c833305a1f3afc7f0cb37ed8eddf46bce9baa873d41
                                                                                          • Instruction Fuzzy Hash: 1BD1AA70A002459FCB04FFA5D8D1EAF77B6BF89304B10495EF511AB396CA39A901CBE5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00402BB0 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • cvCreateImage.CXCORE099(?,?,00000008,00000001,?,?,00403181,?,?), ref: 00402BC0
                                                                                          • cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,00000000,?,0040120F), ref: 00402BD4
                                                                                          • cvCreateImage.CXCORE099(?,?,00000020,00000003,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BE9
                                                                                          • cvReleaseImage.CXCORE099(?,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BFE
                                                                                          • cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C10
                                                                                          • cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C22
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image$CreateRelease
                                                                                          • String ID:
                                                                                          • API String ID: 3874174198-0
                                                                                          • Opcode ID: 90bf2cca833fb2c28ec0a48af1516d2f96f179e9554cc466a05b48644bb4997a
                                                                                          • Instruction ID: 6a9ac0958563a1589a8d938dd82cbe29a94ad790e47f913414e9d99cb75ce162
                                                                                          • Opcode Fuzzy Hash: 90bf2cca833fb2c28ec0a48af1516d2f96f179e9554cc466a05b48644bb4997a
                                                                                          • Instruction Fuzzy Hash: F901F9F590130176F630AB259D4EF4B76DCFF91701F04483AF55AA12C1F6B4E184C221
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00500760 Relevance: 9.0, APIs: 6, Instructions: 46COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CreatePen.GDI32(00000000,?,?), ref: 00500770
                                                                                          • SelectObject.GDI32(?,?), ref: 00500781
                                                                                          • MoveToEx.GDI32(00000000,?,?,00000000), ref: 0050079D
                                                                                          • LineTo.GDI32(?,?,?), ref: 005007B4
                                                                                          • SelectObject.GDI32(?,?), ref: 005007C2
                                                                                          • DeleteObject.GDI32(?), ref: 005007CC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Object$Select$CreateDeleteLineMove
                                                                                          • String ID:
                                                                                          • API String ID: 3907703346-0
                                                                                          • Opcode ID: 9d38677caad3bd7ce77eb5ab1a294411b075db9e3abd6b2e1ed079b8364021da
                                                                                          • Instruction ID: ebe4794baeb4ac7055bd3e8995aa24abe63a483cd3410c18cbb4b8d80212e508
                                                                                          • Opcode Fuzzy Hash: 9d38677caad3bd7ce77eb5ab1a294411b075db9e3abd6b2e1ed079b8364021da
                                                                                          • Instruction Fuzzy Hash: 5B1195B9610208EFDB04DFA8D898D9ABBB9EB9D301F108149FE0987350D730E955DBA0
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00434B70 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 152COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00447FF0: SendMessageW.USER32(?,0000110A,00000000,00000000), ref: 00448006
                                                                                          • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00434C17
                                                                                            • Part of subcall function 004DB530: _DebugHeapAllocator.LIBCPMTD ref: 004DB54A
                                                                                          • memset.MSVCR80 ref: 00434C2B
                                                                                            • Part of subcall function 00447E60: SendMessageW.USER32(?,00001132,00000000,yLC), ref: 00447E78
                                                                                          • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00434CEC
                                                                                            • Part of subcall function 004DAF40: _DebugHeapAllocator.LIBCPMTD ref: 004DAF57
                                                                                          • memset.MSVCR80 ref: 00434D1D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeapMessageSendmemset$Base::Concurrency::details::Concurrency::task_options::get_schedulerPolicyScheduler
                                                                                          • String ID: pzC
                                                                                          • API String ID: 1527497025-2444570644
                                                                                          • Opcode ID: e3d9d7585f77d899c6d2de3521e35a6c3d02375cb3cf3d8ffcf042e74bc981e3
                                                                                          • Instruction ID: ed1ee3073941a6660e753338659c4a22794240fa1e9d27d03445b3c6d8f704d4
                                                                                          • Opcode Fuzzy Hash: e3d9d7585f77d899c6d2de3521e35a6c3d02375cb3cf3d8ffcf042e74bc981e3
                                                                                          • Instruction Fuzzy Hash: 9C610CB1D01118DBDB14DFA5D891BEEBBB5FF48304F2041AEE10A67281DB386A45CF99
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00408360 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 116stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • lstrlenW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004083C6
                                                                                          • CompareStringW.KERNEL32(00000400,00000001,?,00000003,<A>,00000003), ref: 00408424
                                                                                          • CompareStringW.KERNEL32(00000400,00000001,?,00000004,</A>,00000004), ref: 00408474
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: CompareString$lstrlen
                                                                                          • String ID: </A>$<A>
                                                                                          • API String ID: 1657112622-2122467442
                                                                                          • Opcode ID: 71153d6a453ea1603edaace69c389d9b4173073ffd4576bfc9ed4d047b5a66fa
                                                                                          • Instruction ID: 8d4014fe370238e856f28d0c67f96b0aed6e5c53389ece421d0f182d8b12796b
                                                                                          • Opcode Fuzzy Hash: 71153d6a453ea1603edaace69c389d9b4173073ffd4576bfc9ed4d047b5a66fa
                                                                                          • Instruction Fuzzy Hash: CB5121B4A0421ADFDB04CF88C990BAEB7B2FF84304F108159E915AB3D0DB75A946CF95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041C830 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                            • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0041C8AC
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0041C8EA
                                                                                          • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,0041C80E,00000049,0053F620,data\images\maindlg\,00000049,?,00000000,F30A7BBC,?,0041C80E,0000000C,00000049), ref: 0041C90D
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@Load@
                                                                                          • String ID: .png$data\images\maindlg\
                                                                                          • API String ID: 1315443971-2402009575
                                                                                          • Opcode ID: 1ae46db1c05b4e9d5e20b3199a0bbc276ac8498851860a350528a00f3f14c102
                                                                                          • Instruction ID: 95f2c906bb04f7db6848c29b7cfe536fa7cadaced1f5336b0e2a281727f52370
                                                                                          • Opcode Fuzzy Hash: 1ae46db1c05b4e9d5e20b3199a0bbc276ac8498851860a350528a00f3f14c102
                                                                                          • Instruction Fuzzy Hash: AD312DB1D05248EBCB04EFA5D986BDDBBB4FF18714F10452EE01577291D7746A08CBA8
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004AE0D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,F30A7BBC,?,?,?,?,?,?,?,00000000,00533079,000000FF,?,004CA363,004C9539), ref: 004AE0FD
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 004AE111
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004AE11F
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00533079,000000FF,?,004CA363,004C9539), ref: 004AE12E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: ae87a26418053443f0edf2846f8f275329f855a056418cc1095f19f45bc3fa38
                                                                                          • Instruction ID: 992c7d1c538af7c9c0ce4edad66a1111de3b001cb72a08a5d5271ad12714ae45
                                                                                          • Opcode Fuzzy Hash: ae87a26418053443f0edf2846f8f275329f855a056418cc1095f19f45bc3fa38
                                                                                          • Instruction Fuzzy Hash: CCF04FB1944648EBCB14DF94ED45FDDBB78FB14720F50426AF812A32D0DB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004307E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,F30A7BBC,?,?,?,?,?,?,?,00000000,0052A649,000000FF,?,004304C6,?,F30A7BBC), ref: 0043080D
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 00430821
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0043082F
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,0052A649,000000FF,?,004304C6,?), ref: 0043083E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: e084c971732a66b90e1072e7244ee56ba224c388b66ba4f93c615bfa38d58c9c
                                                                                          • Instruction ID: 84ce0209dc11d6b23fc1989ca18a4f5fc0ac43ec5a2d3810fda43137453e27bd
                                                                                          • Opcode Fuzzy Hash: e084c971732a66b90e1072e7244ee56ba224c388b66ba4f93c615bfa38d58c9c
                                                                                          • Instruction Fuzzy Hash: FCF0A9B1944248EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004E27F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,F30A7BBC,?,?,?,?,?,?,?,?,00000000,00536A69,000000FF,?,004E144B,F30A7BBC), ref: 004E281D
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 004E2831
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004E283F
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,?,00000000,00536A69,000000FF,?,004E144B), ref: 004E284E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: dc35638380dab2938959a34dbcce56baedfc7c7e4cd6927fef2e7d6d97a3b54c
                                                                                          • Instruction ID: 0a4d440cb5536f40db0fd076e9c7fc5d2a12fc606929b1cb6c9b0b09eff913f8
                                                                                          • Opcode Fuzzy Hash: dc35638380dab2938959a34dbcce56baedfc7c7e4cd6927fef2e7d6d97a3b54c
                                                                                          • Instruction Fuzzy Hash: B4F03CB1944648EBCB14DF94ED45B9DBB78FB14720F50426AA812A32D0DB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0044E880 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,F30A7BBC,?,?,?,?,?,?,?,00000000,0052CF49,000000FF,?,0044BFC3,?), ref: 0044E8AD
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 0044E8C1
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0044E8CF
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,0052CF49,000000FF,?,0044BFC3,?), ref: 0044E8DE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: e4d93f73c6a44200dbee432afcc6127b6e756c74ae1b00d486d1dbad1c01aa59
                                                                                          • Instruction ID: bfe93bf50190a84bddba7f4bf227c7b3c1e3f0fcee5231e022a3aee24eca0805
                                                                                          • Opcode Fuzzy Hash: e4d93f73c6a44200dbee432afcc6127b6e756c74ae1b00d486d1dbad1c01aa59
                                                                                          • Instruction Fuzzy Hash: FAF0AFB1904248EBCB14DF94ED41FDDBB78FB04720F40026AF812A32C0DB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00412890 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,F30A7BBC,?,?,?,?,?,?,?,00000000,00528FB9,000000FF,?,00411C76,?,F30A7BBC), ref: 004128BD
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 004128D1
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004128DF
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00528FB9,000000FF,?,00411C76,?), ref: 004128EE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: c780cc5cd66b70a61fb923b6734da329fed68386e0d1462283d30a24de8a1d3f
                                                                                          • Instruction ID: 4f722f1132bf029aa43680a0f31b4d6b59234f2f3b0eea29470ee80f38ab1d71
                                                                                          • Opcode Fuzzy Hash: c780cc5cd66b70a61fb923b6734da329fed68386e0d1462283d30a24de8a1d3f
                                                                                          • Instruction Fuzzy Hash: B3F08CB1904248EBCB14DF90ED41B9DBB78FB04720F40022AB812A32C0EB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004D4940 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,F30A7BBC,?,?,?,?,?,?,?,00000000,00535729,000000FF,?,004D3CB6,00000000,F30A7BBC), ref: 004D496D
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 004D4981
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004D498F
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00535729,000000FF,?,004D3CB6,00000000), ref: 004D499E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: f5e9ddf57e258ff8f81d687b94cbb6babb7938dca145e5172867018050d52fb0
                                                                                          • Instruction ID: 2198fcef12488e2d17d3691da39b82749544227340ee56d3737a145847e009f6
                                                                                          • Opcode Fuzzy Hash: f5e9ddf57e258ff8f81d687b94cbb6babb7938dca145e5172867018050d52fb0
                                                                                          • Instruction Fuzzy Hash: 21F0A9B1904648EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0048EBA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,F30A7BBC,?,?,?,?,?,?,?,00000000,00531039,000000FF,?,0048BAC3,?), ref: 0048EBCD
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 0048EBE1
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048EBEF
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531039,000000FF,?,0048BAC3,?), ref: 0048EBFE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: 1ea01a54b671203e94099090e90c6f810493855dc45a6ce695e3d5e9399e45a7
                                                                                          • Instruction ID: 92daabea73afc4e90302cbcf7baf13e44f6b9f868eface51cfc7e975ed78bb7a
                                                                                          • Opcode Fuzzy Hash: 1ea01a54b671203e94099090e90c6f810493855dc45a6ce695e3d5e9399e45a7
                                                                                          • Instruction Fuzzy Hash: 95F03CB1944648EBCB14DFA4ED45B9DBB78FB14720F50426AE812A32D0DB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0044ED50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,F30A7BBC,?,?,?,?,?,?,?,00000000,0052CF99,000000FF,?,0044CB83,00000000), ref: 0044ED7D
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 0044ED91
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0044ED9F
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,0052CF99,000000FF,?,0044CB83,00000000), ref: 0044EDAE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: 5b8e1bbaaa4858481c8b052d95aae316f4802631e30b8cefb630b981b18aab31
                                                                                          • Instruction ID: f5a7866f547bb55f07dc25e2db114e65ea79899798aec203e725cd6f1ff4eb0e
                                                                                          • Opcode Fuzzy Hash: 5b8e1bbaaa4858481c8b052d95aae316f4802631e30b8cefb630b981b18aab31
                                                                                          • Instruction Fuzzy Hash: E2F0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0EB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00430D10 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,F30A7BBC,?,?,?,?,?,?,?,00000000,0052A699,000000FF,?,004301A3,00000000), ref: 00430D3D
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 00430D51
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 00430D5F
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,0052A699,000000FF,?,004301A3,00000000), ref: 00430D6E
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: 4e7c7e61b8e4b61418f89952c155b68a96c666f8f64ae422fdef5ea6b294711e
                                                                                          • Instruction ID: 2c432eddfbe67746ec497c333af96acf5ab7e20aac0011f52034aeffc7690669
                                                                                          • Opcode Fuzzy Hash: 4e7c7e61b8e4b61418f89952c155b68a96c666f8f64ae422fdef5ea6b294711e
                                                                                          • Instruction Fuzzy Hash: 43F0A9B1904248EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32D0EB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0049EEA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,F30A7BBC,?,?,?,?,?,?,?,00000000,00531FD9,000000FF,?,0049E8F3,?), ref: 0049EECD
                                                                                          • std::bad_exception::bad_exception.LIBCMTD ref: 0049EEE1
                                                                                          • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0049EEEF
                                                                                          • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531FD9,000000FF,?,0049E8F3,?), ref: 0049EEFE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                          • String ID: vector<T> too long
                                                                                          • API String ID: 3248949544-3788999226
                                                                                          • Opcode ID: 164d6ffe732d9fa8baa0de175643794e8cd3c3d995353351aea268910f753e13
                                                                                          • Instruction ID: 9df2125c4ef5457798524062e3a11b60d2f3a7f222f2b8b9a439bf1f8e3d57c1
                                                                                          • Opcode Fuzzy Hash: 164d6ffe732d9fa8baa0de175643794e8cd3c3d995353351aea268910f753e13
                                                                                          • Instruction Fuzzy Hash: 0DF03CB1944648EBCB14DFA4ED45B9DBB78FB14720F50426AB812A32D0DB756A08CB54
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00506EF0 Relevance: 7.6, APIs: 5, Instructions: 104memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00506F28
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                          • ??2@YAPAXI@Z.MSVCR80 ref: 00506F2F
                                                                                          • codecvt.LIBCPMTD ref: 00506F9F
                                                                                          • wcstol.MSVCR80 ref: 00506FEE
                                                                                          • codecvt.LIBCPMTD ref: 00507011
                                                                                            • Part of subcall function 00415BF0: ??3@YAXPAX@Z.MSVCR80 ref: 00415C0B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeapcodecvt$??2@??3@wcstol
                                                                                          • String ID:
                                                                                          • API String ID: 74129304-0
                                                                                          • Opcode ID: f820b669af4b91f01ff1afac2cb9a1d8ae762e6116985bebba3912421fffcbed
                                                                                          • Instruction ID: 6d66b3f1b8e0294eece4e25a7ed8cbe839a85e6d975fee0ec5976f71f30e8fe7
                                                                                          • Opcode Fuzzy Hash: f820b669af4b91f01ff1afac2cb9a1d8ae762e6116985bebba3912421fffcbed
                                                                                          • Instruction Fuzzy Hash: 7E4103B0D05209EFDB14DF94D895BEEBBB0BB48314F20852AE416AB2C0DB756A45CF94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0046C100 Relevance: 7.6, APIs: 5, Instructions: 96stringCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • lstrlenW.KERNEL32(00000000,00569E8C), ref: 0046C121
                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080), ref: 0046C16B
                                                                                          • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080), ref: 0046C17D
                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080), ref: 0046C19E
                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080,?,00000000,00000000,00000000), ref: 0046C1DC
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                          • String ID:
                                                                                          • API String ID: 3322701435-0
                                                                                          • Opcode ID: cbcd1fa559f8ae4230e768bd00e513c0907913d8661ee28b925d20b683ff2109
                                                                                          • Instruction ID: c9f41260a9b7f310c3a2772d0b559dbbeee8ca943a5465fee336bfd2e85e9abf
                                                                                          • Opcode Fuzzy Hash: cbcd1fa559f8ae4230e768bd00e513c0907913d8661ee28b925d20b683ff2109
                                                                                          • Instruction Fuzzy Hash: E3310DB5A40208BFEB04DF94CC96FAF77B9FB48704F108549F615EB280D675A940DB94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00444250 Relevance: 7.6, APIs: 5, Instructions: 95memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004442AB
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004442B8
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004442C5
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004442D2
                                                                                            • Part of subcall function 004285A0: _DebugHeapAllocator.LIBCPMTD ref: 004285E6
                                                                                          • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 00444349
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$ProcessorVirtual$Concurrency::RootRoot::
                                                                                          • String ID:
                                                                                          • API String ID: 1206767178-0
                                                                                          • Opcode ID: fd49402e459f4479328debbb78b9f4e353b37530b482411de525044368da4158
                                                                                          • Instruction ID: 3e3e7ea0b4301b1dadbfcef89f909e61c9eb5224885f0086c26b176e486011f9
                                                                                          • Opcode Fuzzy Hash: fd49402e459f4479328debbb78b9f4e353b37530b482411de525044368da4158
                                                                                          • Instruction Fuzzy Hash: 63416D70A05169EBDB08EB99DCA1BBFB775BF86308F54044DE5122B3C2CB792910C759
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042AD80 Relevance: 7.6, APIs: 5, Instructions: 95COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,F30A7BBC,F30A7BBC,F30A7BBC), ref: 0042ADFD
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,?,F30A7BBC,F30A7BBC,F30A7BBC), ref: 0042AE22
                                                                                          • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,?,F30A7BBC,F30A7BBC,F30A7BBC), ref: 0042AE36
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,F30A7BBC,F30A7BBC,F30A7BBC), ref: 0042AE5D
                                                                                          • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,F30A7BBC,F30A7BBC,F30A7BBC), ref: 0042AE88
                                                                                            • Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Image@@$C__@@Draw@U3@_Utag$Width@$ClientRect
                                                                                          • String ID:
                                                                                          • API String ID: 193267685-0
                                                                                          • Opcode ID: cc610818231fedaec0e2e8761d4cd92ccf62e2b5e813100fd3daefcb6bb4828e
                                                                                          • Instruction ID: 8553715beaca9bac7e41af40e2054756d9585b963120416201abcc36e36c20fb
                                                                                          • Opcode Fuzzy Hash: cc610818231fedaec0e2e8761d4cd92ccf62e2b5e813100fd3daefcb6bb4828e
                                                                                          • Instruction Fuzzy Hash: 2A410771D002099BDB08EFD8D951BEEBBB8FF44304F10412EE512A7295DB742A44CB55
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0043A4E0 Relevance: 7.6, APIs: 5, Instructions: 90threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • Concurrency::details::UMSFreeThreadProxyFactory::~UMSFreeThreadProxyFactory.LIBCMTD ref: 0043A534
                                                                                          • Concurrency::details::UMSFreeThreadProxyFactory::~UMSFreeThreadProxyFactory.LIBCMTD ref: 0043A546
                                                                                          • Concurrency::details::UMSFreeThreadProxyFactory::~UMSFreeThreadProxyFactory.LIBCMTD ref: 0043A558
                                                                                          • Concurrency::details::UMSFreeThreadProxyFactory::~UMSFreeThreadProxyFactory.LIBCMTD ref: 0043A56A
                                                                                          • Concurrency::details::UMSFreeThreadProxyFactory::~UMSFreeThreadProxyFactory.LIBCMTD ref: 0043A57C
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: FreeProxyThread$Concurrency::details::FactoryFactory::~
                                                                                          • String ID:
                                                                                          • API String ID: 4265710317-0
                                                                                          • Opcode ID: 4fb7d165a4005ecf01ac99658c17b492d4c83bb16b72fe290f319e94c6fe0536
                                                                                          • Instruction ID: fa3d76b9cdb9fda1aa7aff0b12e161447b008f8dd604a8c4ca6402511bb1f3c5
                                                                                          • Opcode Fuzzy Hash: 4fb7d165a4005ecf01ac99658c17b492d4c83bb16b72fe290f319e94c6fe0536
                                                                                          • Instruction Fuzzy Hash: 88416070A091AADBDF09EBD8D8617BEBB74BF4130CF54445DD4522B382CA792A04C75A
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004FCF50 Relevance: 7.6, APIs: 5, Instructions: 86memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FCF97
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FCFB3
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004FCFCF
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA07
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA16
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA37
                                                                                          • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,?,?,?,?,?,?,?,?,?,00000000,00000000,00000002,F30A7BBC,004DEED8,?), ref: 004FCFFF
                                                                                          • memset.MSVCR80 ref: 004FD01E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@memset
                                                                                          • String ID:
                                                                                          • API String ID: 555841439-0
                                                                                          • Opcode ID: 385abf1437387cc0975e6c3cbfb30be2e14ef4bbf3a45820dc7002e6a2ca7631
                                                                                          • Instruction ID: 689259db836472119122042440bb183c3dbafad9a1e647b3c290ffeea8b079d3
                                                                                          • Opcode Fuzzy Hash: 385abf1437387cc0975e6c3cbfb30be2e14ef4bbf3a45820dc7002e6a2ca7631
                                                                                          • Instruction Fuzzy Hash: B2313BB1D01249AFDB04DFA8D896BDEBBB4AB48704F10825DF815A73C1D7786A04CBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00488A00 Relevance: 7.6, APIs: 5, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • FindResourceW.KERNEL32(00000000,0047AE1E,00000006,?,0047AE1E), ref: 00488A3B
                                                                                          • GetLastError.KERNEL32(?,0047AE1E), ref: 00488A4A
                                                                                          • SizeofResource.KERNEL32(00000000,00000000,?,0047AE1E), ref: 00488A5A
                                                                                          • GetLastError.KERNEL32(?,0047AE1E), ref: 00488A67
                                                                                          • GetLastError.KERNEL32(000000FF,00000000,00000000,00000000,00000000,00000000,?,0047AE1E), ref: 00488AA8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ErrorLast$Resource$FindSizeof
                                                                                          • String ID:
                                                                                          • API String ID: 1187693681-0
                                                                                          • Opcode ID: 65827e7e1ba533ac49771d736c66928104eedf98d9c70884fcfb5a62a0082481
                                                                                          • Instruction ID: c0cef2afab0bd7fe4f68a4e2e270c34d254ae90ade39b42375e279ad05fcd0b3
                                                                                          • Opcode Fuzzy Hash: 65827e7e1ba533ac49771d736c66928104eedf98d9c70884fcfb5a62a0082481
                                                                                          • Instruction Fuzzy Hash: 13215EB490410CAFDF04EFA8C894AAEBBB5AF58304F50855EF516E7380DB349A40DBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0043E1F0 Relevance: 7.6, APIs: 5, Instructions: 62memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004285A0: _DebugHeapAllocator.LIBCPMTD ref: 004285E6
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0043E248
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0043E258
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0043E268
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0043E278
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0043E288
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap
                                                                                          • String ID:
                                                                                          • API String ID: 571936431-0
                                                                                          • Opcode ID: 21f1230bb7e3c0fa2d8cf123c9752402f017b6e14222b74f02a2d2bdc8cebada
                                                                                          • Instruction ID: df0df67101b851fb88bb2204b2a8431d95f90f7d9288ed5615cd4e042d82439d
                                                                                          • Opcode Fuzzy Hash: 21f1230bb7e3c0fa2d8cf123c9752402f017b6e14222b74f02a2d2bdc8cebada
                                                                                          • Instruction Fuzzy Hash: 6B216F70A44629ABEB08DB99DC62BAFB770FF45704F04461EE5123B3C1CB792810C759
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00520C30 Relevance: 7.5, APIs: 5, Instructions: 30synchronizationCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • EnterCriticalSection.KERNEL32(?,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C38
                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C45
                                                                                          • SetEvent.KERNEL32(0000000A,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C60
                                                                                          • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?), ref: 00520C6C
                                                                                          • LeaveCriticalSection.KERNEL32(?,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C76
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: CriticalSection$Leave$EnterEventObjectSingleWait
                                                                                          • String ID:
                                                                                          • API String ID: 2480823239-0
                                                                                          • Opcode ID: 69de553fff6750679b5045ee798069faca8b5646966b91e150a6d47a83d5acfd
                                                                                          • Instruction ID: 20fc61db396638aa89e1fa09a044bcff496ff3b65396fda0f4d22a802af35d76
                                                                                          • Opcode Fuzzy Hash: 69de553fff6750679b5045ee798069faca8b5646966b91e150a6d47a83d5acfd
                                                                                          • Instruction Fuzzy Hash: 12F05E761002109BD320DB19EC4899BF7B8EFE5731B008A1EF66693760C774A84ADB50
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042C4D0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 134COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0042F960: _invalid_parameter_noinfo.MSVCR80(-0000003E,?,004AB3E0,00000000,0000000A,00000001,F30A7BBC,000000FF,?,004AB79D), ref: 0042F974
                                                                                          • GetActiveWindow.USER32 ref: 0042C558
                                                                                            • Part of subcall function 0042EC20: ??2@YAPAXI@Z.MSVCR80 ref: 0042EC47
                                                                                            • Part of subcall function 0042EC20: Concurrency::details::GlobalCore::TopologyObject::TopologyObject.LIBCMTD ref: 0042EC66
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                            • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                            • Part of subcall function 0042F230: _DebugHeapAllocator.LIBCPMTD ref: 0042F268
                                                                                            • Part of subcall function 0042F230: _DebugHeapAllocator.LIBCPMTD ref: 0042F2AB
                                                                                          • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,?,?,00546DD4,?), ref: 0042C637
                                                                                            • Part of subcall function 004CC090: memset.MSVCR80 ref: 004CC0AE
                                                                                            • Part of subcall function 004CC090: memset.MSVCR80 ref: 004CC0CB
                                                                                            • Part of subcall function 004CC090: wcscpy.MSVCR80 ref: 004CC0DF
                                                                                            • Part of subcall function 004CC090: wcscat.MSVCR80 ref: 004CC0F8
                                                                                            • Part of subcall function 004CC090: CreateProcessW.KERNEL32 ref: 004CC124
                                                                                          Strings
                                                                                          • Do you want to open the folder where you extracted the effect?, xrefs: 0042C68F
                                                                                          • ManyCam Virtual Webcam, xrefs: 0042C68A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$CreateTopologymemset$??2@ActiveConcurrency::details::Core::DirectoryGlobalObjectObject::ProcessWindow_invalid_parameter_noinfowcscatwcscpy
                                                                                          • String ID: Do you want to open the folder where you extracted the effect?$ManyCam Virtual Webcam
                                                                                          • API String ID: 2966790006-840973437
                                                                                          • Opcode ID: 4456fef813581474ad17b04e903aea3c79cb10fd0b1b3a40ebacd1bc8f792851
                                                                                          • Instruction ID: 0e7f259c902b1048372bebf6408b9f5c93a9d60f78888f7267b81aec5d9c5c05
                                                                                          • Opcode Fuzzy Hash: 4456fef813581474ad17b04e903aea3c79cb10fd0b1b3a40ebacd1bc8f792851
                                                                                          • Instruction Fuzzy Hash: FD514AB09006289FCB24EB55DC51BEFB7B4AF45309F4041EDE10AA7281DB756B88CF99
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042C9B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042C9E5
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042C9F7
                                                                                            • Part of subcall function 0042F960: _invalid_parameter_noinfo.MSVCR80(-0000003E,?,004AB3E0,00000000,0000000A,00000001,F30A7BBC,000000FF,?,004AB79D), ref: 0042F974
                                                                                            • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E198
                                                                                            • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E1D1
                                                                                            • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E203
                                                                                            • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E23C
                                                                                            • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E258
                                                                                            • Part of subcall function 0042E150: GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000400), ref: 0042E295
                                                                                            • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E2A5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$DateFormat_invalid_parameter_noinfo
                                                                                          • String ID: www.manycam.com$www.manycam.com
                                                                                          • API String ID: 553431348-1145362033
                                                                                          • Opcode ID: 907b669c7419f88507c8a825532ba4f2d68d0285e46d80b14031e18f66ef58df
                                                                                          • Instruction ID: 55a663fd7b0127f2866d6ce172646f00f7e0cf50757378cb7dafc49b07509b25
                                                                                          • Opcode Fuzzy Hash: 907b669c7419f88507c8a825532ba4f2d68d0285e46d80b14031e18f66ef58df
                                                                                          • Instruction Fuzzy Hash: 47414271A001199BCB08DB99E891BEEB7B5FF48318F54412EE212B7391DB385944CBA9
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00418180 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • SendMessageW.USER32(00000000,?,0000004E,00000000), ref: 004181E3
                                                                                          • SendMessageW.USER32(00000000,?,00000111), ref: 00418234
                                                                                            • Part of subcall function 004182A0: GetDlgCtrlID.USER32 ref: 004182AD
                                                                                            • Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$CtrlParent
                                                                                          • String ID: open
                                                                                          • API String ID: 1383977212-2758837156
                                                                                          • Opcode ID: 01cc08d3ab3f4a93a3031a1c368f21ad3e1f66622c4ad21caec5fa85ffc382d2
                                                                                          • Instruction ID: c0f4561a2c49f87f87505e6ad243b5dafbf5b9024aec12e38c733bc4d86155cd
                                                                                          • Opcode Fuzzy Hash: 01cc08d3ab3f4a93a3031a1c368f21ad3e1f66622c4ad21caec5fa85ffc382d2
                                                                                          • Instruction Fuzzy Hash: FD313E70A042599FEF08DBA5DC51BFEBBB5BF48304F14415DE506B73C2CA38A9418B69
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042C870 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 0042C916
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042C93C
                                                                                          Strings
                                                                                          • The effect name is missing. Please name the effect., xrefs: 0042C8DF
                                                                                          • ManyCam Virtual Webcam, xrefs: 0042C8DA
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorBase::Concurrency::details::ContextDebugHeapIdentityQueueWork
                                                                                          • String ID: ManyCam Virtual Webcam$The effect name is missing. Please name the effect.
                                                                                          • API String ID: 1131629171-2986969597
                                                                                          • Opcode ID: 50f9dc068afc3ea2bc3b5c8dad93f4b45884fc86520afec70ce9849f97ae527c
                                                                                          • Instruction ID: f548a94b20067d4d2e648bd6b739c8dff4aaef88bf7f8ff5a9c1d1d40970e620
                                                                                          • Opcode Fuzzy Hash: 50f9dc068afc3ea2bc3b5c8dad93f4b45884fc86520afec70ce9849f97ae527c
                                                                                          • Instruction Fuzzy Hash: D63129B0A001099FCB08EF99D891BEEB7B5FF48318F10412EE516B72D1DB386944CB68
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0042C720 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0042F960: _invalid_parameter_noinfo.MSVCR80(-0000003E,?,004AB3E0,00000000,0000000A,00000001,F30A7BBC,000000FF,?,004AB79D), ref: 0042F974
                                                                                            • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                          • memset.MSVCR80 ref: 0042C7B2
                                                                                            • Part of subcall function 004CB2C0: _DebugHeapAllocator.LIBCPMTD ref: 004CB2DC
                                                                                          • UrlEscapeW.SHLWAPI(00000000,?,?,00000104,00003000,http://manycam.com/upload_effect?filepath=,?,F30A7BBC), ref: 0042C7F2
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0042C81A
                                                                                            • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                            • Part of subcall function 004CBEE0: _DebugHeapAllocator.LIBCPMTD ref: 004CBF12
                                                                                            • Part of subcall function 004CBEE0: ShellExecuteW.SHELL32(00000000,open,00000000,00000000,00000000,00000001), ref: 004CBF84
                                                                                          Strings
                                                                                          • http://manycam.com/upload_effect?filepath=, xrefs: 0042C782
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$EscapeExecuteShell_invalid_parameter_noinfomemset
                                                                                          • String ID: http://manycam.com/upload_effect?filepath=
                                                                                          • API String ID: 2685471194-4228746029
                                                                                          • Opcode ID: f474d8a17c69ee73db076593b281a7d49717d1ab03933d9e87b073d459428043
                                                                                          • Instruction ID: 1ebb1af0b2b9467f4388abbf65d4e58c0fdf4eb3bcc8d7c7d81431b3f3e3b6ed
                                                                                          • Opcode Fuzzy Hash: f474d8a17c69ee73db076593b281a7d49717d1ab03933d9e87b073d459428043
                                                                                          • Instruction Fuzzy Hash: 44315E71D01219ABCB14EF94EC99BEEB7B8EF48704F0001ADE516A72D0DB386A44CF94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00438A10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
                                                                                            • Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852
                                                                                          • clock.MSVCR80 ref: 00438AA7
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeapclockfflushfwprintf
                                                                                          • String ID: >>> Entering: %s$ob@
                                                                                          • API String ID: 1338021872-1849792878
                                                                                          • Opcode ID: 096be4365fe6ecaff6f57c3d342fa79fd521a6c5a1afd4c32245b02c1f24962e
                                                                                          • Instruction ID: e5c4b020fe9bb3bd421ac8dd4bd2dede87d7f0cb66a8b34f549f2a89e30843bb
                                                                                          • Opcode Fuzzy Hash: 096be4365fe6ecaff6f57c3d342fa79fd521a6c5a1afd4c32245b02c1f24962e
                                                                                          • Instruction Fuzzy Hash: 9D216075900209AFDB04EF94C942AEEBB74FF44718F10852DF816A73C1DB746A04CBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00418380 Relevance: 6.3, APIs: 4, Instructions: 316windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetFocus.USER32(?,000000FF,?,00000000,?,?), ref: 004186F4
                                                                                            • Part of subcall function 00408360: lstrlenW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004083C6
                                                                                            • Part of subcall function 00408360: CompareStringW.KERNEL32(00000400,00000001,?,00000003,<A>,00000003), ref: 00408424
                                                                                            • Part of subcall function 00408360: CompareStringW.KERNEL32(00000400,00000001,?,00000004,</A>,00000004), ref: 00408474
                                                                                            • Part of subcall function 004078E0: GetClientRect.USER32 ref: 004078F1
                                                                                            • Part of subcall function 00418A60: SetBkMode.GDI32(?,00000001), ref: 00418A71
                                                                                            • Part of subcall function 00418A40: SelectObject.GDI32(?,?), ref: 00418A51
                                                                                          • GetSysColor.USER32(00000011), ref: 004184AA
                                                                                            • Part of subcall function 00418810: DeleteDC.GDI32(00000000), ref: 00418824
                                                                                          • GetFocus.USER32(?,00000000,00000000,00000000,?,00000010,?,?), ref: 0041858A
                                                                                            • Part of subcall function 00418AF0: DrawTextW.USER32(00000000,?,00000000,?,000000FF), ref: 00418B0D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: CompareFocusString$ClientColorDeleteDrawModeObjectRectSelectTextlstrlen
                                                                                          • String ID:
                                                                                          • API String ID: 1926319676-0
                                                                                          • Opcode ID: 26e55d2ddd3d839f70efe0ddea58adb9d72dd7b4482a26fa95ec74e06393aeaf
                                                                                          • Instruction ID: 8fd3581a3690b51667abaed722c69e7692ca1fee28cda492897b23429118541a
                                                                                          • Opcode Fuzzy Hash: 26e55d2ddd3d839f70efe0ddea58adb9d72dd7b4482a26fa95ec74e06393aeaf
                                                                                          • Instruction Fuzzy Hash: DCD1FA719002089FDB08DF95C891AEEBBB5FF48344F14811EE5166B392DF39A985CF94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 005128B0 Relevance: 6.1, APIs: 4, Instructions: 129memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 005128FB
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0051292B
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 00512953
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0051297B
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                                            • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                                            • Part of subcall function 0050E580: wcscpy.MSVCR80 ref: 0050E5EC
                                                                                            • Part of subcall function 0050E580: wcscpy.MSVCR80 ref: 0050E623
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$wcscpy
                                                                                          • String ID:
                                                                                          • API String ID: 147117728-0
                                                                                          • Opcode ID: d0bbc9be73f287d5b3265cda2ea85270813d23556e8a0590b6fb4fd8d4f8cf1c
                                                                                          • Instruction ID: 4db675f979ab1b4fcf933bf1fc0f7ec6c4e65dab18244cadebc46eb2865c177d
                                                                                          • Opcode Fuzzy Hash: d0bbc9be73f287d5b3265cda2ea85270813d23556e8a0590b6fb4fd8d4f8cf1c
                                                                                          • Instruction Fuzzy Hash: FF512AB0906259DFEB14DF58D899BAEBBB5BF48304F1042EDE409A7281C7385E44CF95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00424150 Relevance: 6.1, APIs: 4, Instructions: 107COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 0041AA40: GetWindowLongW.USER32(?,F30A7BBC), ref: 0041AA51
                                                                                            • Part of subcall function 0041E880: SetWindowLongW.USER32(F30A7BBC,00000001,F30A7BBC), ref: 0041E895
                                                                                          • memset.MSVCR80 ref: 00424199
                                                                                            • Part of subcall function 00424C20: SendMessageW.USER32(?,00000418,00000000,?), ref: 00424C38
                                                                                          • memset.MSVCR80 ref: 0042420A
                                                                                            • Part of subcall function 00424CB0: SendMessageW.USER32(?,00000432,00000000,004234AC), ref: 00424CC8
                                                                                          • GetSysColor.USER32(0000000D), ref: 00424246
                                                                                            • Part of subcall function 00424C50: SendMessageW.USER32(?,00000413,00000000,00000000), ref: 00424C68
                                                                                          • GetSysColor.USER32(0000000E), ref: 0042425A
                                                                                            • Part of subcall function 00424C80: SendMessageW.USER32(?,00000414,00000000,00000000), ref: 00424C98
                                                                                            • Part of subcall function 00424BF0: SendMessageW.USER32(?,0000041A,00000000,00000000), ref: 00424C08
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$ColorLongWindowmemset
                                                                                          • String ID:
                                                                                          • API String ID: 364163598-0
                                                                                          • Opcode ID: ca4f91228ccd88ec06df88587eba8f35eadc2edbafeba585f7b4b6ebc1d4d150
                                                                                          • Instruction ID: b7621caee83b87087722d0fc06bec11bb6e010a42a84f963952b34725cf3772b
                                                                                          • Opcode Fuzzy Hash: ca4f91228ccd88ec06df88587eba8f35eadc2edbafeba585f7b4b6ebc1d4d150
                                                                                          • Instruction Fuzzy Hash: 5D410EB0A451289BDB04DB99DCA1FADBB75BF8C714F14021DF505BB3C2CA78A450CB69
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00508470 Relevance: 6.1, APIs: 4, Instructions: 88memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 005084B7
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 005084D3
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 005084EF
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA07
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA16
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA37
                                                                                          • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,?,?,?,?,?,?,?,?,?,00000000,00000000,00000002,F30A7BBC,00000000,Lines), ref: 0050851F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@
                                                                                          • String ID:
                                                                                          • API String ID: 830327240-0
                                                                                          • Opcode ID: c3872d1b7866b3cc417c01debd9935c1e283856e6b08fe7d21716109768da20e
                                                                                          • Instruction ID: 835bd8460dbb8c39e21a22f318f541fece4d770796a5d0d431666df4a7986c76
                                                                                          • Opcode Fuzzy Hash: c3872d1b7866b3cc417c01debd9935c1e283856e6b08fe7d21716109768da20e
                                                                                          • Instruction Fuzzy Hash: 88411AB4D01249DFCB04DF98D895BEEBBB5FB48304F10825EE815AB381D7785A04CBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00406040 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Iatan$Isqrt
                                                                                          • String ID:
                                                                                          • API String ID: 1025909456-0
                                                                                          • Opcode ID: 57f5941b643651e987862c1e0d1d6f7d17b30a8860795f25dd51119af805d3df
                                                                                          • Instruction ID: 369849f07fd1038270b353e5a516803fc2d99b3ba7736fd5bc0cfa9b85f71fc3
                                                                                          • Opcode Fuzzy Hash: 57f5941b643651e987862c1e0d1d6f7d17b30a8860795f25dd51119af805d3df
                                                                                          • Instruction Fuzzy Hash: 8631E671609302EFC701AF44E64816ABFA4FFC1751FA18D88E4E922199D73198758F8B
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004F8510 Relevance: 6.1, APIs: 4, Instructions: 85memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004F8557
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004F8573
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 004F858F
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA07
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA16
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA37
                                                                                          • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,?,?,?,?,?,?,?,?,?,00000000,00000000,00000002,F30A7BBC,004DD97A,?), ref: 004F85BF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@
                                                                                          • String ID:
                                                                                          • API String ID: 830327240-0
                                                                                          • Opcode ID: ee7465e3a94e4b4f80a0f11d58efd3ea190a4a844e68d0707ab6cb0e17e0590c
                                                                                          • Instruction ID: fedcc81c0e6c495a0358ab80e6aa71ecda86b572922acd26987f687613896aa9
                                                                                          • Opcode Fuzzy Hash: ee7465e3a94e4b4f80a0f11d58efd3ea190a4a844e68d0707ab6cb0e17e0590c
                                                                                          • Instruction Fuzzy Hash: 3B314CB0D01209EFCB04DF98D891BEEBBB5FB48314F10815EE815AB381D7789A04CBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0050CCE0 Relevance: 6.1, APIs: 4, Instructions: 83memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0050CD27
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0050CD43
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 0050CD5F
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA07
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA16
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA37
                                                                                          • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,?,?,?,?,?,?,?,?,?,00000000,00000000,00000002,F30A7BBC,004DF6C5,?), ref: 0050CD8F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@
                                                                                          • String ID:
                                                                                          • API String ID: 830327240-0
                                                                                          • Opcode ID: da55ee8a73fafe8b9f53e1a3dbc49f9b19152d40b92d57ca7b711d0715701e8f
                                                                                          • Instruction ID: f53fa70bb1bd24b41af06f178beca585fd58b74340337db648c52b05d0597160
                                                                                          • Opcode Fuzzy Hash: da55ee8a73fafe8b9f53e1a3dbc49f9b19152d40b92d57ca7b711d0715701e8f
                                                                                          • Instruction Fuzzy Hash: DD313BB1D01249EFCB04DF98D891BDEBBB5FB48314F10815EE815AB381D7785A04CBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00516980 Relevance: 6.1, APIs: 4, Instructions: 81memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 005169C7
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 005169E3
                                                                                          • _DebugHeapAllocator.LIBCPMTD ref: 005169FF
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA07
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA16
                                                                                            • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA37
                                                                                          • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,?,?,?,?,?,?,?,?,?,00000000,00000000,00000002,F30A7BBC,004DDA71,?), ref: 00516A2F
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocatorDebugHeap$Image@@
                                                                                          • String ID:
                                                                                          • API String ID: 830327240-0
                                                                                          • Opcode ID: f8d3b4186855720ba43762851e5f979e0782114d3b039e5921193a837ea4e252
                                                                                          • Instruction ID: 3a136fa6088f2872096dbec10cacdef4b58998306991b554cfa6aca1869093a7
                                                                                          • Opcode Fuzzy Hash: f8d3b4186855720ba43762851e5f979e0782114d3b039e5921193a837ea4e252
                                                                                          • Instruction Fuzzy Hash: E13158B0D01209EFCB04DFA8D892BDEBBB5AB08304F10815EF815AB381C7785A04CBA5
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00444890 Relevance: 6.1, APIs: 4, Instructions: 70threadCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • Concurrency::details::UMSFreeThreadProxyFactory::~UMSFreeThreadProxyFactory.LIBCMTD ref: 004448E4
                                                                                          • Concurrency::details::UMSFreeThreadProxyFactory::~UMSFreeThreadProxyFactory.LIBCMTD ref: 004448F6
                                                                                          • Concurrency::details::UMSFreeThreadProxyFactory::~UMSFreeThreadProxyFactory.LIBCMTD ref: 00444908
                                                                                          • std::bad_exception::~bad_exception.LIBCMTD ref: 0044491A
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: FreeProxyThread$Concurrency::details::FactoryFactory::~$std::bad_exception::~bad_exception
                                                                                          • String ID:
                                                                                          • API String ID: 1937181588-0
                                                                                          • Opcode ID: 2020b2b4312f9dcb34d999f8af1e6eb3dd29b8d6f0691a2ef32f8d24e64a2e1d
                                                                                          • Instruction ID: e0c3bd6ee7228edd53008be3275a285b288db56f9285383d000a25da0430a412
                                                                                          • Opcode Fuzzy Hash: 2020b2b4312f9dcb34d999f8af1e6eb3dd29b8d6f0691a2ef32f8d24e64a2e1d
                                                                                          • Instruction Fuzzy Hash: E6318170A09599DBDF05DBD8DC217AEBB78BF02308F54455DE4512B3C2CA7C2A00C759
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004EEA40 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 62COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ??2@sprintf
                                                                                          • String ID: Profile$version
                                                                                          • API String ID: 3739398110-358465031
                                                                                          • Opcode ID: d5ebb744dc8bec85befad5f7505b5ac1e24b4d4c9b255de9394fadf2dc6f242e
                                                                                          • Instruction ID: 508b1ffcde084c79323d8424378ac92a17bb17f6ded174fafc4bd5a6a7d7228c
                                                                                          • Opcode Fuzzy Hash: d5ebb744dc8bec85befad5f7505b5ac1e24b4d4c9b255de9394fadf2dc6f242e
                                                                                          • Instruction Fuzzy Hash: 4021E2B0E006489BCB04DFD9D955BAEBBB5FB88710F10412AE51AAB381DB786A04CB55
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00446480 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetTopWindow.USER32(?), ref: 0044648F
                                                                                          • GetWindow.USER32(00000000,00000002), ref: 004464A0
                                                                                          • SendMessageW.USER32(00000000,?,?,?), ref: 004464BF
                                                                                          • GetTopWindow.USER32(00000000), ref: 004464CF
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$MessageSend
                                                                                          • String ID:
                                                                                          • API String ID: 1496643700-0
                                                                                          • Opcode ID: 0fc2dd0073c28b6c66ec9f54719fca97d74c0b9b452a9e8b98ab4c061e3703d5
                                                                                          • Instruction ID: 5599d8aec985cfa69e8589d1268fc08193e69a2bbc754be235a44f600a99598a
                                                                                          • Opcode Fuzzy Hash: 0fc2dd0073c28b6c66ec9f54719fca97d74c0b9b452a9e8b98ab4c061e3703d5
                                                                                          • Instruction Fuzzy Hash: 9411FA75A00208FFDB04DFE8D944EAE77B9AB88300F10855EFA0697390D734AE05DB69
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004223E0 Relevance: 6.0, APIs: 4, Instructions: 43windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.MSVCR80 ref: 00422406
                                                                                            • Part of subcall function 004232A0: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004232B6
                                                                                          • wcslen.MSVCR80 ref: 00422427
                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000000), ref: 00422448
                                                                                          • SendMessageW.USER32(?,0000100F,?,00000000), ref: 00422460
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSend$memsetwcslen
                                                                                          • String ID:
                                                                                          • API String ID: 1629969563-0
                                                                                          • Opcode ID: 27b4e246d41088bd54c352e73dc6f3ec4014a33d544db1ace6c82cc66d73829c
                                                                                          • Instruction ID: fd28faf10420b3e9cf0d4e7cd47fee78e406ddaa3a8982db2d9a389e17546391
                                                                                          • Opcode Fuzzy Hash: 27b4e246d41088bd54c352e73dc6f3ec4014a33d544db1ace6c82cc66d73829c
                                                                                          • Instruction Fuzzy Hash: F901E9B1D00208EBEB14DFD0EC8ABDEBBB5BB58704F044118F601AB391DB75A9058B95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041E370 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: MetricsSystem
                                                                                          • String ID:
                                                                                          • API String ID: 4116985748-0
                                                                                          • Opcode ID: 22b1d73353d5bc3e7bbfce1216fdfc9bbe2c5f0851a8470d3ca0ef857e634515
                                                                                          • Instruction ID: 0309d501508c84c491e30ef2097f10fb6b95fe06418acfa07dbdd42ca1e239de
                                                                                          • Opcode Fuzzy Hash: 22b1d73353d5bc3e7bbfce1216fdfc9bbe2c5f0851a8470d3ca0ef857e634515
                                                                                          • Instruction Fuzzy Hash: 69018078E00209AFE704DF94E8499ACBBB1FF58300F1482AAEE5997781DB702A54DB45
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00488730 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,?,00488724,F30A7BBC,0049A100,F30A7BB8,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?,?), ref: 00488737
                                                                                          • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,00488724,F30A7BBC,0049A100,F30A7BB8,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?,?,0049A100), ref: 00488742
                                                                                          • ?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z.MSVCP80(00000000,?,?,00488724,F30A7BBC,0049A100,F30A7BB8,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?), ref: 00488759
                                                                                          • ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z.MSVCP80(?,?,?,00488724,F30A7BBC,0049A100,F30A7BB8,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?), ref: 00488766
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$Myptr@?$basic_string@_$??4?$basic_string@_?erase@?$basic_string@_V01@V01@@V12@
                                                                                          • String ID:
                                                                                          • API String ID: 3537912873-0
                                                                                          • Opcode ID: 5056e8f042ebb5b06e388abe9d7013084b117bbf253dc20301d42485009f9af0
                                                                                          • Instruction ID: 68c4d93e9c4a580dced358607109a40fa72366f08dc93a0fa3c65411e4fd161c
                                                                                          • Opcode Fuzzy Hash: 5056e8f042ebb5b06e388abe9d7013084b117bbf253dc20301d42485009f9af0
                                                                                          • Instruction Fuzzy Hash: 6CE01235200108AFEB14EF54EC58D99777BFB98391F008125FA0A8B362DB30AD44DB94
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041E140 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                            • Part of subcall function 00406640: GetDlgItem.USER32 ref: 00406651
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A415
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A437
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A455
                                                                                            • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A47D
                                                                                            • Part of subcall function 0041A3B0: ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,?,00000000,?,0053E990,?,?,?,?,?,\class.xml,?,?,?,data\images\), ref: 0041A530
                                                                                            • Part of subcall function 0041DE10: ??_V@YAXPAX@Z.MSVCR80 ref: 0041DE55
                                                                                            • Part of subcall function 0040DA40: MoveWindow.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,?,?,00408A2E,0000006D,0000002D,00000157,00000017,00000001,00000000,?), ref: 0040DA61
                                                                                            • Part of subcall function 0041AA40: GetWindowLongW.USER32(?,F30A7BBC), ref: 0041AA51
                                                                                            • Part of subcall function 0041E880: SetWindowLongW.USER32(F30A7BBC,00000001,F30A7BBC), ref: 0041E895
                                                                                          • SetLayeredWindowAttributes.USER32(?,00000000,000000B2,00000002,000000EC,00000000,000000EC,0000000A,0000000A,0000002D,00000014,00000001,Apply the selection,button,00000000,F30A7BBC), ref: 0041E1F1
                                                                                            • Part of subcall function 0041E8B0: MoveWindow.USER32(?,?,00000000,?,00000000,00000001,-00000003,?,0041E25F,?,00000001,?,?), ref: 0041E8E7
                                                                                            • Part of subcall function 0041E370: GetSystemMetrics.USER32 ref: 0041E37B
                                                                                            • Part of subcall function 0041E370: GetSystemMetrics.USER32 ref: 0041E386
                                                                                            • Part of subcall function 0041E370: GetSystemMetrics.USER32 ref: 0041E391
                                                                                            • Part of subcall function 0041E370: GetSystemMetrics.USER32 ref: 0041E3A2
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$AllocatorDebugHeapMetricsSystem$LongMove$AttributesImage@@ItemLayeredLoad@
                                                                                          • String ID: Apply the selection$button
                                                                                          • API String ID: 70508497-2603280126
                                                                                          • Opcode ID: 325f42cf690be37cc5bd74bc9656fe42c8c439b5651ae68e07e9d9de847688b4
                                                                                          • Instruction ID: 04a5c8e6f4919bc5989b0440a3589c8b02fa676512b2dbfed97fa3f5bca5e94e
                                                                                          • Opcode Fuzzy Hash: 325f42cf690be37cc5bd74bc9656fe42c8c439b5651ae68e07e9d9de847688b4
                                                                                          • Instruction Fuzzy Hash: 6D310B70A40208ABDB08EBA5DD92FADB775AF44718F10011EF502A72D2DB797941CB59
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 0041EED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetSystemMetrics.USER32 ref: 0041EEDD
                                                                                            • Part of subcall function 0040DA70: SetWindowPos.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,0040880B,?,?,0040880B,00000000,00000000,00000000,000001E2,-0000012B), ref: 0040DA95
                                                                                            • Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD
                                                                                            • Part of subcall function 00406670: GetParent.USER32 ref: 0040669A
                                                                                            • Part of subcall function 00406670: GetWindowRect.USER32 ref: 004066C0
                                                                                            • Part of subcall function 00406670: GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
                                                                                            • Part of subcall function 00406670: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D
                                                                                            • Part of subcall function 00406640: GetDlgItem.USER32 ref: 00406651
                                                                                            • Part of subcall function 00408120: ??_V@YAXPAX@Z.MSVCR80 ref: 0040815C
                                                                                            • Part of subcall function 00408120: lstrlenW.KERNEL32(0040641C,?,?,00000000,00000000,00000000,00000000,0040641C,00000000), ref: 00408172
                                                                                            • Part of subcall function 0040DA40: MoveWindow.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,?,?,00408A2E,0000006D,0000002D,00000157,00000017,00000001,00000000,?), ref: 0040DA61
                                                                                          • MoveWindow.USER32(00000000,00000000,00000001,000000E7,0000005F,00000048,00000017,00000001,00000113,00000034,000000C6,00000017,00000001,http://www.manycam.com/codec,00000000,00000211), ref: 0041EF99
                                                                                          Strings
                                                                                          • http://www.manycam.com/codec, xrefs: 0041EF48
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: Window$MoveParentSystem$InfoItemLongMetricsParametersRectlstrlen
                                                                                          • String ID: http://www.manycam.com/codec
                                                                                          • API String ID: 3918154117-1165702928
                                                                                          • Opcode ID: 3c772632c4e0218f7060b3e77bd1fd24f4dad1a2c19bf84bf2807e60cca908d2
                                                                                          • Instruction ID: 149f93423e983da9d283a3b54f422c1b69b7f72d1b3e7c1b80e5497dd6e0fc8b
                                                                                          • Opcode Fuzzy Hash: 3c772632c4e0218f7060b3e77bd1fd24f4dad1a2c19bf84bf2807e60cca908d2
                                                                                          • Instruction Fuzzy Hash: 5C110D70B802096BFB18E7A5CC67FBE7225AF44708F00042DB717BA2C2DAB96520865D
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004C4AC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _invalid_parameter_noinfo.MSVCR80(00000000,00533F58,?,?,?,?,?,?,004BCB55,?,00533F58,000000FF,00533F58,004B85D2,00000000,00000000), ref: 004C4AD1
                                                                                          • _invalid_parameter_noinfo.MSVCR80(?,00000000,00533F58,?,?,?,?,?,?,004BCB55,?,00533F58,000000FF,00533F58,004B85D2,00000000), ref: 004C4AEE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: X?S
                                                                                          • API String ID: 3215553584-928156776
                                                                                          • Opcode ID: 300afce18172fda367b1e5a93a3139029df3230341556c5fc4a0edfbb8e029cc
                                                                                          • Instruction ID: 6e252d52473bf057cc5c9ab3544af976a75f27afc912d5b1b1ccf3972680467b
                                                                                          • Opcode Fuzzy Hash: 300afce18172fda367b1e5a93a3139029df3230341556c5fc4a0edfbb8e029cc
                                                                                          • Instruction Fuzzy Hash: 7B214178E00204EFCB44EFA5C6A0E6FBB75AF89315B14819EE4055B311D738EE41CBA8
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00490E90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _invalid_parameter_noinfo.MSVCR80(?,0049315F,?,00000000,?,?,0048D60B,000000FF,?,?,00499CB6,?,?,?,00531AE6,000000FF), ref: 00490EA1
                                                                                          • _invalid_parameter_noinfo.MSVCR80(00000003,?,0049315F,?,00000000,?,?,0048D60B,000000FF,?,?,00499CB6,?,?,?,00531AE6), ref: 00490EBE
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: _1I
                                                                                          • API String ID: 3215553584-1375489561
                                                                                          • Opcode ID: f8a0f0cd8858169583a3bfb7bac23ac9426c047314b7327a1f008bdd9c0947f0
                                                                                          • Instruction ID: 39ed61a2cd6add22cacd6874f090497504692926125bc87bb284fc13d1f3f6b2
                                                                                          • Opcode Fuzzy Hash: f8a0f0cd8858169583a3bfb7bac23ac9426c047314b7327a1f008bdd9c0947f0
                                                                                          • Instruction Fuzzy Hash: 12213E74A00204EFCF04EFA5C58086EBF76AF89315B1489AEE4459B305CB38EA41CBA4
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004AE2E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _invalid_parameter_noinfo.MSVCR80(?,?,004AE1A3,CJ,00000000,?,004AE043,?,?,00000000,000000FF,004AD900,00000000,?,?,000000FF), ref: 004AE2EF
                                                                                          • _invalid_parameter_noinfo.MSVCR80(?,?,004AE1A3,CJ,00000000,?,004AE043,?,?,00000000,000000FF,004AD900,00000000,?,?,000000FF), ref: 004AE32B
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: CJ
                                                                                          • API String ID: 3215553584-1577928124
                                                                                          • Opcode ID: 70cad1bad6b93677a8aa04d1a4551bdbb9f1c5421a9a58d61efe08efc66d9194
                                                                                          • Instruction ID: 1e5a07180b79b9d77b03a7b872fd22e8548e40f80d8fa90e55785185c90aae0e
                                                                                          • Opcode Fuzzy Hash: 70cad1bad6b93677a8aa04d1a4551bdbb9f1c5421a9a58d61efe08efc66d9194
                                                                                          • Instruction Fuzzy Hash: A401D731600008DFCB08DF59D694A6EFBB6EF66301F258199E9069B355C734AE50DB88
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004E29E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _invalid_parameter_noinfo.MSVCR80(?,?,004E1883,CN,000000FF,?,004E0A43,?,?,000000FF,?), ref: 004E29EF
                                                                                          • _invalid_parameter_noinfo.MSVCR80(?,?,004E1883,CN,000000FF,?,004E0A43,?,?,000000FF,?), ref: 004E2A25
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: CN
                                                                                          • API String ID: 3215553584-3860229782
                                                                                          • Opcode ID: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
                                                                                          • Instruction ID: 055c263bba3631ac84532d8d275a506bca3ff744e03e32cc4505f628b268f32f
                                                                                          • Opcode Fuzzy Hash: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
                                                                                          • Instruction Fuzzy Hash: 6D110234A00049EFCB14DF45C280DADB7B6FB99305B25C299E8068B315DB31AF46DB84
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00412C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • _invalid_parameter_noinfo.MSVCR80(?,?,004129C3,C A,00000000,?,00412043,?,?,00000000,-0000012B,0040F9E0,00000000,?,?,-0000012B), ref: 00412C2F
                                                                                          • _invalid_parameter_noinfo.MSVCR80(?,?,004129C3,C A,00000000,?,00412043,?,?,00000000,-0000012B,0040F9E0,00000000,?,?,-0000012B), ref: 00412C65
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: _invalid_parameter_noinfo
                                                                                          • String ID: C A
                                                                                          • API String ID: 3215553584-432193327
                                                                                          • Opcode ID: dd3759dd0edff71de197c755aad0b75e312425a4acb4d65829b04bcd21f34736
                                                                                          • Instruction ID: d50c8c72ee7c7c5e73367f5c550ec2d48e9c8be17f747839894a4a99daa275eb
                                                                                          • Opcode Fuzzy Hash: dd3759dd0edff71de197c755aad0b75e312425a4acb4d65829b04bcd21f34736
                                                                                          • Instruction Fuzzy Hash: 0E01E931600008DFCB08CF48D7D49ADFBB6EF69345B668199E5069B315D730EE90DB98
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 004228B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetCursorInfo.USER32(00000014), ref: 004228C4
                                                                                          • ScreenToClient.USER32 ref: 004228D5
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: ClientCursorInfoScreen
                                                                                          • String ID: (B
                                                                                          • API String ID: 1381309574-891251851
                                                                                          • Opcode ID: 183b5d1f9ba3f3a11c0528ae00216a5e4976ffd3210267904aec7597f6dd3387
                                                                                          • Instruction ID: 56ec9ec03ba55985748cef6039b39fbaea006a6cc74428b082933960e72c1f85
                                                                                          • Opcode Fuzzy Hash: 183b5d1f9ba3f3a11c0528ae00216a5e4976ffd3210267904aec7597f6dd3387
                                                                                          • Instruction Fuzzy Hash: 89F0ECB5A00209AFCB04DF98D985C9EBBB9FF88310F10C158FA49A7350D730EA45DB91
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%

                                                                                          Function 00452560 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27windowCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • memset.MSVCR80 ref: 00452578
                                                                                          • SendMessageW.USER32(00000000,0000102B,00000003,00000000), ref: 0045259F
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000009.00000002.238651849.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                          • Associated: 00000009.00000002.238648500.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238673056.000000000053B000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238679760.0000000000595000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238682496.000000000059B000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238684990.000000000059C000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                          • Associated: 00000009.00000002.238687677.00000000005A4000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_9_2_400000_ManyCam.jbxd
                                                                                          Similarity
                                                                                          • API ID: MessageSendmemset
                                                                                          • String ID: sF
                                                                                          • API String ID: 568519121-1799171085
                                                                                          • Opcode ID: 4f7f968d2f1bddc4f09a461e00c76bc8674273fced99d0374c36e351c40e598a
                                                                                          • Instruction ID: 820b5049f95e3a72b0bc4be9787ca9bc2384040a12e4f1db62f2bb420236fa95
                                                                                          • Opcode Fuzzy Hash: 4f7f968d2f1bddc4f09a461e00c76bc8674273fced99d0374c36e351c40e598a
                                                                                          • Instruction Fuzzy Hash: BEF07AB5D44208ABDB14DF94E885EDEB779BB58700F008119F915A7380E770A9158B95
                                                                                          Uniqueness

                                                                                          Uniqueness Score: -1.00%