Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
5gzbR4Yqta.msi

Overview

General Information

Sample name:5gzbR4Yqta.msi
renamed because original name is a hash value
Original sample name:5c1917c63fc09983d5f31cb7278122405f28364b93956a96cf635e52f7381f2a.msi
Analysis ID:1562405
MD5:8f6e7e5f41552fdeef42a6da33ebaf48
SHA1:c471d1fba01849aa37bd587613246f1b6c0bb62e
SHA256:5c1917c63fc09983d5f31cb7278122405f28364b93956a96cf635e52f7381f2a
Tags:msiSoftwareSupportApSuser-JAMESWT_MHT
Infos:

Detection

Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Found hidden mapped module (file has been removed from disk)
Found pyInstaller with non standard icon
Injects code into the Windows Explorer (explorer.exe)
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Launches processes in debugging mode, may be used to hinder debugging
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 4616 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\5gzbR4Yqta.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 5044 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • ManyCam.exe (PID: 6452 cmdline: "C:\Users\user\AppData\Local\Paperback\ManyCam.exe" MD5: BA699791249C311883BAA8CE3432703B)
      • pcaui.exe (PID: 1908 cmdline: "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Local\Paperback\ManyCam.exe" MD5: 0BA34D8D0BD01CB98F912114ACC7CF19)
      • ManyCam.exe (PID: 3924 cmdline: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exe MD5: BA699791249C311883BAA8CE3432703B)
        • pcaui.exe (PID: 5616 cmdline: "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exe" MD5: 0BA34D8D0BD01CB98F912114ACC7CF19)
        • installer.exe (PID: 6204 cmdline: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe MD5: EC365EBEE931D7E4F59FFBE5099E0BAF)
          • installer.exe (PID: 6812 cmdline: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe MD5: EC365EBEE931D7E4F59FFBE5099E0BAF)
        • cmd.exe (PID: 6544 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 6288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • explorer.exe (PID: 3172 cmdline: C:\Windows\SysWOW64\explorer.exe MD5: DD6597597673F72E10C9DE7901FBA0A8)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Proxy Execution Via Explorer.exe
Source: Process startedAuthor: Furkan CALISKAN, @caliskanfurkan_, @oscd_initiative: Data: Command: C:\Windows\SysWOW64\explorer.exe, CommandLine: C:\Windows\SysWOW64\explorer.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\explorer.exe, NewProcessName: C:\Windows\SysWOW64\explorer.exe, OriginalFileName: C:\Windows\SysWOW64\explorer.exe, ParentCommandLine: C:\Windows\SysWOW64\cmd.exe, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6544, ParentProcessName: cmd.exe, ProcessCommandLine: C:\Windows\SysWOW64\explorer.exe, ProcessId: 3172, ProcessName: explorer.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\uxmnjbxxdjlwAvira: detection malicious, Label: HEUR/AGEN.1351777
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\uxmnjbxxdjlwReversingLabs: Detection: 47%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\uxmnjbxxdjlwJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
Source: Binary string: d:\branch_2.5\bin\cximagecrt.pdb0 source: ManyCam.exe, 00000003.00000003.2219568773.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000002.2247173317.0000000010062000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: installer.exe, 00000007.00000003.2267726171.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\branch_2.5\bin\cximagecrt.pdb source: ManyCam.exe, 00000003.00000003.2219568773.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000002.2247173317.0000000010062000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: installer.exe, 00000007.00000003.2267913719.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: installer.exe, 0000000A.00000002.2413898605.00007FFDA3843000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: installer.exe, 00000007.00000003.2262783264.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb8` source: ManyCam.exe, 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmp, ManyCam.exe, 00000003.00000003.2220115648.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2276932449.0000000000BDD000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: installer.exe, 00000007.00000003.2262967091.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\Program Files\OpenCV\bin\cxcore099.pdb source: ManyCam.exe, 00000003.00000002.2234003884.00000000012D1000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000003.00000003.2219520570.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2278191006.0000000001881000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: wntdll.pdbUGP source: ManyCam.exe, 00000003.00000002.2234400177.0000000001E47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000002.2245967008.000000000AAC0000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2299074092.000000000A88E000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2298055422.000000000A17E000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2298457295.000000000A4D0000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2383787292.0000000005309000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2387501026.0000000007890000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2389236359.0000000006EA0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2386430551.0000000004916000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: ManyCam.exe, 00000003.00000002.2234400177.0000000001E47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000002.2245967008.000000000AAC0000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2299074092.000000000A88E000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2298055422.000000000A17E000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2298457295.000000000A4D0000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2383787292.0000000005309000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2387501026.0000000007890000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2389236359.0000000006EA0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2386430551.0000000004916000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: installer.exe, 00000007.00000003.2262967091.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: installer.exe, 00000007.00000003.2262127297.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb source: ManyCam.exe, 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmp, ManyCam.exe, 00000003.00000003.2220115648.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2276932449.0000000000BDD000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: installer.exe, 00000007.00000003.2261921946.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000002.2414079955.00007FFDA3AF4000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: installer.exe, 00000007.00000003.2261921946.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000002.2414079955.00007FFDA3AF4000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: c:\Program Files\OpenCV\bin\cxcore099.pdbu source: ManyCam.exe, 00000003.00000002.2234003884.00000000012D1000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000003.00000003.2219520570.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2278191006.0000000001881000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: c:\Program Files\OpenCV\bin\cv099.pdb source: ManyCam.exe, 00000003.00000002.2234188136.000000000139F000.00000002.00000001.01000000.00000008.sdmp, ManyCam.exe, 00000003.00000003.2219203725.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2277807566.00000000017AF000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: d:\branch_2.5\Bin\CrashRpt.pdb source: ManyCam.exe, 00000003.00000002.2234624642.0000000002012000.00000002.00000001.01000000.00000006.sdmp, ManyCam.exe, 00000003.00000003.2218843427.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2278984874.0000000002012000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: d:\branch_2.5\bin\ManyCam.pdb source: ManyCam.exe, 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000003.2220921626.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000000.2198631350.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: installer.exe, 00000007.00000003.2263194371.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python313.pdb source: installer.exe, 0000000A.00000002.2411705626.00007FFD93148000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: dbghelp.pdb source: ManyCam.exe, 00000003.00000002.2247353981.000000006D511000.00000020.00000001.01000000.00000007.sdmp
Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_004164A0 lstrlenW,FindFirstFileW,GetFullPathNameW,SetLastError,3_2_004164A0
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: 5_2_004164A0 lstrlenW,FindFirstFileW,GetFullPathNameW,SetLastError,5_2_004164A0
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 4x nop then push ecx3_2_00BC8AFD
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: 5_2_004CA4F0 InternetOpenW,InternetConnectW,HttpOpenRequestW,HttpSendRequestW,InternetReadFile,_DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,_DebugHeapAllocator,IsWindow,PostMessageW,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,5_2_004CA4F0
Source: installer.exe, 00000007.00000003.2267913719.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digi
Source: installer.exe, 00000007.00000003.2267726171.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2265593912.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262127297.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262503388.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2267913719.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262967091.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262293424.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2263194371.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262783264.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22FC000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2266388643.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: installer.exe, 00000007.00000003.2267726171.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2265593912.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22F6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262127297.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262503388.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2267913719.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262967091.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262293424.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2263194371.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262783264.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22FC000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2266388643.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: installer.exe, 00000007.00000003.2267726171.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2265593912.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262127297.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262503388.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2267913719.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262967091.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262293424.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2263194371.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262783264.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2266388643.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: installer.exe, 00000007.00000003.2267726171.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2265593912.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000002.2418103682.000001AFA22FC000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22F6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262127297.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262503388.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2267913719.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262967091.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262293424.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2263194371.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262783264.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2266388643.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: installer.exe, 00000007.00000003.2267726171.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2265593912.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000002.2418103682.000001AFA22FC000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262127297.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262503388.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2267913719.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262967091.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262293424.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2263194371.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262783264.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22FC000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2266388643.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: installer.exe, 00000007.00000003.2267726171.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2265593912.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22F6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262127297.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262503388.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2267913719.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262967091.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262293424.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2263194371.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262783264.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22FC000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2266388643.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: installer.exe, 00000007.00000003.2267726171.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2265593912.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262127297.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262503388.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2267913719.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262967091.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262293424.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2263194371.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262783264.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2266388643.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: installer.exe, 00000007.00000003.2266388643.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: installer.exe, 00000007.00000003.2267726171.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2265593912.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22F6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262127297.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262503388.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2267913719.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262967091.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262293424.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2263194371.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262783264.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22FC000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2266388643.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: ManyCam.exe, ManyCam.exe, 00000005.00000000.2230252938.00000000005A4000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://download.manycam.com
Source: ManyCam.exeString found in binary or memory: http://download.manycam.com/effects/%s/%s?v=%s
Source: ManyCam.exe, 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.2198631350.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://download.manycam.com/effects/%s/%s?v=%sBackgroundsDynamicDynamic
Source: ManyCam.exe, 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.2198631350.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://download.manycam.com/effects/%s/%s?v=%sManyCam
Source: ManyCam.exe, 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.2198631350.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://download.manycam.comNew
Source: ManyCam.exe, 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.2198631350.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://download.manycam.comVerdanaThis
Source: ManyCam.exeString found in binary or memory: http://manycam.com/feedback/?version=%s
Source: ManyCam.exe, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://manycam.com/help/effects
Source: ManyCam.exeString found in binary or memory: http://manycam.com/upload_effect?filepath=
Source: ManyCam.exe, 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.2198631350.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://manycam.com/upload_effect?filepath=ManyCam
Source: installer.exe, 00000007.00000003.2267726171.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2265593912.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22F6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262127297.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262503388.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2267913719.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262967091.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262293424.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2263194371.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262783264.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22FC000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2266388643.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: installer.exe, 00000007.00000003.2267726171.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2265593912.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000002.2418103682.000001AFA22FC000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22F6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262127297.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262503388.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2267913719.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262967091.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262293424.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2263194371.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262783264.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2266388643.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: installer.exe, 00000007.00000003.2267726171.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2265593912.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000002.2418103682.000001AFA22FC000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262127297.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262503388.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2267913719.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262967091.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262293424.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2263194371.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262783264.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22FC000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2266388643.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: installer.exe, 00000007.00000003.2267726171.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2265593912.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262127297.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262503388.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2267913719.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262967091.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262293424.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2263194371.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262783264.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2266388643.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
Source: installer.exe, 00000007.00000003.2267726171.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2265593912.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22F6000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262127297.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262503388.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2267913719.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262967091.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262293424.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2263194371.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2262783264.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2264361513.000001AFA22FC000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 00000007.00000003.2266388643.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: ManyCam.exe, 00000003.00000002.2240916689.00000000081D6000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2291510666.0000000007F37000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2384183978.0000000005660000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2386596647.0000000004C71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
Source: ManyCam.exe, ManyCam.exe, 00000005.00000000.2230252938.00000000005A4000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.manycam.com
Source: ManyCam.exe, ManyCam.exe, 00000005.00000000.2230252938.00000000005A4000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.manycam.com/codec
Source: ManyCam.exe, 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.2198631350.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.manycam.com/codecVerdanaThis
Source: ManyCam.exe, 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.2198631350.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.manycam.com/codecVerdanaTo
Source: ManyCam.exeString found in binary or memory: http://www.manycam.com/help/effects/snapshot/
Source: ManyCam.exe, 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.2198631350.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.manycam.com/help/effects/snapshot/these
Source: ManyCam.exe, 00000003.00000003.2219568773.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000003.2220921626.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000003.2218843427.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.manycam.com0
Source: ManyCam.exe, 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.2198631350.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmpString found in binary or memory: http://www.manycam.comhttp://manycam.com/feedback/?version=%sAnchor
Source: installer.exe, 0000000A.00000003.2278269937.000001B49C024000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000002.2404656358.000001B49C240000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2397330210.000001B49BFF5000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398457424.000001B49C00F000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2277425378.000001B49BFF5000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2399408842.000001B49C021000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2278755108.000001B49C029000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2278065850.000001B49C022000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2400592770.000001B49C02B000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2397821548.000001B49C00D000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2278177514.000001B49C029000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2396761102.000001B49BFF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/howto/mro.html.
Source: installer.exe, 0000000A.00000002.2403277295.000001B49BC00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: installer.exe, 0000000A.00000002.2403277295.000001B49BC00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: installer.exe, 0000000A.00000002.2403277295.000001B49BC84000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: installer.exe, 0000000A.00000002.2403277295.000001B49BC00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: installer.exe, 0000000A.00000002.2403277295.000001B49BC84000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: installer.exe, 0000000A.00000002.2403277295.000001B49BC00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: installer.exe, 0000000A.00000002.2403277295.000001B49BC00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: installer.exe, 0000000A.00000002.2403277295.000001B49BC00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: installer.exe, 0000000A.00000002.2403065297.000001B49A220000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2401621201.000001B49A21B000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398326366.000001B49A1FC000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2401482563.000001B49A217000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398092111.000001B49A1E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: installer.exe, 0000000A.00000003.2398203891.000001B49BF4A000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000002.2403065297.000001B49A220000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2401621201.000001B49A21B000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398326366.000001B49A1FC000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2401482563.000001B49A217000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398280829.000001B49BF51000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398092111.000001B49A1E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: installer.exe, 0000000A.00000002.2403277295.000001B49BC84000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: installer.exe, 0000000A.00000002.2403547605.000001B49BF52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: installer.exe, 0000000A.00000003.2398203891.000001B49BF4A000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000002.2403065297.000001B49A220000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2401621201.000001B49A21B000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398326366.000001B49A1FC000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2401482563.000001B49A217000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398280829.000001B49BF51000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398092111.000001B49A1E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: installer.exe, 0000000A.00000003.2398203891.000001B49BF4A000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000002.2403065297.000001B49A220000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2401621201.000001B49A21B000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398326366.000001B49A1FC000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2401482563.000001B49A217000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398280829.000001B49BF51000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398092111.000001B49A1E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: installer.exe, 0000000A.00000002.2404892860.000001B49C368000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2274781099.000001B49A229000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0205/
Source: installer.exe, 0000000A.00000002.2411705626.00007FFD93148000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
Source: installer.exe, 0000000A.00000002.2411705626.00007FFD93148000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://www.python.org/psf/license/)
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: 5_2_0049D750 GetDC,GetClientRect,CreateCompatibleDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,CreateCompatibleBitmap,SelectObject,GetSysColor,CreateSolidBrush,FillRect,DeleteObject,SelectObject,SelectObject,SelectObject,SelectObject,BitBlt,SelectObject,BitBlt,BitBlt,BitBlt,SelectObject,SelectObject,DeleteObject,DeleteDC,DeleteDC,ReleaseDC,5_2_0049D750
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: 5_2_004DA090: DeviceIoControl,5_2_004DA090
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\508d08.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{8FDAC961-4331-4F87-AE19-F0EC94E6C651}Jump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI91DA.tmpJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\508d0a.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\508d0a.msiJump to behavior
Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\508d0a.msiJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_0050EC903_2_0050EC90
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BD619B3_2_00BD619B
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BD01C03_2_00BD01C0
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BA83803_2_00BA8380
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BBE3403_2_00BBE340
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BD640B3_2_00BD640B
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BC85E23_2_00BC85E2
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BB65603_2_00BB6560
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BBE6803_2_00BBE680
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BC26F03_2_00BC26F0
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BD87403_2_00BD8740
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BB69863_2_00BB6986
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BA09303_2_00BA0930
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BDABB03_2_00BDABB0
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BD8CF03_2_00BD8CF0
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BCEC103_2_00BCEC10
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BB4E303_2_00BB4E30
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BB6E103_2_00BB6E10
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BBEF903_2_00BBEF90
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BACFF03_2_00BACFF0
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BB31B03_2_00BB31B0
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BDB1E03_2_00BDB1E0
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BD91C03_2_00BD91C0
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BCB1303_2_00BCB130
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BB72003_2_00BB7200
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BB74303_2_00BB7430
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BC14103_2_00BC1410
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BC35A03_2_00BC35A0
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BB55F03_2_00BB55F0
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BC16C03_2_00BC16C0
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BC76603_2_00BC7660
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BD96503_2_00BD9650
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BD57D03_2_00BD57D0
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BCB7203_2_00BCB720
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BA78C03_2_00BA78C0
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BB79203_2_00BB7920
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BC9AF03_2_00BC9AF0
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BCBAE03_2_00BCBAE0
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BC7A103_2_00BC7A10
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BD9B003_2_00BD9B00
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BD5C103_2_00BD5C10
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BB3C403_2_00BB3C40
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BB5E3B3_2_00BB5E3B
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: 5_2_0043D0405_2_0043D040
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: 5_2_004410905_2_00441090
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: 5_2_0043D8C05_2_0043D8C0
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: 5_2_00439DC05_2_00439DC0
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Paperback\CrashRpt.dll C28E0AEC124902E948C554436C0EBBEBBA9FC91C906CE2CD887FADA0C64E3386
Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Paperback\ManyCam.exe 7C4EB51A737A81C163F95B50EC54518B82FCF91389D0560E855F3E26CEC07282
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: String function: 00523716 appears 35 times
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: String function: 00416740 appears 203 times
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: String function: 0041A3B0 appears 52 times
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: String function: 00406470 appears 36 times
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: String function: 004B77A0 appears 115 times
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: String function: 0040EA00 appears 47 times
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: String function: 00416740 appears 60 times
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: String function: 004B77A0 appears 101 times
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: String function: 004B76D0 appears 36 times
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: String function: 00BC2CB0 appears 121 times
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: String function: 0047BCF0 appears 141 times
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: String function: 00BBB420 appears 79 times
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: String function: 00BBB4C0 appears 176 times
Source: CrashRpt.dll.2.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: CrashRpt.dll.3.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.7.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: cmd.exe, 00000008.00000002.2387805736.0000000007D40000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2386091577.00000000002F9000.00000002.00000001.01000000.00000000.sdmpBinary or memory string: .a_po^ ojYd.o B U.R G v.Q_F& ZNH K.9.sV`OQ qOq_A( N5.j P.X z.k.Yf_HL.P.L`.C Ue_q_B_t.h{_yr\=A f.3_q_Fvb_H_bm W.UP#.by_iY.Yw I.Y_G p.3c g.Zy S v.U.N C_m Z_i.H_j B l_DH_Pd.iz_O.f~ U z_Mv_d7 T Mz.f.594/}_m kS.v.D u.rZu.S G.N_x.V J.Q.G FO^.X<.6_fv.V ny.L,_E.2.m I_l.b$ Mx sZ.K! p.Y.U.V:U.89 R_H F3.d_R A UQ.C_y y Y Jb.Q_S.N.s< l_Ab~[_w9zV?!C9.N_HQ)*_n R.tP Ww_u aU;.V EPk Xr.Q0.y.A!]_b!7 g.R_pF.E_b o.o.q.o_E.T_rdfw.c}_ck.4.Y_w:_P.B(#`_xy_i.3_Y.A_N.q.6.YE_S_T.R H n.R_d_F.V.s_R68).I aL q.H b.W.Q!.r b_w c c$_va.X_v.tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_C_Q.e J q7E V P.LP_Q.kTN_c.F.D gc.hT_s_Q1
Source: cmd.exe, 00000008.00000002.2387805736.0000000007D40000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2386091577.00000000002F9000.00000002.00000001.01000000.00000000.sdmpBinary or memory string: .tRm l.sln_D c! C.7_F m M_j6 zr.w F i}%_N.RB A7_wG_m.4_A#&.G mCx.Q_s N pTS.n.e C.4_v_
Source: classification engineClassification label: mal96.evad.winMSI@19/53@0/0
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_004B7920 GetLastError,FormatMessageW,GlobalFree,3_2_004B7920
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: 5_2_004CD280 SHChangeNotify,CreateToolhelp32Snapshot,Process32FirstW,CloseHandle,CreateToolhelp32Snapshot,Module32FirstW,CloseHandle,Module32NextW,CloseHandle,Process32NextW,CloseHandle,5_2_004CD280
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_004B2100 CoCreateInstance,3_2_004B2100
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00488A00 FindResourceW,GetLastError,SizeofResource,GetLastError,GetLastError,3_2_00488A00
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CML9209.tmpJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6288:120:WilError_03
Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DFFFDF796510B0FF2E.TMPJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
Source: 5gzbR4Yqta.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 88.31%
Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\5gzbR4Yqta.msi"
Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Paperback\ManyCam.exe "C:\Users\user\AppData\Local\Paperback\ManyCam.exe"
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Local\Paperback\ManyCam.exe"
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeProcess created: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exe C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exe
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exe"
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeProcess created: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeProcess created: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Paperback\ManyCam.exe "C:\Users\user\AppData\Local\Paperback\ManyCam.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Local\Paperback\ManyCam.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeProcess created: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exe C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exe"Jump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeProcess created: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeProcess created: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: cximagecrt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: cxcore099.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: cv099.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: highgui099.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: crashrpt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: opengl32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: glu32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: glu32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: avifil32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: pla.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: tdh.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\pcaui.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\pcaui.exeSection loaded: pcaui.dllJump to behavior
Source: C:\Windows\System32\pcaui.exeSection loaded: dui70.dllJump to behavior
Source: C:\Windows\System32\pcaui.exeSection loaded: wer.dllJump to behavior
Source: C:\Windows\System32\pcaui.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: cximagecrt.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: cxcore099.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: cv099.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: highgui099.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: crashrpt.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: opengl32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: glu32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: glu32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: cxcore099.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: cxcore099.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: avifil32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: avicap32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: msacm32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: msvfw32.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: winmmbase.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: pla.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: tdh.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: cabinet.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: shdocvw.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Windows\System32\pcaui.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Windows\System32\pcaui.exeSection loaded: pcaui.dllJump to behavior
Source: C:\Windows\System32\pcaui.exeSection loaded: dui70.dllJump to behavior
Source: C:\Windows\System32\pcaui.exeSection loaded: wer.dllJump to behavior
Source: C:\Windows\System32\pcaui.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeSection loaded: python3.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: aepic.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: twinapi.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Windows\SysWOW64\explorer.exeSection loaded: shdocvw.dllJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: 5gzbR4Yqta.msiStatic file information: File size 36790272 > 1048576
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
Source: Binary string: d:\branch_2.5\bin\cximagecrt.pdb0 source: ManyCam.exe, 00000003.00000003.2219568773.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000002.2247173317.0000000010062000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: installer.exe, 00000007.00000003.2267726171.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: d:\branch_2.5\bin\cximagecrt.pdb source: ManyCam.exe, 00000003.00000003.2219568773.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000002.2247173317.0000000010062000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: installer.exe, 00000007.00000003.2267913719.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: installer.exe, 0000000A.00000002.2413898605.00007FFDA3843000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: installer.exe, 00000007.00000003.2262783264.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb8` source: ManyCam.exe, 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmp, ManyCam.exe, 00000003.00000003.2220115648.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2276932449.0000000000BDD000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: installer.exe, 00000007.00000003.2262967091.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\Program Files\OpenCV\bin\cxcore099.pdb source: ManyCam.exe, 00000003.00000002.2234003884.00000000012D1000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000003.00000003.2219520570.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2278191006.0000000001881000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: wntdll.pdbUGP source: ManyCam.exe, 00000003.00000002.2234400177.0000000001E47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000002.2245967008.000000000AAC0000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2299074092.000000000A88E000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2298055422.000000000A17E000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2298457295.000000000A4D0000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2383787292.0000000005309000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2387501026.0000000007890000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2389236359.0000000006EA0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2386430551.0000000004916000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: wntdll.pdb source: ManyCam.exe, 00000003.00000002.2234400177.0000000001E47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000002.2245967008.000000000AAC0000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2299074092.000000000A88E000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2298055422.000000000A17E000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2298457295.000000000A4D0000.00000004.00000800.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2383787292.0000000005309000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2387501026.0000000007890000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2389236359.0000000006EA0000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2386430551.0000000004916000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: installer.exe, 00000007.00000003.2262967091.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: installer.exe, 00000007.00000003.2262127297.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb source: ManyCam.exe, 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmp, ManyCam.exe, 00000003.00000003.2220115648.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2276932449.0000000000BDD000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: installer.exe, 00000007.00000003.2261921946.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000002.2414079955.00007FFDA3AF4000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: installer.exe, 00000007.00000003.2261921946.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000002.2414079955.00007FFDA3AF4000.00000002.00000001.01000000.00000014.sdmp
Source: Binary string: c:\Program Files\OpenCV\bin\cxcore099.pdbu source: ManyCam.exe, 00000003.00000002.2234003884.00000000012D1000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 00000003.00000003.2219520570.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2278191006.0000000001881000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: c:\Program Files\OpenCV\bin\cv099.pdb source: ManyCam.exe, 00000003.00000002.2234188136.000000000139F000.00000002.00000001.01000000.00000008.sdmp, ManyCam.exe, 00000003.00000003.2219203725.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2277807566.00000000017AF000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: d:\branch_2.5\Bin\CrashRpt.pdb source: ManyCam.exe, 00000003.00000002.2234624642.0000000002012000.00000002.00000001.01000000.00000006.sdmp, ManyCam.exe, 00000003.00000003.2218843427.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2278984874.0000000002012000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: d:\branch_2.5\bin\ManyCam.pdb source: ManyCam.exe, 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000003.2220921626.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000000.2198631350.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: installer.exe, 00000007.00000003.2263194371.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python313.pdb source: installer.exe, 0000000A.00000002.2411705626.00007FFD93148000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: dbghelp.pdb source: ManyCam.exe, 00000003.00000002.2247353981.000000006D511000.00000020.00000001.01000000.00000007.sdmp
Source: VCRUNTIME140.dll.7.drStatic PE information: 0x78BDDED1 [Sat Mar 11 17:01:05 2034 UTC]
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_0052309D IsProcessorFeaturePresent,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,InterlockedCompareExchange,GetProcessHeap,HeapFree,3_2_0052309D
Source: cxcore099.dll.3.drStatic PE information: real checksum: 0xe6401 should be: 0xec813
Source: cxcore099.dll.2.drStatic PE information: real checksum: 0xe6401 should be: 0xec813
Source: uxmnjbxxdjlw.8.drStatic PE information: real checksum: 0x0 should be: 0x7b9a8
Source: libcrypto-3.dll.7.drStatic PE information: section name: .00cfg
Source: python313.dll.7.drStatic PE information: section name: PyRuntim
Source: VCRUNTIME140.dll.7.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.7.drStatic PE information: section name: _RDATA
Source: uxmnjbxxdjlw.8.drStatic PE information: section name: .textbss
Source: uxmnjbxxdjlw.8.drStatic PE information: section name: wpbdfg
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_005242D1 push ecx; ret 3_2_005242E4
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BDC355 push ecx; ret 3_2_00BDC368
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: 5_2_005242D1 push ecx; ret 5_2_005242E4

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeProcess created: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62042\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62042\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62042\_ctypes.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62042\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Paperback\cv099.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\Updateultra_4\CrashRpt.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Paperback\cximagecrt.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\Updateultra_4\cxcore099.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Paperback\cxcore099.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62042\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62042\select.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\Updateultra_4\cximagecrt.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62042\unicodedata.pydJump to dropped file
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\Updateultra_4\highgui099.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62042\_decimal.pydJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\uxmnjbxxdjlwJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62042\libffi-8.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Paperback\dbghelp.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\Updateultra_4\cv099.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Paperback\CrashRpt.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62042\python313.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\Updateultra_4\dbghelp.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62042\_lzma.pydJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Paperback\ManyCam.exeJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Paperback\highgui099.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI62042\libcrypto-3.dllJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\uxmnjbxxdjlwJump to dropped file

Hooking and other Techniques for Hiding and Protection

barindex
Found hidden mapped module (file has been removed from disk)
Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\UXMNJBXXDJLW
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: 5_2_00446050 IsIconic,5_2_00446050
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeProcess information set: NOGPFAULTERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Switches to a custom stack to bypass stack traces
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeAPI/Special instruction interceptor: Address: 6CDA7C44
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeAPI/Special instruction interceptor: Address: 6CDA7C44
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeAPI/Special instruction interceptor: Address: 6CDA7945
Source: C:\Windows\SysWOW64\cmd.exeAPI/Special instruction interceptor: Address: 6CDA3B54
Source: C:\Windows\SysWOW64\explorer.exeAPI/Special instruction interceptor: Address: 71A317
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: cmd.exe, 00000008.00000002.2387805736.0000000007D40000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2386150647.000000000032C000.00000002.00000001.01000000.00000000.sdmpBinary or memory string: ORIGINALFILENAMECFF EXPLORER.EXE:
Source: cmd.exe, 00000008.00000002.2387805736.0000000007D40000.00000004.00001000.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2386150647.000000000032C000.00000002.00000001.01000000.00000000.sdmpBinary or memory string: INTERNALNAMECFF EXPLORER.EXE
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62042\_socket.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62042\select.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62042\unicodedata.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62042\_ctypes.pydJump to dropped file
Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\uxmnjbxxdjlwJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62042\_decimal.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62042\_bz2.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62042\python313.dllJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62042\_lzma.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62042\_hashlib.pydJump to dropped file
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI62042\libcrypto-3.dllJump to dropped file
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_004164A0 lstrlenW,FindFirstFileW,GetFullPathNameW,SetLastError,3_2_004164A0
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: 5_2_004164A0 lstrlenW,FindFirstFileW,GetFullPathNameW,SetLastError,5_2_004164A0
Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00523722 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,3_2_00523722
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_0052309D IsProcessorFeaturePresent,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,InterlockedCompareExchange,GetProcessHeap,HeapFree,3_2_0052309D
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00523077 GetProcessHeap,HeapFree,3_2_00523077
Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Paperback\ManyCam.exe "C:\Users\user\AppData\Local\Paperback\ManyCam.exe"Jump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00523722 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,3_2_00523722
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00BDBBB6 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,3_2_00BDBBB6
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: 5_2_0052450F SetUnhandledExceptionFilter,5_2_0052450F

HIPS / PFW / Operating System Protection Evasion

barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeNtQuerySystemInformation: Direct from: 0x773763E1Jump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeNtSetInformationThread: Direct from: 0x6D51245DJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeNtProtectVirtualMemory: Direct from: 0x77377B2EJump to behavior
Injects code into the Windows Explorer (explorer.exe)
Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 3172 base: 7179C0 value: 55Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeMemory written: PID: 3172 base: 2B0000 value: 00Jump to behavior
Maps a DLL or memory area into another process
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Windows\SysWOW64\explorer.exe protection: read writeJump to behavior
Writes to foreign memory regions
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 7179C0Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Windows\SysWOW64\explorer.exe base: 2B0000Jump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeProcess created: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeProcess created: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\local\paperback\manycam.exe"
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\roaming\updateultra_4\manycam.exe"
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\local\paperback\manycam.exe"Jump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\roaming\updateultra_4\manycam.exe"Jump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: 5_2_00524440 cpuid 5_2_00524440
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042 VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exeQueries volume information: C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_00524748 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,3_2_00524748
Source: C:\Users\user\AppData\Local\Paperback\ManyCam.exeCode function: 3_2_004170D0 memset,GetVersionExW,3_2_004170D0
Source: C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exeCode function: 5_2_0050C470 glViewport,glDisable,glLightfv,glLightfv,glLightfv,glEnable,glEnable,glEnable,glShadeModel,glClearColor,glClear,glEnable,glBindTexture,glPixelStorei,glTexSubImage2D,glMatrixMode,glLoadIdentity,glOrtho,glMatrixMode,glLoadIdentity,glBegin,glTexCoord2d,glVertex2d,glTexCoord2d,glVertex2d,glTexCoord2d,glVertex2d,glTexCoord2d,glVertex2d,glEnd,glDisable,glClear,glMatrixMode,glLoadMatrixf,glMatrixMode,glLoadMatrixf,glPushMatrix,glTranslatef,glRotatef,glColor3f,glDisable,glCullFace,gluQuadricOrientation,glPolygonMode,gluQuadricNormals,gluCylinder,glPopMatrix,5_2_0050C470

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure1
Replication Through Removable Media		1
Command and Scripting Interpreter		11
DLL Side-Loading		311
Process Injection		21
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Screen Capture		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts1
Native API		Boot or Logon Initialization Scripts1
Abuse Elevation Control Mechanism		1
Disable or Modify Tools		LSASS Memory32
Security Software Discovery		Remote Desktop Protocol1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)11
DLL Side-Loading		311
Process Injection		Security Account Manager2
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Deobfuscate/Decode Files or Information		NTDS1
Application Window Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Abuse Elevation Control Mechanism		LSA Secrets11
Peripheral Device Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
Obfuscated Files or Information		Cached Domain Credentials1
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Timestomp		DCSync124
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
File Deletion		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1562405 Sample: 5gzbR4Yqta.msi Startdate: 25/11/2024 Architecture: WINDOWS Score: 96 67 Antivirus detection for dropped file 2->67 69 Multi AV Scanner detection for dropped file 2->69 71 Machine Learning detection for dropped file 2->71 73 AI detected suspicious sample 2->73 9 msiexec.exe 83 43 2->9         started        12 msiexec.exe 3 2->12         started        process3 file4 51 C:\Users\user\AppData\...\highgui099.dll, PE32 9->51 dropped 53 C:\Users\user\AppData\...\cximagecrt.dll, PE32 9->53 dropped 55 C:\Users\user\AppData\Local\...\cxcore099.dll, PE32 9->55 dropped 57 4 other files (3 malicious) 9->57 dropped 14 ManyCam.exe 10 9->14         started        process5 file6 59 C:\Users\user\AppData\...\highgui099.dll, PE32 14->59 dropped 61 C:\Users\user\AppData\...\cximagecrt.dll, PE32 14->61 dropped 63 C:\Users\user\AppData\...\cxcore099.dll, PE32 14->63 dropped 65 4 other files (3 malicious) 14->65 dropped 93 Switches to a custom stack to bypass stack traces 14->93 95 Found direct / indirect Syscall (likely to bypass EDR) 14->95 18 ManyCam.exe 3 14->18         started        22 pcaui.exe 14->22         started        signatures7 process8 file9 39 C:\Users\user\AppData\...\installer.exe, PE32+ 18->39 dropped 77 Maps a DLL or memory area into another process 18->77 79 Switches to a custom stack to bypass stack traces 18->79 81 Found direct / indirect Syscall (likely to bypass EDR) 18->81 24 installer.exe 14 18->24         started        28 cmd.exe 2 18->28         started        30 pcaui.exe 18->30         started        signatures10 process11 file12 41 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 24->41 dropped 43 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 24->43 dropped 45 C:\Users\user\AppData\Local\...\python313.dll, PE32+ 24->45 dropped 49 9 other malicious files 24->49 dropped 83 Found pyInstaller with non standard icon 24->83 32 installer.exe 24->32         started        47 C:\Users\user\AppData\Local\...\uxmnjbxxdjlw, PE32 28->47 dropped 85 Injects code into the Windows Explorer (explorer.exe) 28->85 87 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 28->87 89 Writes to foreign memory regions 28->89 91 3 other signatures 28->91 34 explorer.exe 28->34         started        37 conhost.exe 28->37         started        signatures13 process14 signatures15 75 Switches to a custom stack to bypass stack traces 34->75

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
5gzbR4Yqta.msi8%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\uxmnjbxxdjlw100%AviraHEUR/AGEN.1351777
C:\Users\user\AppData\Local\Temp\uxmnjbxxdjlw100%Joe Sandbox ML
C:\Users\user\AppData\Local\Paperback\CrashRpt.dll0%ReversingLabs
C:\Users\user\AppData\Local\Paperback\ManyCam.exe0%ReversingLabs
C:\Users\user\AppData\Local\Paperback\cv099.dll0%ReversingLabs
C:\Users\user\AppData\Local\Paperback\cxcore099.dll0%ReversingLabs
C:\Users\user\AppData\Local\Paperback\cximagecrt.dll0%ReversingLabs
C:\Users\user\AppData\Local\Paperback\dbghelp.dll0%ReversingLabs
C:\Users\user\AppData\Local\Paperback\highgui099.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62042\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62042\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62042\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62042\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62042\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62042\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62042\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62042\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62042\libffi-8.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62042\python313.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62042\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI62042\unicodedata.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\uxmnjbxxdjlw47%ReversingLabsWin32.Adware.RedCap
C:\Users\user\AppData\Roaming\Updateultra_4\CrashRpt.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe3%ReversingLabs
C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exe0%ReversingLabs
C:\Users\user\AppData\Roaming\Updateultra_4\cv099.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Updateultra_4\cxcore099.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Updateultra_4\cximagecrt.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Updateultra_4\dbghelp.dll0%ReversingLabs
C:\Users\user\AppData\Roaming\Updateultra_4\highgui099.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://download.manycam.com/effects/%s/%s?v=%s0%Avira URL Cloudsafe
http://download.manycam.com/effects/%s/%s?v=%sBackgroundsDynamicDynamic0%Avira URL Cloudsafe
http://www.manycam.com/help/effects/snapshot/these0%Avira URL Cloudsafe
http://download.manycam.comVerdanaThis0%Avira URL Cloudsafe
http://www.manycam.com00%Avira URL Cloudsafe
http://www.manycam.com0%Avira URL Cloudsafe
http://www.manycam.com/codec0%Avira URL Cloudsafe
http://www.manycam.com/codecVerdanaThis0%Avira URL Cloudsafe
http://www.manycam.com/help/effects/snapshot/0%Avira URL Cloudsafe
http://www.manycam.com/codecVerdanaTo0%Avira URL Cloudsafe
http://download.manycam.com0%Avira URL Cloudsafe
http://www.manycam.comhttp://manycam.com/feedback/?version=%sAnchor0%Avira URL Cloudsafe
http://download.manycam.com/effects/%s/%s?v=%sManyCam0%Avira URL Cloudsafe
http://download.manycam.comNew0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://download.manycam.com/effects/%s/%s?v=%sManyCam.exefalse
  • Avira URL Cloud: safe
unknown
http://www.manycam.com/codecManyCam.exe, ManyCam.exe, 00000005.00000000.2230252938.00000000005A4000.00000002.00000001.01000000.0000000B.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688installer.exe, 0000000A.00000002.2403277295.000001B49BC84000.00000004.00001000.00020000.00000000.sdmpfalse
    		high
    http://www.manycam.com/codecVerdanaThisManyCam.exe, 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.2198631350.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codeinstaller.exe, 0000000A.00000002.2403277295.000001B49BC00000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      http://manycam.com/help/effectsManyCam.exe, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmpfalse
        		high
        https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerinstaller.exe, 0000000A.00000003.2398203891.000001B49BF4A000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000002.2403065297.000001B49A220000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2401621201.000001B49A21B000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398326366.000001B49A1FC000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2401482563.000001B49A217000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398280829.000001B49BF51000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398092111.000001B49A1E8000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourceinstaller.exe, 0000000A.00000002.2403277295.000001B49BC84000.00000004.00001000.00020000.00000000.sdmpfalse
            		high
            http://download.manycam.com/effects/%s/%s?v=%sBackgroundsDynamicDynamicManyCam.exe, 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.2198631350.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.manycam.com/help/effects/snapshot/ManyCam.exefalse
            • Avira URL Cloud: safe
            		unknown
            https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_moduleinstaller.exe, 0000000A.00000002.2403277295.000001B49BC00000.00000004.00001000.00020000.00000000.sdmpfalse
              		high
              https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specinstaller.exe, 0000000A.00000002.2403277295.000001B49BC00000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://docs.python.org/3/howto/mro.html.installer.exe, 0000000A.00000003.2278269937.000001B49C024000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000002.2404656358.000001B49C240000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2397330210.000001B49BFF5000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398457424.000001B49C00F000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2277425378.000001B49BFF5000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2399408842.000001B49C021000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2278755108.000001B49C029000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2278065850.000001B49C022000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2400592770.000001B49C02B000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2397821548.000001B49C00D000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2278177514.000001B49C029000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2396761102.000001B49BFF5000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_packageinstaller.exe, 0000000A.00000002.2403277295.000001B49BC00000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesinstaller.exe, 0000000A.00000002.2403277295.000001B49BC00000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#installer.exe, 0000000A.00000003.2398203891.000001B49BF4A000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000002.2403065297.000001B49A220000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2401621201.000001B49A21B000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398326366.000001B49A1FC000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2401482563.000001B49A217000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398280829.000001B49BF51000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398092111.000001B49A1E8000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_datainstaller.exe, 0000000A.00000002.2403065297.000001B49A220000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2401621201.000001B49A21B000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398326366.000001B49A1FC000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2401482563.000001B49A217000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398092111.000001B49A1E8000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://www.manycam.comManyCam.exe, ManyCam.exe, 00000005.00000000.2230252938.00000000005A4000.00000002.00000001.01000000.0000000B.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_moduleinstaller.exe, 0000000A.00000002.2403277295.000001B49BC84000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syinstaller.exe, 0000000A.00000003.2398203891.000001B49BF4A000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000002.2403065297.000001B49A220000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2401621201.000001B49A21B000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398326366.000001B49A1FC000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2401482563.000001B49A217000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398280829.000001B49BF51000.00000004.00000020.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2398092111.000001B49A1E8000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://manycam.com/upload_effect?filepath=ManyCam.exefalse
                                		high
                                http://www.manycam.com/codecVerdanaToManyCam.exe, 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.2198631350.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.manycam.com/help/effects/snapshot/theseManyCam.exe, 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.2198631350.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://manycam.com/upload_effect?filepath=ManyCamManyCam.exe, 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.2198631350.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmpfalse
                                  		high
                                  http://www.manycam.com0ManyCam.exe, 00000003.00000003.2219568773.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000003.2220921626.0000000000CA2000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000003.00000003.2218843427.0000000000CA2000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://download.manycam.comVerdanaThisManyCam.exe, 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.2198631350.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.info-zip.org/ManyCam.exe, 00000003.00000002.2240916689.00000000081D6000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000005.00000002.2291510666.0000000007F37000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000008.00000002.2384183978.0000000005660000.00000004.00000800.00020000.00000000.sdmp, explorer.exe, 0000000C.00000002.2386596647.0000000004C71000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://cacerts.digiinstaller.exe, 00000007.00000003.2267913719.000001AFA22EF000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://download.manycam.comManyCam.exe, ManyCam.exe, 00000005.00000000.2230252938.00000000005A4000.00000002.00000001.01000000.0000000B.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.manycam.comhttp://manycam.com/feedback/?version=%sAnchorManyCam.exe, 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.2198631350.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://download.manycam.com/effects/%s/%s?v=%sManyCamManyCam.exe, 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.2198631350.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://peps.python.org/pep-0205/installer.exe, 0000000A.00000002.2404892860.000001B49C368000.00000004.00001000.00020000.00000000.sdmp, installer.exe, 0000000A.00000003.2274781099.000001B49A229000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://download.manycam.comNewManyCam.exe, 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000003.00000000.2198631350.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000005.00000002.2275958976.000000000053B000.00000002.00000001.01000000.0000000B.sdmp, ManyCam.exe, 00000005.00000000.2229869519.000000000053B000.00000002.00000001.01000000.0000000B.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.python.org/psf/license/)installer.exe, 0000000A.00000002.2411705626.00007FFD93148000.00000002.00000001.01000000.00000013.sdmpfalse
                                          		high
                                          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyinstaller.exe, 0000000A.00000002.2403547605.000001B49BF52000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://manycam.com/feedback/?version=%sManyCam.exefalse
                                              		high
                                              https://peps.python.org/pep-0263/installer.exe, 0000000A.00000002.2411705626.00007FFD93148000.00000002.00000001.01000000.00000013.sdmpfalse
                                                		high
                                                https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenameinstaller.exe, 0000000A.00000002.2403277295.000001B49BC00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high

                                                  World Map of Contacted IPs

                                                  No contacted IP infos

                                                  General Information

                                                  Joe Sandbox version:41.0.0 Charoite
                                                  Analysis ID:1562405
                                                  Start date and time:2024-11-25 15:14:26 +01:00
                                                  Joe Sandbox product:CloudBasic
                                                  Overall analysis duration:0h 9m 37s
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:full
                                                  Cookbook file name:default.jbs
                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                  Number of analysed new started processes analysed:14
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:0
                                                  Technologies:
                                                  • HCA enabled
                                                  • EGA enabled
                                                  • AMSI enabled
                                                  Analysis Mode:default
                                                  Analysis stop reason:Timeout
                                                  Sample name:5gzbR4Yqta.msi
                                                  renamed because original name is a hash value
                                                  Original Sample Name:5c1917c63fc09983d5f31cb7278122405f28364b93956a96cf635e52f7381f2a.msi
                                                  Detection:MAL
                                                  Classification:mal96.evad.winMSI@19/53@0/0
                                                  EGA Information:Failed
                                                  HCA Information:
                                                  • Successful, ratio: 100%
                                                  • Number of executed functions: 0
                                                  • Number of non-executed functions: 297
                                                  Cookbook Comments:
                                                  • Found application associated with file extension: .msi

                                                  Warnings

                                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                  • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                  • Execution Graph export aborted for target ManyCam.exe, PID 3924 because there are no executed function
                                                  • Execution Graph export aborted for target ManyCam.exe, PID 6452 because there are no executed function
                                                  • Not all processes where analyzed, report is missing behavior information
                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                  • VT rate limit hit for: 5gzbR4Yqta.msi

                                                  Simulations

                                                  Behavior and APIs

                                                  TimeTypeDescription
                                                  09:15:30API Interceptor2x Sleep call for process: ManyCam.exe modified
                                                  09:15:42API Interceptor1x Sleep call for process: cmd.exe modified

                                                  Joe Sandbox View / Context

                                                  IPs

                                                  No context

                                                  Domains

                                                  No context

                                                  ASNs

                                                  No context

                                                  JA3 Fingerprints

                                                  No context

                                                  Dropped Files

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  C:\Users\user\AppData\Local\Paperback\ManyCam.exefile.exeGet hashmaliciousUnknownBrowse
                                                    iieCxV2b1n.msiGet hashmaliciousRedLineBrowse
                                                      kvW4hZu9JA.msiGet hashmaliciousUnknownBrowse
                                                        PauizRq7By.msiGet hashmaliciousRHADAMANTHYSBrowse
                                                          XtDhwVrVKn.exeGet hashmaliciousUnknownBrowse
                                                            VqBVE8dJEA.exeGet hashmaliciousRemcosBrowse
                                                              C:\Users\user\AppData\Local\Paperback\CrashRpt.dllfile.exeGet hashmaliciousUnknownBrowse
                                                                iieCxV2b1n.msiGet hashmaliciousRedLineBrowse
                                                                  kvW4hZu9JA.msiGet hashmaliciousUnknownBrowse
                                                                    PauizRq7By.msiGet hashmaliciousRHADAMANTHYSBrowse
                                                                      XtDhwVrVKn.exeGet hashmaliciousUnknownBrowse
                                                                        VqBVE8dJEA.exeGet hashmaliciousRemcosBrowse

                                                                          Created / dropped Files

                                                                          C:\Config.Msi\508d09.rbs

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:modified
                                                                          Size (bytes):9602
                                                                          Entropy (8bit):5.664102537457672
                                                                          Encrypted:false
                                                                          SSDEEP:192:0YX/mH11LxrmBq0qQ/Q2IWeN4eYBINeYBZmyYBE70ept:0Y+H11LxrmBlP/Q2IIeZeyL
                                                                          MD5:FDC3004DB0538C0B2DB19C531669F9DA
                                                                          SHA1:A8DD9DAA0D9F330107D0E31B59D59EEB16899454
                                                                          SHA-256:839CF0772A8BDE1F3FAC7AB5CF4986C8576EBA70EF66E78203DDD525ADC2A272
                                                                          SHA-512:052194A71D3C45B25163FFAFC88F8A4174DCAEEAD77333AB35658C84B8C2C2C667C7BF047E4B60588C34180F97ABA48CF7531209646A0D774CD1E177DD7C2CE3
                                                                          Malicious:false
                                                                          Reputation:low
                                                                          Preview:...@IXOS.@.....@.IyY.@.....@.....@.....@.....@.....@......&.{8FDAC961-4331-4F87-AE19-F0EC94E6C651}..Dollop..5gzbR4Yqta.msi.@.....@.....@.....@........&.{4AFBC8A4-8A74-43B1-94FA-C9401DB1B574}.....@.....@.....@.....@.......@.....@.....@.......@......Dollop......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{5FBFA771-A56F-5BBA-97E6-AE549513CEC3}&.{8FDAC961-4331-4F87-AE19-F0EC94E6C651}.@......&.{64497C92-0CBA-56A8-ABE9-84FBB606A4C1}&.{8FDAC961-4331-4F87-AE19-F0EC94E6C651}.@......&.{C744855E-6043-5234-B976-99FC308C9F9A}&.{8FDAC961-4331-4F87-AE19-F0EC94E6C651}.@......&.{75043D25-E07C-5D72-A242-74304A9551BC}&.{8FDAC961-4331-4F87-AE19-F0EC94E6C651}.@......&.{D203F763-49AD-52E8-92EE-82D3ED45B042}&.{8FDAC961-4331-4F87-AE19-F0EC94E6C651}.@......&.{57D8E57D-B86F-5E6D-82E4-04537329CE68}&.{8FDAC961-4331-4F87-AE19-F0EC94E6C651}.@......&.{4D486063-5478-582E-9B7C-B3E6ED384946}&.{8FDAC961-4331-4F87-AE19-F0E

                                                                          C:\Users\user\AppData\Local\Paperback\CrashRpt.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):123976
                                                                          Entropy (8bit):6.382577198291231
                                                                          Encrypted:false
                                                                          SSDEEP:3072:fzjKVg7GOfS5SqPcCXA4SQlah+8Z4OAAHWTtopW+Z:fzjKVg7GOESqPcCXxT8hhZ4OAAHW2Wa
                                                                          MD5:B2D1F5E4A1F0E8D85F0A8AEB7B8148C7
                                                                          SHA1:871078213FCC0CE143F518BD69CAA3156B385415
                                                                          SHA-256:C28E0AEC124902E948C554436C0EBBEBBA9FC91C906CE2CD887FADA0C64E3386
                                                                          SHA-512:1F6D97E02CD684CF4F4554B0E819196BD2811E19B964A680332268BCBB6DEE0E17B2B35B6E66F0FE5622DFFB0A734F39F8E49637A38E4FE7F10D3B5182B30260
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Joe Sandbox View:
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: iieCxV2b1n.msi, Detection: malicious, Browse
                                                                          • Filename: kvW4hZu9JA.msi, Detection: malicious, Browse
                                                                          • Filename: PauizRq7By.msi, Detection: malicious, Browse
                                                                          • Filename: XtDhwVrVKn.exe, Detection: malicious, Browse
                                                                          • Filename: VqBVE8dJEA.exe, Detection: malicious, Browse
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................W.....U.....U.............U.......U.......U.....U.....U....Rich....................PE..L.....M...........!................'........ ......................................Gb..............................P........t..........d%..............H...........`$..............................0W..@............ ...............................text...8........................... ..`.rdata../l... ...n..................@..@.data...t...........................@....rsrc...d%.......&..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Paperback\ManyCam.exe

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1756232
                                                                          Entropy (8bit):6.047140524753333
                                                                          Encrypted:false
                                                                          SSDEEP:49152:wlkcF8MnJ6tdGeHzpNTxlSvQynZAWBM2FU+SrzcBsWLZF5:wlf8MnJ6tdGeHzpNTxlSvfnOWC6U5Ed5
                                                                          MD5:BA699791249C311883BAA8CE3432703B
                                                                          SHA1:F8734601F9397CB5EBB8872AF03F5B0639C2EAC6
                                                                          SHA-256:7C4EB51A737A81C163F95B50EC54518B82FCF91389D0560E855F3E26CEC07282
                                                                          SHA-512:6A0386424C61FBF525625EBE53BB2193ACCD51C2BE9A2527FD567D0A6E112B0D1A047D8F7266D706B726E9C41EA77496E1EDE186A5E59F5311EEEA829A302325
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Joe Sandbox View:
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: iieCxV2b1n.msi, Detection: malicious, Browse
                                                                          • Filename: kvW4hZu9JA.msi, Detection: malicious, Browse
                                                                          • Filename: PauizRq7By.msi, Detection: malicious, Browse
                                                                          • Filename: XtDhwVrVKn.exe, Detection: malicious, Browse
                                                                          • Filename: VqBVE8dJEA.exe, Detection: malicious, Browse
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3...R..R..R..f]..R..2...R....R....R....R....R..R..Q.....R....R....R..Rich.R..........................PE..L...e..M............................|B............@.................................f.........P......................................@..................H............................................d..@............................................text...b........................... ..`.rdata..B...........................@..@.data........P.......P..............@....rsrc........@......................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Paperback\cv099.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):679936
                                                                          Entropy (8bit):6.674616014554414
                                                                          Encrypted:false
                                                                          SSDEEP:12288:dHxL34kbwAQR5+ERTJGZfnpyvhZFjtJbPbwQjtX5ooVyPMDFdqvGHjucsEUNwm/7:dzbwAQR57RJGoxjP7/2+HINwwb
                                                                          MD5:2A8B33FEE2F84490D52A3A7C75254971
                                                                          SHA1:16CE2B1632A17949B92CE32A6211296FEE431DCA
                                                                          SHA-256:FAFF6A0745E1720413A028F77583FFF013C3F4682756DC717A0549F1BE3FEFC2
                                                                          SHA-512:8DAF104582547D6B3A6D8698836E279D88AD9A870E9FDD66C319ECADA3757A3997F411976461ED30A5D24436BAA7504355B49D4ACEC2F7CDFE10E1E392E0F7FB
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.IO.q'..q'..q'...Y..q'.:.J..q'.:.Z..q'.:.\..q'..q&..q'.:.I.#q'.:.]..q'.:.[..q'.:._..q'.Rich.q'.........PE..L.....YM...........!.........p..........................................................................................a+......P.......,.......................T9..P...................................@...............,............................text............................... ..`.rdata..............................@..@.data...........0..................@....rsrc...,...........................@..@.reloc...:.......@... ..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Paperback\cxcore099.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):929792
                                                                          Entropy (8bit):6.883334633428464
                                                                          Encrypted:false
                                                                          SSDEEP:24576:/NzLaQGpXDCfZCgs1ruSteHz3+AbEOyIrbayyw:qmsgUeTOIrbD
                                                                          MD5:304C82D6E1C56029D632A4AE65AE12A2
                                                                          SHA1:1A6C172722502275ACE0B973338E2DCB430BFB6B
                                                                          SHA-256:ED60D9A155D2EEFDF44E0BB4C68E7C809EB46735636AA40E33F429D1B8FF0556
                                                                          SHA-512:6FB92ED569A4032A04FE633709906AD66E99D611502EA86ACE64A6F5B5E64155B9AFD4DC2539B1667A1D54A74567110893C1E4C4B535B214782D415F77AB307D
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................&......&......&............&......&......&......&.....Rich...........PE..L...w.YM...........!......... .......................................................d..................................b(......d....@..4....................P...e......................................@...............H............................text............................... ..`.rdata..b/.......0..................@..@.data........@...p...@..............@....rsrc...4....@......................@..@.reloc...g...P...p..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Paperback\cximagecrt.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):498760
                                                                          Entropy (8bit):6.674124910838454
                                                                          Encrypted:false
                                                                          SSDEEP:12288:fJaqPgrHZx0Cxn0P5ASCH8aH6IAC+tITsQ8p:fkqPgr5x0Cxn0P5ASCH8aaIACDTx8p
                                                                          MD5:C36F6E088C6457A43ADB7EDCD17803F3
                                                                          SHA1:B25B9FB4C10B8421C8762C7E7B3747113D5702DE
                                                                          SHA-256:8E1243454A29998CC7DC89CAECFADC0D29E00E5776A8B5777633238B8CD66F72
                                                                          SHA-512:87CAD4C3059BD7DE02338922CF14E515AF5CAD663D473B19DD66A4C8BEFC8BCE61C9C2B5A14671BC71951FDFF345E4CA7A799250D622E2C9236EC03D74D4FE4E
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B2/..SA[.SA[.SA[..?[.SA[!.<[.SA[!.:[.SA[.S@[.SA[!.,[ISA[!./["SA[!.;[.SA[!.9[.SA[Rich.SA[................PE..L......M...........!.........`......]........ ......................................a!..................................#U..t...x....@..................H....P... ..p"..............................@...@............ ..X............................text............................... ..`.rdata....... ....... ..............@..@.data...<....0.......0..............@....rsrc........@.......@..............@..@.reloc..n!...P...0...P..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Paperback\dbghelp.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):489984
                                                                          Entropy (8bit):6.620591640062086
                                                                          Encrypted:false
                                                                          SSDEEP:6144:p3KP8f7yHkluOutwm5ZNetC5IlhhMUyFWgQK7x5Iz4JxRRAuUzT/9cl84S683WbX:psX5ZNG2y1ycw5IGxRwVc6683WbXn
                                                                          MD5:E458D88C71990F545EF941CD16080BAD
                                                                          SHA1:CD24CCEC2493B64904CF3C139CD8D58D28D5993B
                                                                          SHA-256:5EC121730240548A85B7EF1F7E30D5FDBEE153BB20DD92C2D44BF37395294EC0
                                                                          SHA-512:B1755E3DB10B1D12D6EAFFD1D91F5CA5E0F9F8AE1350675BC44AE7A4AF4A48090A9828A8ACBBC69C5813EAC23E02576478113821CB2E04B6288E422F923B446F
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$..`..`..`.....I.....b..`........k......g.....p.....a......a.....w.....a..Rich`..........PE..L.....m=...........!................5l............Qm................................................................0.......$...x....P.......................`...K..@................................................................................text............................... ..`.data...,@.......*..................@....rsrc........P......................@..@.reloc...e...`...f..................@..B..m=8...(.m=C...(.m=P.......Z...(.m=f...).m=s...........msvcrt.dll.KERNEL32.dll.NTDLL.DLL.VERSION.dll.ADVAPI32.dll.RPCRT4.dll...................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Paperback\highgui099.dll

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):397312
                                                                          Entropy (8bit):6.672405371278951
                                                                          Encrypted:false
                                                                          SSDEEP:12288:J+7gXTkVRt1dixRtVq2EjMS2E7ETstO/:JlTeRt1dSzd4MSUTsO/
                                                                          MD5:A354C42FCB37A50ECAD8DDE250F6119E
                                                                          SHA1:0EB4AD5E90D28A4A8553D82CEC53072279AF1961
                                                                          SHA-256:89DB6973F4EC5859792BCD8A50CD10DB6B847613F2CEA5ADEF740EEC141673B2
                                                                          SHA-512:981C82F6334961C54C80009B14A0C2CD48067BAF6D502560D508BE86F5185374A422609C7FDC9A2CDE9B98A7061EFAB7FD9B1F4F421436A9112833122BC35059
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r|..6...6...6......4......;......5....;..n......#...6..........."......7......7......7...Rich6...........PE..L.....YM...........!.........@......y........................................ .......r.............................. K..F....9..........d........................#..`...................................................D............................text............................... ..`.rdata..f...........................@..@.data...0r...`...p...`..............@....rsrc...d...........................@..@.reloc...$.......0..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Paperback\hmiii

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):35300037
                                                                          Entropy (8bit):7.993590761467468
                                                                          Encrypted:true
                                                                          SSDEEP:786432:2NLwr0sbzBDfAezQk/11vDF/8dM+O28ZsaPeB:cLwxfAI/11rF/8dM+O2AsKeB
                                                                          MD5:235A8E0CFA07382C10676DD727B1F99E
                                                                          SHA1:137097420D6D122759892322AFD720D3367D30F8
                                                                          SHA-256:2C75455C3C7869230734FDA328E267D0513928A990110E6902F9B6D6277CE17D
                                                                          SHA-512:E9474A2731D77A73B9F266AF71F967055008BFDDD2ACF361C7615AF1E21D361C80FCEAAD50DBB3854FE5AEC6DF4D04CD17D4EA0C54238FF9D83A0F7C010A2970
                                                                          Malicious:false
                                                                          Preview:.N.y_H.R.j..a.U.S.._G.....e.V....Nk...uXNuuUrPMmqL..y.bZ....Y.xA..^U.y.HJ.X....uM..T...Kq..Xu.P].k...V.`.V.c..d..i...nh....j...bKyK.........C..`.x..Q_n.nQg.]...Jb.A.o.I``.F.O....b..Xx..YW.Q.AZbY.Gv.C..RiEqwU........_D.....D.M.YY.rr.u.FA.klP....M..S...[.Bb...T[_.Ji..p..H.Ra.P.T.Hg.db..c....A....RuL....F.j\P..f.^TH.n..j.kt..wZU.STw\..o.D.J..r.O..Q......kF.l...mFH_oB.S..p.Iy....[h.b....qT.y..._r.AqX..[MO...F.a.[.AXF.L....M.w^...i.U..rB..OM\^Q....wet..x....p..i..C..m.C.Sr.Ij..ONGqH..^yRWW.XZUupgf.H.H...bI.nXb..Q.lQmb..H..D...YkwvLFk.H....DJn..^..okDLPM...SEh.JQvK.fb..T...Qs..Q^y[...q...s.u.P..U..O...nCk.D[tbU.vJ..kB......QuMmL.E..mw]..[W..CMr_V...Re...rYA..k...I..sExm_Rb.P.....r.Gw.O]hfCn`.tITTF.\.Ues......l]QF.v.e.[g...K....._Y^Rs.PD..x.w.eN^.oM..[...aO.eA.n..xb]...gN\j_F.by.b.....Q...C.ALrBx.o.F..SBM..yA.k..Fbo.E..WE.ah........wH...ADC......]c]u.v`.^....Y...b.t.M.n.nsowp.Q..k...jTg..]vH.\.w.M...m\..q.BL.Wi.D.....dPG.K...q.G...YqO..^....dnj.eb.Y.h..k.Y.L.ft..BIJ..DS...HdZE..QH[Q...D.....K

                                                                          C:\Users\user\AppData\Local\Paperback\qfu

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):14275
                                                                          Entropy (8bit):6.08130101423175
                                                                          Encrypted:false
                                                                          SSDEEP:384:1Fx82CSIr8kYHfbG79nLSOtK1PEwQCCoUTFXs23I2n:1FyL8T/bK9nLSOtQDdCoiNs23I2n
                                                                          MD5:EC8BFBC227327AD49E96A308FA6110E5
                                                                          SHA1:5490B9D4578D0360F3532FAE402CC0EF80A40B83
                                                                          SHA-256:8DBCF665222B55ED2C1630F79E7E2DDDB507291ED869529A8D4F300D6995AA94
                                                                          SHA-512:B80FA6A9695C05AE0A25BF6AB1BA7D76CB2DF4F09B1BE3A9B25B48DE1334B537B3C52EA2D9F6DB961F3E9BE421BB6794E122C9FC11A7E00A9B7ED28CAF067B76
                                                                          Malicious:false
                                                                          Preview:.\.r..nYG.]....B.B.T.MTm.....O.`...dY.g....fX..o.V..WM...b....jmPQ.A.rcB`T..wV...ry_.xg.]..Uakv..Dqk.y.QVA..N..N....^..daM]I.rZ.R..SvR...Fj`.._.q`.c.WQ._EL._.H...f^...r..t..f_\EX....P.C....cO..]w.yWr.K..^..Bbcx.._.L.t_BT.R..H.mU......xC....fn.q..uI.\A..MdI..gja[B.u..]......T.W.pchT.OqZk...u..F..Jf.QG.bA.Uf...[VY`yI.`b.MPnT..I..Yc.Y...y..............RHM....ae.T.arR...Z..dDT..q...\E..c.]E..GCT..J\c.KWxgpY.....M...um.Ws.T.f._.\..w.Yqnjho..c....EN.s.M.W...N.Muk..XV.._NY.T.b.H\...RDwY..fmV.l.._.tp.....kY..ABCmCQ[i...S....Kd..y...T..c\.JJ^l....a...r`RMs.s..q..P..^.]..ZE....t.rbM.G..n....WI......Q..K.......ky.cD\.jYmyVp.....]R.]YSXI..V.Y.Gh..Z[..HmN.XP...Ib..PNr..p.NFs..rm_.u...j..iX.T....X._.vp.......^...k.].U....F.X...Ir.....d.....kNqM..kQ._.K..L..f\m.K.\....^y.F[.iL..LcyF...GY...TID.a.Ty...[vc.ZGec..h.O.....[.._.y.A.`eR.wS....dP...dM.......s..CE..hh.T.\.tdF.d...g.D.....H...G.kVJ.clk.._..TwpH..a.s.........t.yJ.P.o[jlxH.t.E.E..MUJ....q.x_.`.r.i..y.\.....p.....W.........K...s...B..E.c..W.Or.`

                                                                          C:\Users\user\AppData\Local\Temp\4ff8844f

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):35813141
                                                                          Entropy (8bit):7.991334359446395
                                                                          Encrypted:true
                                                                          SSDEEP:786432:0HOcT2+0FBk4NTu4L8I1Opn4OfnQRPavy5J/2gqlmvqSzREX98dKO:0uo0jFNTTLvQ4eQh95rj9EX4
                                                                          MD5:3237470922899BDD5741ABC17FDD3EEB
                                                                          SHA1:7323FA314AE53C2B3BB4AA69F8575223EB07B25A
                                                                          SHA-256:4B46FD617621A4CB064BD4A2E5FBB33DBC4F5109A58D519712BBBBA0C2D07189
                                                                          SHA-512:B86B1316919FAE0ADCEF118F88CFB2FF8BF2A9012F9667AE22E7DB872B26F2E883C1DEB2F823F3E5D41FD575994EE216D25B0F2C197753028AAA1EA565177F61
                                                                          Malicious:false
                                                                          Preview:...^...^...^...^...^..^..^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^..(^..~...z...c7..A-..Z...@:..]...O,..c;..r...I,..]...O,..^^...^...^...^...^...^...^...^...^...^...^...^..g0..G?..T;...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^..m,..Z;..]*..M;...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^..g...|{..G=..]1......r...C;..\5...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...^...n...i...^...^...^...^...^...^...^...^...^...^...^

                                                                          C:\Users\user\AppData\Local\Temp\_MEI62042\VCRUNTIME140.dll

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe
                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):120400
                                                                          Entropy (8bit):6.6017475353076716
                                                                          Encrypted:false
                                                                          SSDEEP:1536:N9TXF5LLXQLlNycKW+D4SdqJk6aN1ACuyxLiyazYaCVoecbdhgOwAd+zfZ1zu:N9jelDoD9uyxLizzFzecbdPwA87S
                                                                          MD5:862F820C3251E4CA6FC0AC00E4092239
                                                                          SHA1:EF96D84B253041B090C243594F90938E9A487A9A
                                                                          SHA-256:36585912E5EAF83BA9FEA0631534F690CCDC2D7BA91537166FE53E56C221E153
                                                                          SHA-512:2F8A0F11BCCC3A8CB99637DEEDA0158240DF0885A230F38BB7F21257C659F05646C6B61E993F87E0877F6BA06B347DDD1FC45D5C44BC4E309EF75ED882B82E4E
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\=..\...\...\..S$...\...$...\...\..5\...\...\.....\.....\.....\.....\......\.....\..Rich.\..........PE..d.....x.........." ...).$...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............|..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\_MEI62042\_bz2.pyd

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):84240
                                                                          Entropy (8bit):6.607563436050078
                                                                          Encrypted:false
                                                                          SSDEEP:1536:Kdrz7l1EVLsSuvX3dUK4MLgqK7YEog8y5sV8lIJLVy7SyFB:urzcuvXvrEo7y6V8lIJLVyB
                                                                          MD5:CB8C06C8FA9E61E4AC5F22EEBF7F1D00
                                                                          SHA1:D8E0DFC8127749947B09F17C8848166BAC659F0D
                                                                          SHA-256:FC3B481684B926350057E263622A2A5335B149A0498A8D65C4F37E39DD90B640
                                                                          SHA-512:E6DA642B7200BFB78F939F7D8148581259BAA9A5EDDA282C621D14BA88083A9B9BD3D17B701E9CDE77AD1133C39BD93FC9D955BB620546BB4FCF45C68F1EC7D6
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!m..!m..!m..(.o.+m..1...#m..1..."m..1...%m..1...)m..1...,m..i..."m..j...#m..!m..|m..i...)m..i... m..i... m..i... m..Rich!m..........PE..d.....g.........." ...).....\......0........................................P......7[....`.............................................H...(........0....... .. ......../...@..........T...........................`...@...............x............................text............................... ..`.rdata...=.......>..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\_MEI62042\_ctypes.pyd

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):131344
                                                                          Entropy (8bit):6.311142284249784
                                                                          Encrypted:false
                                                                          SSDEEP:3072:3RF024DWkT/DKGkXY402iXnVJf/FO50XnekZ39gPhvEQZIJyPArm:j0nHT/DKFXZorf/FO50uW3SEQt
                                                                          MD5:A55E57D7594303C89B5F7A1D1D6F2B67
                                                                          SHA1:904A9304A07716497CF3E4EAAFD82715874C94F1
                                                                          SHA-256:F63C6C7E71C342084D8F1A108786CA6975A52CEFEF8BE32CC2589E6E2FE060C8
                                                                          SHA-512:FFA61AD2A408A831B5D86B201814256C172E764C9C1DBE0BD81A2E204E9E8117C66F5DFA56BB7D74275D23154C0ED8E10D4AE8A0D0564434E9761D754F1997FC
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~..............q...............................................q.......q......!u.............................................Rich....................PE..d.....g.........." ...).............h....................................... .......Z....`.........................................P.................................../...........=..T............................;..@............0...............................text............................... ..`.rdata...y...0...z..................@..@.data....$....... ..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\_MEI62042\_decimal.pyd

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):277776
                                                                          Entropy (8bit):6.5855511991551
                                                                          Encrypted:false
                                                                          SSDEEP:6144:x9iD78EIq4x4OA5bZZ0KDgQcI79qWM53pLW1AFR8E4wXw76TPlpV77777VMvyk:xwDGqr5b8EgQ5+w6k
                                                                          MD5:F3377F3DE29579140E2BBAEEFD334D4F
                                                                          SHA1:B3076C564DBDFD4CA1B7CC76F36448B0088E2341
                                                                          SHA-256:B715D1C18E9A9C1531F21C02003B4C6726742D1A2441A1893BC3D79D7BB50E91
                                                                          SHA-512:34D9591590BBA20613691A5287EF329E5927A58127CE399088B4D68A178E3AF67159A8FC55B4FCDCB08AE094753B20DEC2AC3F0B3011481E4ED6F37445CECDD5
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j2U..\...\...\..s....\..]...\.._...\..X...\..Y...\...]...\..s]...\...].z.\..._...\...Q...\...\...\.......\...^...\.Rich..\.........................PE..d......g.........." ...).....Z...............................................P......W.....`.................................................L........0..........t+......./...@..........T...............................@............... ............................text.............................. ..`.rdata..\...........................@..@.data...8'......."..................@....pdata..t+.......,..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\_MEI62042\_hashlib.pyd

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):64272
                                                                          Entropy (8bit):6.220967684620152
                                                                          Encrypted:false
                                                                          SSDEEP:768:eNJI0DWiflFwY9X3Th1JnptE462TxNvdbj4dIJvI75YiSyvE62Em:2LDxflFwY9XDhPfVNv+dIJvIF7Syc6c
                                                                          MD5:32D76C9ABD65A5D2671AEEDE189BC290
                                                                          SHA1:0D4440C9652B92B40BB92C20F3474F14E34F8D62
                                                                          SHA-256:838D5C8B7C3212C8429BAF612623ABBBC20A9023EEC41E34E5461B76A285B86C
                                                                          SHA-512:49DC391F4E63F4FF7D65D6FD837332745CC114A334FD61A7B6AA6F710B235339964B855422233FAC4510CCB9A6959896EFE880AB24A56261F78B2A0FD5860CD9
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W.A.6...6...6...N%..6.......6.......6.......6.......6.......6...N...6.......6...6..26.......6.......6....I..6.......6..Rich.6..........PE..d......g.........." ...).P...~.......=..............................................!.....`.........................................p...P................................/......X....l..T............................k..@............`...............................text....N.......P.................. ..`.rdata...M...`...N...T..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\_MEI62042\_lzma.pyd

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):157968
                                                                          Entropy (8bit):6.854644275249963
                                                                          Encrypted:false
                                                                          SSDEEP:3072:KbbS4R/G4Z8r7NjwJTSUqCRY4By7znfB9mNowgn0lCelIJ012+j:KbR/8oWeBi5YOwflCe8o
                                                                          MD5:1BA022D42024A655CF289544AE461FB8
                                                                          SHA1:9772A31083223ECF66751FF3851D2E3303A0764C
                                                                          SHA-256:D080EABD015A3569813A220FD4EA74DFF34ED2A8519A10473EB37E22B1118A06
                                                                          SHA-512:2B888A2D7467E29968C6BB65AF40D4B5E80722FFDDA760AD74C912F3A2F315D402F3C099FDE82F00F41DE6C9FAAEDB23A643337EB8821E594C567506E3464C62
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V.,.V.,.V.,...,.V.,..-.V.,..-.V.,..-.V.,..-.V.,..-.V.,...-.V.,.V.,.V.,..-.V.,..-.V.,..u,.V.,..-.V.,Rich.V.,................PE..d......g.........." ...).`...........1.......................................p.......P....`.............................................L.......x....P.......0.......:.../...`..4....|..T...........................P{..@............p...............................text...^^.......`.................. ..`.rdata.......p.......d..............@..@.data........ ......................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..4....`.......8..............@..B........................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\_MEI62042\_socket.pyd

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):83728
                                                                          Entropy (8bit):6.331814573029388
                                                                          Encrypted:false
                                                                          SSDEEP:1536:XuV3gvWHQdMq3ORC/OypTXQlyJ+9+nzEYwsBI6tzOKuZIJywJ7Sy21:XuVQvcQTSypTXQlyJs+nzEYJI6QlZIJY
                                                                          MD5:FE896371430BD9551717EF12A3E7E818
                                                                          SHA1:E2A7716E9CE840E53E8FC79D50A77F40B353C954
                                                                          SHA-256:35246B04C6C7001CA448554246445A845CE116814A29B18B617EA38752E4659B
                                                                          SHA-512:67ECD9A07DF0A07EDD010F7E3732F3D829F482D67869D6BCE0C9A61C24C0FDC5FF4F4E4780B9211062A6371945121D8883BA2E9E2CF8EB07B628547312DFE4C9
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............ll}.ll}.ll}...}.ll}..m|.ll}..o|.ll}..h|.ll}..i|.ll}..m|.ll}.lm}.ll}..m|.ll}..a|.ll}..l|.ll}..}.ll}..n|.ll}Rich.ll}........PE..d.....g.........." ...).x.......... -.......................................`.......s....`.........................................@...P............@.......0.........../...P..........T...........................@...@............................................text....w.......x.................. ..`.rdata.. y.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\_MEI62042\base_library.zip

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe
                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                          Category:dropped
                                                                          Size (bytes):1394456
                                                                          Entropy (8bit):5.531698507573688
                                                                          Encrypted:false
                                                                          SSDEEP:12288:IW7WpLV6yNLeGQbVz3YQfiBgDPtLwjFx278e6ZQnHS91lqyL+DXUgnxOr+dx5/GO:B7WpLtHa9BHSHAW+dx5/GP05vddD
                                                                          MD5:A9CBD0455B46C7D14194D1F18CA8719E
                                                                          SHA1:E1B0C30BCCD9583949C247854F617AC8A14CBAC7
                                                                          SHA-256:DF6C19637D239BFEDC8CD13D20E0938C65E8FDF340622FF334DB533F2D30FA19
                                                                          SHA-512:B92468E71490A8800E51410DF7068DD8099E78C79A95666ECF274A9E9206359F049490B8F60B96081FAFD872EC717E67020364BCFA972F26F0D77A959637E528
                                                                          Malicious:false
                                                                          Preview:PK..........!..b.e............_collections_abc.pyc......................................\.....S.r.S.S.K.J.r.J.r. .S.S.K.r.\.".\.\.....5.......r.\.".S.5.......r.S...r.\.".\.5.......r.C./.S.Q.r.S.r.\.".\.".S.5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".0.R%..................5.......5.......5.......r.\.".\.".0.R)..................5.......5.......5.......r.\.".\.".0.R-..................5.......5.......5.......r.\.".\."./.5.......5.......r.\.".\.".\."./.5.......5.......5.......r.\.".\.".\.".S.5.......5.......5.......r.\.".\.".\.".S.S.-...5.......5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".S.5.......5.......r \.".\.".S.5.......5.......r!\.".\.".\"".5.......5.......5.......r#\.".0.R%..................5.......5.......r$\.".0.R)..................5.......5.......r%\.".0.R-..................5.......5.......r&\.".\.RN..................5.......r(S...r)\)".5.......r*C)\.".S...".5.......5.......r+S...r,\,".5.......r,\.".\,5.......r-\,R]..................5.......

                                                                          C:\Users\user\AppData\Local\Temp\_MEI62042\libcrypto-3.dll

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):5232408
                                                                          Entropy (8bit):5.940072183736028
                                                                          Encrypted:false
                                                                          SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                                          MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                                          SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                                          SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                                          SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\_MEI62042\libffi-8.dll

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):39696
                                                                          Entropy (8bit):6.641880464695502
                                                                          Encrypted:false
                                                                          SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                          MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                          SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                          SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                          SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\_MEI62042\python313.dll

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):6083856
                                                                          Entropy (8bit):6.126922729922386
                                                                          Encrypted:false
                                                                          SSDEEP:49152:fXGc3O7T4DKX+vLFMmKYxiAYNBD987KdJlI9HbeX2jrgQcw6Zc4h67mM+XDQ3bLi:Of42zJiwJl/YF7v3vaHDMiEN3Kr
                                                                          MD5:B9DE917B925DD246B709BB4233777EFD
                                                                          SHA1:775F258D8B530C6EA9F0DD3D1D0B61C1948C25D2
                                                                          SHA-256:0C0A66505093B6A4BB3475F716BD3D9552095776F6A124709C13B3F9552C7D99
                                                                          SHA-512:F4BF3398F50FDD3AB7E3F02C1F940B4C8B5650ED7AF16C626CCD1B934053BA73A35F96DA03B349C1EB614BB23E0BC6B5CC58B07B7553A5C93C6D23124F324A33
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s]{v ]{v ]{v M.w!_{v M.. S{v M.u!Y{v M.r!U{v M.s!P{v T.. G{v ..w!V{v ]{w .zv ..{!.{v ..v!\{v ... \{v ..t!\{v Rich]{v ........................PE..d......g.........." ...).:+..T9......J........................................d.....uF]...`...........................................O.....h.P.......d......0].......\../....d..... A3.T.....................I.(....?3.@............P+..............................text....8+......:+................. ..`.rdata....%..P+...%..>+.............@..@.data...$9....P..N....P.............@....pdata.......0]...... U.............@..@PyRuntim.N...._..P....W.............@....rsrc.........d.......[.............@..@.reloc........d.......[.............@..B........................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\_MEI62042\select.pyd

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):30992
                                                                          Entropy (8bit):6.554484610649281
                                                                          Encrypted:false
                                                                          SSDEEP:384:7hhxm9tKLhuoNHfzzlvFy0ZZIJ9GckHQIYiSy1pCQ4HWSJIVE8E9VF0Ny6sC:tCytHf98uZIJ9Gx5YiSyvy2ES
                                                                          MD5:20831703486869B470006941B4D996F2
                                                                          SHA1:28851DFD43706542CD3EF1B88B5E2749562DFEE0
                                                                          SHA-256:78E5994C29D8851F28B5B12D59D742D876683AEA58ECEEA1FB895B2036CDCDEB
                                                                          SHA-512:4AAF5D66D2B73F939B9A91E7EDDFEB2CE2476C625586EF227B312230414C064AA850B02A4028363AA4664408C9510594754530A6D026A0A84BE0168D677C1BC4
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........tV..'V..'V..'_.j'T..'F:.&T..'F:.&R..'F:.&^..'F:.&Z..'.;.&T..'V..'...'...&S..'.;.&W..'.;.&W..'.;.'W..'.;.&W..'RichV..'................PE..d.....g.........." ...).....2............................................................`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...p....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\_MEI62042\unicodedata.pyd

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):709904
                                                                          Entropy (8bit):5.861739047785334
                                                                          Encrypted:false
                                                                          SSDEEP:12288:FYGdLI/X77mvfldCKGihH32W3cnPSqrUgLIe:FYGW7qNxr3cnPXLIe
                                                                          MD5:0902D299A2A487A7B0C2D75862B13640
                                                                          SHA1:04BCBD5A11861A03A0D323A8050A677C3A88BE13
                                                                          SHA-256:2693C7EE4FBA55DC548F641C0CB94485D0E18596FFEF16541BD43A5104C28B20
                                                                          SHA-512:8CBEF5A9F2D24DA1014F8F1CCBDDD997A084A0B04DD56BCB6AC38DDB636D05EF7E4EA7F67A085363AAD3F43D45413914E55BDEF14A662E80BE955E6DFC2FECA3
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q.............(.....(.....(.....(.....)................).....).....)x....)....Rich..................PE..d.....g.........." ...).B...f......P,..............................................<.....`.........................................P...X................................/..........p...T...........................0...@............`..h............................text....@.......B.................. ..`.rdata...?...`...@...F..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\uxmnjbxxdjlw

                                                                          Download File
                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):458752
                                                                          Entropy (8bit):6.412638738767716
                                                                          Encrypted:false
                                                                          SSDEEP:12288:1O7k28xC7HMDVBjfbL5S6IZ7OGQN/RutyU3ivG/2t9E:+OS6IZ7QN/R8yoaG/y2
                                                                          MD5:64D2E7150CB3DBCD7DC367905EF1C18B
                                                                          SHA1:2446B191712515E4B4B20F92401BA1F8DFB37003
                                                                          SHA-256:D5B59F1AC0B0C17CEF1785D96E565F1E079C24EE56A24E0A206757589DA611C8
                                                                          SHA-512:C1BD44E9DEBD8639306703815A5A4C9951FAD9022623451D2BA4F72FD73C6B1C95273207A211B9CDF3C097AFF0324FE6414B8D39681DE37CA984A6995061AAF7
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: Avira, Detection: 100%
                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                          • Antivirus: ReversingLabs, Detection: 47%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........z...)...)...)...(...)...(...)...(...)...(...)...(...)...(...)...(...)...)..)...)...).9.(...).9.)...).9.(...)Rich...)........................PE..L....5.X.................|...f....................@..........................@............@..................................y..(................................"..@n...............................m..@............................................text...C{.......|.................. ..`.textbss.................................rdata..............................@..@.data....;.......2...p..............@....rsrc...............................@..@.reloc...".......$..................@..Bwpbdfg...0.......$..................@...........................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Updateultra_4\CrashRpt.dll

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Paperback\ManyCam.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):123976
                                                                          Entropy (8bit):6.382577198291231
                                                                          Encrypted:false
                                                                          SSDEEP:3072:fzjKVg7GOfS5SqPcCXA4SQlah+8Z4OAAHWTtopW+Z:fzjKVg7GOESqPcCXxT8hhZ4OAAHW2Wa
                                                                          MD5:B2D1F5E4A1F0E8D85F0A8AEB7B8148C7
                                                                          SHA1:871078213FCC0CE143F518BD69CAA3156B385415
                                                                          SHA-256:C28E0AEC124902E948C554436C0EBBEBBA9FC91C906CE2CD887FADA0C64E3386
                                                                          SHA-512:1F6D97E02CD684CF4F4554B0E819196BD2811E19B964A680332268BCBB6DEE0E17B2B35B6E66F0FE5622DFFB0A734F39F8E49637A38E4FE7F10D3B5182B30260
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................W.....U.....U.............U.......U.......U.....U.....U....Rich....................PE..L.....M...........!................'........ ......................................Gb..............................P........t..........d%..............H...........`$..............................0W..@............ ...............................text...8........................... ..`.rdata../l... ...n..................@..@.data...t...........................@....rsrc...d%.......&..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exe
                                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):34622092
                                                                          Entropy (8bit):7.9745493825835485
                                                                          Encrypted:false
                                                                          SSDEEP:786432:2xZDp0VT7qQclR8nsXgA5cAol0hDj71FXMb83H/4i:OOPCR8nsFOWl1Fc+
                                                                          MD5:EC365EBEE931D7E4F59FFBE5099E0BAF
                                                                          SHA1:86424ABC0C395AFCA7C286B907B32415B6F19AD3
                                                                          SHA-256:5529466C803325AB176C36082F999562FC1607BA5D2AA518F556D675885DB248
                                                                          SHA-512:D11CE7656030929DE2E198A34B5C0552F65BB8C358C37BA8BEC6C0E7E394F8197AA8D4EDC91A6207FCB049120CA7EE7949F976D4578DAE875F8BD869EA6FA222
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......n=..*\.Z*\.Z*\.Za$.[-\.Za$.[.\.Za$.[ \.Z:..Z)\.Z:..[#\.Z:..[;\.Z:..[.\.Za$.[!\.Z*\.Z.\.Zb..[3\.Zb..[+\.ZRich*\.Z........PE..d...../g.........."....).....^.................@....................................N.....`.................................................\...x....p.......@..P"...........p..d...................................@...@............................................text............................... ..`.rdata..P*.......,..................@..@.data....S..........................@....pdata..P"...@...$..................@..@.rsrc........p......................@..@.reloc..d....p......................@..B........................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exe

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Paperback\ManyCam.exe
                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1756232
                                                                          Entropy (8bit):6.047140524753333
                                                                          Encrypted:false
                                                                          SSDEEP:49152:wlkcF8MnJ6tdGeHzpNTxlSvQynZAWBM2FU+SrzcBsWLZF5:wlf8MnJ6tdGeHzpNTxlSvfnOWC6U5Ed5
                                                                          MD5:BA699791249C311883BAA8CE3432703B
                                                                          SHA1:F8734601F9397CB5EBB8872AF03F5B0639C2EAC6
                                                                          SHA-256:7C4EB51A737A81C163F95B50EC54518B82FCF91389D0560E855F3E26CEC07282
                                                                          SHA-512:6A0386424C61FBF525625EBE53BB2193ACCD51C2BE9A2527FD567D0A6E112B0D1A047D8F7266D706B726E9C41EA77496E1EDE186A5E59F5311EEEA829A302325
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3...R..R..R..f]..R..2...R....R....R....R....R..R..Q.....R....R....R..Rich.R..........................PE..L...e..M............................|B............@.................................f.........P......................................@..................H............................................d..@............................................text...b........................... ..`.rdata..B...........................@..@.data........P.......P..............@....rsrc........@......................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Updateultra_4\cv099.dll

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Paperback\ManyCam.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):679936
                                                                          Entropy (8bit):6.674616014554414
                                                                          Encrypted:false
                                                                          SSDEEP:12288:dHxL34kbwAQR5+ERTJGZfnpyvhZFjtJbPbwQjtX5ooVyPMDFdqvGHjucsEUNwm/7:dzbwAQR57RJGoxjP7/2+HINwwb
                                                                          MD5:2A8B33FEE2F84490D52A3A7C75254971
                                                                          SHA1:16CE2B1632A17949B92CE32A6211296FEE431DCA
                                                                          SHA-256:FAFF6A0745E1720413A028F77583FFF013C3F4682756DC717A0549F1BE3FEFC2
                                                                          SHA-512:8DAF104582547D6B3A6D8698836E279D88AD9A870E9FDD66C319ECADA3757A3997F411976461ED30A5D24436BAA7504355B49D4ACEC2F7CDFE10E1E392E0F7FB
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.IO.q'..q'..q'...Y..q'.:.J..q'.:.Z..q'.:.\..q'..q&..q'.:.I.#q'.:.]..q'.:.[..q'.:._..q'.Rich.q'.........PE..L.....YM...........!.........p..........................................................................................a+......P.......,.......................T9..P...................................@...............,............................text............................... ..`.rdata..............................@..@.data...........0..................@....rsrc...,...........................@..@.reloc...:.......@... ..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Updateultra_4\cxcore099.dll

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Paperback\ManyCam.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):929792
                                                                          Entropy (8bit):6.883334633428464
                                                                          Encrypted:false
                                                                          SSDEEP:24576:/NzLaQGpXDCfZCgs1ruSteHz3+AbEOyIrbayyw:qmsgUeTOIrbD
                                                                          MD5:304C82D6E1C56029D632A4AE65AE12A2
                                                                          SHA1:1A6C172722502275ACE0B973338E2DCB430BFB6B
                                                                          SHA-256:ED60D9A155D2EEFDF44E0BB4C68E7C809EB46735636AA40E33F429D1B8FF0556
                                                                          SHA-512:6FB92ED569A4032A04FE633709906AD66E99D611502EA86ACE64A6F5B5E64155B9AFD4DC2539B1667A1D54A74567110893C1E4C4B535B214782D415F77AB307D
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................&......&......&............&......&......&......&.....Rich...........PE..L...w.YM...........!......... .......................................................d..................................b(......d....@..4....................P...e......................................@...............H............................text............................... ..`.rdata..b/.......0..................@..@.data........@...p...@..............@....rsrc...4....@......................@..@.reloc...g...P...p..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Updateultra_4\cximagecrt.dll

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Paperback\ManyCam.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):498760
                                                                          Entropy (8bit):6.674124910838454
                                                                          Encrypted:false
                                                                          SSDEEP:12288:fJaqPgrHZx0Cxn0P5ASCH8aH6IAC+tITsQ8p:fkqPgr5x0Cxn0P5ASCH8aaIACDTx8p
                                                                          MD5:C36F6E088C6457A43ADB7EDCD17803F3
                                                                          SHA1:B25B9FB4C10B8421C8762C7E7B3747113D5702DE
                                                                          SHA-256:8E1243454A29998CC7DC89CAECFADC0D29E00E5776A8B5777633238B8CD66F72
                                                                          SHA-512:87CAD4C3059BD7DE02338922CF14E515AF5CAD663D473B19DD66A4C8BEFC8BCE61C9C2B5A14671BC71951FDFF345E4CA7A799250D622E2C9236EC03D74D4FE4E
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B2/..SA[.SA[.SA[..?[.SA[!.<[.SA[!.:[.SA[.S@[.SA[!.,[ISA[!./["SA[!.;[.SA[!.9[.SA[Rich.SA[................PE..L......M...........!.........`......]........ ......................................a!..................................#U..t...x....@..................H....P... ..p"..............................@...@............ ..X............................text............................... ..`.rdata....... ....... ..............@..@.data...<....0.......0..............@....rsrc........@.......@..............@..@.reloc..n!...P...0...P..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Updateultra_4\dbghelp.dll

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Paperback\ManyCam.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):489984
                                                                          Entropy (8bit):6.620591640062086
                                                                          Encrypted:false
                                                                          SSDEEP:6144:p3KP8f7yHkluOutwm5ZNetC5IlhhMUyFWgQK7x5Iz4JxRRAuUzT/9cl84S683WbX:psX5ZNG2y1ycw5IGxRwVc6683WbXn
                                                                          MD5:E458D88C71990F545EF941CD16080BAD
                                                                          SHA1:CD24CCEC2493B64904CF3C139CD8D58D28D5993B
                                                                          SHA-256:5EC121730240548A85B7EF1F7E30D5FDBEE153BB20DD92C2D44BF37395294EC0
                                                                          SHA-512:B1755E3DB10B1D12D6EAFFD1D91F5CA5E0F9F8AE1350675BC44AE7A4AF4A48090A9828A8ACBBC69C5813EAC23E02576478113821CB2E04B6288E422F923B446F
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$..`..`..`.....I.....b..`........k......g.....p.....a......a.....w.....a..Rich`..........PE..L.....m=...........!................5l............Qm................................................................0.......$...x....P.......................`...K..@................................................................................text............................... ..`.data...,@.......*..................@....rsrc........P......................@..@.reloc...e...`...f..................@..B..m=8...(.m=C...(.m=P.......Z...(.m=f...).m=s...........msvcrt.dll.KERNEL32.dll.NTDLL.DLL.VERSION.dll.ADVAPI32.dll.RPCRT4.dll...................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Updateultra_4\highgui099.dll

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Paperback\ManyCam.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):397312
                                                                          Entropy (8bit):6.672405371278951
                                                                          Encrypted:false
                                                                          SSDEEP:12288:J+7gXTkVRt1dixRtVq2EjMS2E7ETstO/:JlTeRt1dSzd4MSUTsO/
                                                                          MD5:A354C42FCB37A50ECAD8DDE250F6119E
                                                                          SHA1:0EB4AD5E90D28A4A8553D82CEC53072279AF1961
                                                                          SHA-256:89DB6973F4EC5859792BCD8A50CD10DB6B847613F2CEA5ADEF740EEC141673B2
                                                                          SHA-512:981C82F6334961C54C80009B14A0C2CD48067BAF6D502560D508BE86F5185374A422609C7FDC9A2CDE9B98A7061EFAB7FD9B1F4F421436A9112833122BC35059
                                                                          Malicious:true
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r|..6...6...6......4......;......5....;..n......#...6..........."......7......7......7...Rich6...........PE..L.....YM...........!.........@......y........................................ .......r.............................. K..F....9..........d........................#..`...................................................D............................text............................... ..`.rdata..f...........................@..@.data...0r...`...p...`..............@....rsrc...d...........................@..@.reloc...$.......0..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Updateultra_4\hmiii

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Paperback\ManyCam.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):35300037
                                                                          Entropy (8bit):7.993590761467468
                                                                          Encrypted:true
                                                                          SSDEEP:786432:2NLwr0sbzBDfAezQk/11vDF/8dM+O28ZsaPeB:cLwxfAI/11rF/8dM+O2AsKeB
                                                                          MD5:235A8E0CFA07382C10676DD727B1F99E
                                                                          SHA1:137097420D6D122759892322AFD720D3367D30F8
                                                                          SHA-256:2C75455C3C7869230734FDA328E267D0513928A990110E6902F9B6D6277CE17D
                                                                          SHA-512:E9474A2731D77A73B9F266AF71F967055008BFDDD2ACF361C7615AF1E21D361C80FCEAAD50DBB3854FE5AEC6DF4D04CD17D4EA0C54238FF9D83A0F7C010A2970
                                                                          Malicious:false
                                                                          Preview:.N.y_H.R.j..a.U.S.._G.....e.V....Nk...uXNuuUrPMmqL..y.bZ....Y.xA..^U.y.HJ.X....uM..T...Kq..Xu.P].k...V.`.V.c..d..i...nh....j...bKyK.........C..`.x..Q_n.nQg.]...Jb.A.o.I``.F.O....b..Xx..YW.Q.AZbY.Gv.C..RiEqwU........_D.....D.M.YY.rr.u.FA.klP....M..S...[.Bb...T[_.Ji..p..H.Ra.P.T.Hg.db..c....A....RuL....F.j\P..f.^TH.n..j.kt..wZU.STw\..o.D.J..r.O..Q......kF.l...mFH_oB.S..p.Iy....[h.b....qT.y..._r.AqX..[MO...F.a.[.AXF.L....M.w^...i.U..rB..OM\^Q....wet..x....p..i..C..m.C.Sr.Ij..ONGqH..^yRWW.XZUupgf.H.H...bI.nXb..Q.lQmb..H..D...YkwvLFk.H....DJn..^..okDLPM...SEh.JQvK.fb..T...Qs..Q^y[...q...s.u.P..U..O...nCk.D[tbU.vJ..kB......QuMmL.E..mw]..[W..CMr_V...Re...rYA..k...I..sExm_Rb.P.....r.Gw.O]hfCn`.tITTF.\.Ues......l]QF.v.e.[g...K....._Y^Rs.PD..x.w.eN^.oM..[...aO.eA.n..xb]...gN\j_F.by.b.....Q...C.ALrBx.o.F..SBM..yA.k..Fbo.E..WE.ah........wH...ADC......]c]u.v`.^....Y...b.t.M.n.nsowp.Q..k...jTg..]vH.\.w.M...m\..q.BL.Wi.D.....dPG.K...q.G...YqO..^....dnj.eb.Y.h..k.Y.L.ft..BIJ..DS...HdZE..QH[Q...D.....K

                                                                          C:\Users\user\AppData\Roaming\Updateultra_4\qfu

                                                                          Download File
                                                                          Process:C:\Users\user\AppData\Local\Paperback\ManyCam.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):14275
                                                                          Entropy (8bit):6.08130101423175
                                                                          Encrypted:false
                                                                          SSDEEP:384:1Fx82CSIr8kYHfbG79nLSOtK1PEwQCCoUTFXs23I2n:1FyL8T/bK9nLSOtQDdCoiNs23I2n
                                                                          MD5:EC8BFBC227327AD49E96A308FA6110E5
                                                                          SHA1:5490B9D4578D0360F3532FAE402CC0EF80A40B83
                                                                          SHA-256:8DBCF665222B55ED2C1630F79E7E2DDDB507291ED869529A8D4F300D6995AA94
                                                                          SHA-512:B80FA6A9695C05AE0A25BF6AB1BA7D76CB2DF4F09B1BE3A9B25B48DE1334B537B3C52EA2D9F6DB961F3E9BE421BB6794E122C9FC11A7E00A9B7ED28CAF067B76
                                                                          Malicious:false
                                                                          Preview:.\.r..nYG.]....B.B.T.MTm.....O.`...dY.g....fX..o.V..WM...b....jmPQ.A.rcB`T..wV...ry_.xg.]..Uakv..Dqk.y.QVA..N..N....^..daM]I.rZ.R..SvR...Fj`.._.q`.c.WQ._EL._.H...f^...r..t..f_\EX....P.C....cO..]w.yWr.K..^..Bbcx.._.L.t_BT.R..H.mU......xC....fn.q..uI.\A..MdI..gja[B.u..]......T.W.pchT.OqZk...u..F..Jf.QG.bA.Uf...[VY`yI.`b.MPnT..I..Yc.Y...y..............RHM....ae.T.arR...Z..dDT..q...\E..c.]E..GCT..J\c.KWxgpY.....M...um.Ws.T.f._.\..w.Yqnjho..c....EN.s.M.W...N.Muk..XV.._NY.T.b.H\...RDwY..fmV.l.._.tp.....kY..ABCmCQ[i...S....Kd..y...T..c\.JJ^l....a...r`RMs.s..q..P..^.]..ZE....t.rbM.G..n....WI......Q..K.......ky.cD\.jYmyVp.....]R.]YSXI..V.Y.Gh..Z[..HmN.XP...Ib..PNr..p.NFs..rm_.u...j..iX.T....X._.vp.......^...k.].U....F.X...Ir.....d.....kNqM..kQ._.K..L..f\m.K.\....^y.F[.iL..LcyF...GY...TID.a.Ty...[vc.ZGec..h.O.....[.._.y.A.`eR.wS....dP...dM.......s..CE..hh.T.\.tdF.d...g.D.....H...G.kVJ.clk.._..TwpH..a.s.........t.yJ.P.o[jlxH.t.E.E..MUJ....q.x_.`.r.i..y.\.....p.....W.........K...s...B..E.c..W.Or.`

                                                                          C:\Windows\Installer\508d08.msi

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Dollop, Author: Badge Glove, Keywords: Installer, Comments: This installer database contains the logic and data required to install Dollop., Template: Intel;1033, Revision Number: {4AFBC8A4-8A74-43B1-94FA-C9401DB1B574}, Create Time/Date: Fri Nov 22 22:43:30 2024, Last Saved Time/Date: Fri Nov 22 22:43:30 2024, Number of Pages: 500, Number of Words: 10, Name of Creating Application: WiX Toolset (4.0.0.0), Security: 2
                                                                          Category:dropped
                                                                          Size (bytes):36790272
                                                                          Entropy (8bit):7.99948825667642
                                                                          Encrypted:true
                                                                          SSDEEP:786432:cSiMGixH0zs+RFAsCOLTXbr071UEesdqDc+fEv6vh:3b/HGs+KoTXbrE1WLMIh
                                                                          MD5:8F6E7E5F41552FDEEF42A6DA33EBAF48
                                                                          SHA1:C471D1FBA01849AA37BD587613246F1B6C0BB62E
                                                                          SHA-256:5C1917C63FC09983D5F31CB7278122405F28364B93956A96CF635E52F7381F2A
                                                                          SHA-512:8AE02C85DD8A04C0A4DF37D984B6204DD07F52BDDDC4C0746FF030AE4F5A1E4F25E3F461B620CAC2094084A8CD8BEE3F2C1660EBDEE40DE47106DE756202C0CF
                                                                          Malicious:false
                                                                          Preview:......................>.................................................................................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Installer\508d0a.msi

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Dollop, Author: Badge Glove, Keywords: Installer, Comments: This installer database contains the logic and data required to install Dollop., Template: Intel;1033, Revision Number: {4AFBC8A4-8A74-43B1-94FA-C9401DB1B574}, Create Time/Date: Fri Nov 22 22:43:30 2024, Last Saved Time/Date: Fri Nov 22 22:43:30 2024, Number of Pages: 500, Number of Words: 10, Name of Creating Application: WiX Toolset (4.0.0.0), Security: 2
                                                                          Category:dropped
                                                                          Size (bytes):36790272
                                                                          Entropy (8bit):7.99948825667642
                                                                          Encrypted:true
                                                                          SSDEEP:786432:cSiMGixH0zs+RFAsCOLTXbr071UEesdqDc+fEv6vh:3b/HGs+KoTXbrE1WLMIh
                                                                          MD5:8F6E7E5F41552FDEEF42A6DA33EBAF48
                                                                          SHA1:C471D1FBA01849AA37BD587613246F1B6C0BB62E
                                                                          SHA-256:5C1917C63FC09983D5F31CB7278122405F28364B93956A96CF635E52F7381F2A
                                                                          SHA-512:8AE02C85DD8A04C0A4DF37D984B6204DD07F52BDDDC4C0746FF030AE4F5A1E4F25E3F461B620CAC2094084A8CD8BEE3F2C1660EBDEE40DE47106DE756202C0CF
                                                                          Malicious:false
                                                                          Preview:......................>.................................................................................... ..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Installer\MSI91DA.tmp

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):3706
                                                                          Entropy (8bit):5.579948006389024
                                                                          Encrypted:false
                                                                          SSDEEP:96:lYLz/1oTxQ5mqFqKWuLQK6B+Ek4OB9E43wlwsceYwmBF2OnBe6Vt9+kYNEPXhl:lYX/OxQ5mqFqKnLQK9EkzB9E43wlwsdK
                                                                          MD5:4B352B4C09BB978841C6D6E155FE1DCD
                                                                          SHA1:542943F85EABFA7A28FEF5242C3227403468B872
                                                                          SHA-256:D408484ECB9341265557047CFA708723DC66E447FF7D068CC4CF0C1A4218800B
                                                                          SHA-512:DA301DA3EDE8774F7220B87B41706A34854710140A898EF8C7A6E19FFBD52B5FDDCC228D11D6D9D207396E84B27F1A4337E485CFC55C7180167859FF42CD499B
                                                                          Malicious:false
                                                                          Preview:...@IXOS.@.....@.IyY.@.....@.....@.....@.....@.....@......&.{8FDAC961-4331-4F87-AE19-F0EC94E6C651}..Dollop..5gzbR4Yqta.msi.@.....@.....@.....@........&.{4AFBC8A4-8A74-43B1-94FA-C9401DB1B574}.....@.....@.....@.....@.......@.....@.....@.......@......Dollop......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{5FBFA771-A56F-5BBA-97E6-AE549513CEC3}6.C:\Users\user\AppData\Local\Paperback\CrashRpt.dll.@.......@.....@.....@......&.{64497C92-0CBA-56A8-ABE9-84FBB606A4C1}3.C:\Users\user\AppData\Local\Paperback\cv099.dll.@.......@.....@.....@......&.{C744855E-6043-5234-B976-99FC308C9F9A}7.C:\Users\user\AppData\Local\Paperback\cxcore099.dll.@.......@.....@.....@......&.{75043D25-E07C-5D72-A242-74304A9551BC}8.C:\Users\user\AppData\Local\Paperback\cximagecrt.dll.@.......@.....@.....@......&.{D203F763-49AD-52E8-92EE-82D3ED45B042}5.C:\Users\user\AppD

                                                                          C:\Windows\Installer\SourceHash{8FDAC961-4331-4F87-AE19-F0EC94E6C651}

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):1.1639259562395903
                                                                          Encrypted:false
                                                                          SSDEEP:12:JSbX72FjUAGiLIlHVRpZh/7777777777777777777777777vDHFs7WAvit/l0i8Q:J6QI5t0WhiF
                                                                          MD5:0F1BC5E56D3C9DA0F034A7F3A8024D17
                                                                          SHA1:0E423D10BC112FF431CDA1FAAAFBECE203D41D91
                                                                          SHA-256:B76BF156C88F281C7604ED24A200DB5BABA2A9CCCE94D75260B6099546D4F0CB
                                                                          SHA-512:19D4629E3E5D68ACBD177E8504E18CFCFCF8FB7ABB2953C8484D6EA0CA1DC904F2E8F9629687E56B7C747CF61019DB622C435A2BF0B923C309B35E8DB479ECF9
                                                                          Malicious:false
                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):1.4767050315688748
                                                                          Encrypted:false
                                                                          SSDEEP:48:vh8PhMuRc06WXJSnT533+US5Tbrk+USIVfdiqj:UhM1JnTZuUQUxdD
                                                                          MD5:ADB0B363A72F7ECC37F0F128D276D5FE
                                                                          SHA1:8B6BD8B325682C89303E711C93DF4A70F741B3FE
                                                                          SHA-256:465997B497C6524F9BEA31D6DD8F77200A351ABF2F4AE4FABB3E79BB429A2AE9
                                                                          SHA-512:8C8EC9E4948E042D1BBA4E59F54351525F375D73614AA7425CB0BA97CF4C240A4C06A217499BF6AEB0927E19391E6BD13F02E73527B5009565978AE42474FB06
                                                                          Malicious:false
                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):360001
                                                                          Entropy (8bit):5.362987273891477
                                                                          Encrypted:false
                                                                          SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgauy:zTtbmkExhMJCIpET
                                                                          MD5:540E47F7CE95936733BBBB61BF908640
                                                                          SHA1:ED85E604B8192784510122D1EF66FA7A2CBC63EA
                                                                          SHA-256:EC160E0AF7CB0D8DABF95A69EFCFB798075DABD7AC0EA39113BF1A276A77D082
                                                                          SHA-512:BC9F7031D7BC63B56AD24B5DD75C440D6114E76A1CC940DBBFAC5D7460BAE6B0353A1D49427B8E227ACB7762FC1BA248AFE86F5D450876B1FF8A04FBA2782F2B
                                                                          Malicious:false
                                                                          Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                          C:\Windows\Temp\~DF1487D5622913107C.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):512
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                          Malicious:false
                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DF163009B5D14564DC.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):1.1888394706041556
                                                                          Encrypted:false
                                                                          SSDEEP:48:/hkuzNveFXJBT5N3+US5Tbrk+USIVfdiqj:5k/ZTLuUQUxdD
                                                                          MD5:B8D7703030A5F624035F43E26A2A23DD
                                                                          SHA1:ABEF7A17DE2B8E0611E70F03E3BD43B576992F35
                                                                          SHA-256:3D11A86C1B0BCB3BC28D9376637F9772E4E5418B2F23C329CAE360A634ADC637
                                                                          SHA-512:E0B0370F918B57A6BA7D78D8D627824A2F9651EEE0D4B4FBFA5F9A95AF17C7C242D524BC084BE3BFFEE6C445E7A7E13C77A70545D45A03D05CC2B80421B69D75
                                                                          Malicious:false
                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DF315C150F5CDF1A7C.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):1.4767050315688748
                                                                          Encrypted:false
                                                                          SSDEEP:48:vh8PhMuRc06WXJSnT533+US5Tbrk+USIVfdiqj:UhM1JnTZuUQUxdD
                                                                          MD5:ADB0B363A72F7ECC37F0F128D276D5FE
                                                                          SHA1:8B6BD8B325682C89303E711C93DF4A70F741B3FE
                                                                          SHA-256:465997B497C6524F9BEA31D6DD8F77200A351ABF2F4AE4FABB3E79BB429A2AE9
                                                                          SHA-512:8C8EC9E4948E042D1BBA4E59F54351525F375D73614AA7425CB0BA97CF4C240A4C06A217499BF6AEB0927E19391E6BD13F02E73527B5009565978AE42474FB06
                                                                          Malicious:false
                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DF42B179FD5929B7AE.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):512
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                          Malicious:false
                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DF74C8841AE4F58A5A.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):512
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                          Malicious:false
                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DF75DBA20EA6A128A3.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):512
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                          Malicious:false
                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DF7EF0413AEB59E403.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):1.1888394706041556
                                                                          Encrypted:false
                                                                          SSDEEP:48:/hkuzNveFXJBT5N3+US5Tbrk+USIVfdiqj:5k/ZTLuUQUxdD
                                                                          MD5:B8D7703030A5F624035F43E26A2A23DD
                                                                          SHA1:ABEF7A17DE2B8E0611E70F03E3BD43B576992F35
                                                                          SHA-256:3D11A86C1B0BCB3BC28D9376637F9772E4E5418B2F23C329CAE360A634ADC637
                                                                          SHA-512:E0B0370F918B57A6BA7D78D8D627824A2F9651EEE0D4B4FBFA5F9A95AF17C7C242D524BC084BE3BFFEE6C445E7A7E13C77A70545D45A03D05CC2B80421B69D75
                                                                          Malicious:false
                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DFAB4D915FE438FC75.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):0.07162993968082948
                                                                          Encrypted:false
                                                                          SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOC0c7Wp20RNtgVky6lit/:2F0i8n0itFzDHFs7WA8it/
                                                                          MD5:BFB659CBC2E174DAF81FA81112844BF2
                                                                          SHA1:2C9560101548A6F3F85A8A72A40B09421DCF60C6
                                                                          SHA-256:018751AD50AB77BDF631B158B1C330CA78BDA6CE58743A47DCAFC3301773816A
                                                                          SHA-512:54072040852CA332316894C18D69791FD3FDF0425B233FCF74612F303A570DC9AEB9861EE6803E7EE2792639410B4BE8C3035586E650A9F4B4844FB5D8FDF85F
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DFD90373AD50CEB584.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):512
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                          SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                          SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                          SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                          Malicious:false
                                                                          Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DFF857B7095ABDC22B.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):1.4767050315688748
                                                                          Encrypted:false
                                                                          SSDEEP:48:vh8PhMuRc06WXJSnT533+US5Tbrk+USIVfdiqj:UhM1JnTZuUQUxdD
                                                                          MD5:ADB0B363A72F7ECC37F0F128D276D5FE
                                                                          SHA1:8B6BD8B325682C89303E711C93DF4A70F741B3FE
                                                                          SHA-256:465997B497C6524F9BEA31D6DD8F77200A351ABF2F4AE4FABB3E79BB429A2AE9
                                                                          SHA-512:8C8EC9E4948E042D1BBA4E59F54351525F375D73614AA7425CB0BA97CF4C240A4C06A217499BF6AEB0927E19391E6BD13F02E73527B5009565978AE42474FB06
                                                                          Malicious:false
                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DFFA2B177FAFA781A6.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):1.1888394706041556
                                                                          Encrypted:false
                                                                          SSDEEP:48:/hkuzNveFXJBT5N3+US5Tbrk+USIVfdiqj:5k/ZTLuUQUxdD
                                                                          MD5:B8D7703030A5F624035F43E26A2A23DD
                                                                          SHA1:ABEF7A17DE2B8E0611E70F03E3BD43B576992F35
                                                                          SHA-256:3D11A86C1B0BCB3BC28D9376637F9772E4E5418B2F23C329CAE360A634ADC637
                                                                          SHA-512:E0B0370F918B57A6BA7D78D8D627824A2F9651EEE0D4B4FBFA5F9A95AF17C7C242D524BC084BE3BFFEE6C445E7A7E13C77A70545D45A03D05CC2B80421B69D75
                                                                          Malicious:false
                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Windows\Temp\~DFFFDF796510B0FF2E.TMP

                                                                          Download File
                                                                          Process:C:\Windows\System32\msiexec.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):69632
                                                                          Entropy (8bit):0.10908115160212835
                                                                          Encrypted:false
                                                                          SSDEEP:24:gPiqj2hVX+nUipVA+nUipV7VgwGWFlrkgQ+u:Qiqj2hVX+US6+US5TbrQ
                                                                          MD5:E83A899EAEF2708F2F99C4A899F6B2A3
                                                                          SHA1:C690643EFA3E711052CD1C7859A962453469DA8B
                                                                          SHA-256:1EB92F47F3B9AD25BE84669FC6451B4E0B0F5C538E9F5AC70900EBA6F1A071D7
                                                                          SHA-512:D13E9135072155A5306623D958D7D5FE312530563CF0097F83BDD9AA49290F28FCEE8C6C08B11AC81FB18ECD66D76450000AF2377BCC735A824EE64BB460BD9B
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          Static File Info

                                                                          General

                                                                          File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Dollop, Author: Badge Glove, Keywords: Installer, Comments: This installer database contains the logic and data required to install Dollop., Template: Intel;1033, Revision Number: {4AFBC8A4-8A74-43B1-94FA-C9401DB1B574}, Create Time/Date: Fri Nov 22 22:43:30 2024, Last Saved Time/Date: Fri Nov 22 22:43:30 2024, Number of Pages: 500, Number of Words: 10, Name of Creating Application: WiX Toolset (4.0.0.0), Security: 2
                                                                          Entropy (8bit):7.99948825667642
                                                                          TrID:
                                                                          • Microsoft Windows Installer (60509/1) 88.31%
                                                                          • Generic OLE2 / Multistream Compound File (8008/1) 11.69%
                                                                          File name:5gzbR4Yqta.msi
                                                                          File size:36'790'272 bytes
                                                                          MD5:8f6e7e5f41552fdeef42a6da33ebaf48
                                                                          SHA1:c471d1fba01849aa37bd587613246f1b6c0bb62e
                                                                          SHA256:5c1917c63fc09983d5f31cb7278122405f28364b93956a96cf635e52f7381f2a
                                                                          SHA512:8ae02c85dd8a04c0a4df37d984b6204dd07f52bdddc4c0746ff030ae4f5a1e4f25e3f461b620cac2094084a8cd8bee3f2c1660ebdee40de47106de756202c0cf
                                                                          SSDEEP:786432:cSiMGixH0zs+RFAsCOLTXbr071UEesdqDc+fEv6vh:3b/HGs+KoTXbrE1WLMIh
                                                                          TLSH:FC8733EEE4FC7E3AE2C41638492AC56D02E2DC5273768BC92821F2E05F7558547FA364
                                                                          File Content Preview:........................>.................................................................................... .................................................................................................................................................

                                                                          File Icon

                                                                          Icon Hash:2d2e3797b32b2b99

                                                                          Network Behavior

                                                                          No network behavior found

                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          High Level Behavior Distribution

                                                                          Click to dive into process behavior distribution

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          General

                                                                          Target ID:1
                                                                          Start time:09:15:17
                                                                          Start date:25/11/2024
                                                                          Path:C:\Windows\System32\msiexec.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\5gzbR4Yqta.msi"
                                                                          Imagebase:0x7ff6dfa60000
                                                                          File size:69'632 bytes
                                                                          MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:2
                                                                          Start time:09:15:18
                                                                          Start date:25/11/2024
                                                                          Path:C:\Windows\System32\msiexec.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\msiexec.exe /V
                                                                          Imagebase:0x7ff6dfa60000
                                                                          File size:69'632 bytes
                                                                          MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:false

                                                                          General

                                                                          Target ID:3
                                                                          Start time:09:15:24
                                                                          Start date:25/11/2024
                                                                          Path:C:\Users\user\AppData\Local\Paperback\ManyCam.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\AppData\Local\Paperback\ManyCam.exe"
                                                                          Imagebase:0x400000
                                                                          File size:1'756'232 bytes
                                                                          MD5 hash:BA699791249C311883BAA8CE3432703B
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Antivirus matches:
                                                                          • Detection: 0%, ReversingLabs
                                                                          Reputation:low
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:4
                                                                          Start time:09:15:24
                                                                          Start date:25/11/2024
                                                                          Path:C:\Windows\System32\pcaui.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Local\Paperback\ManyCam.exe"
                                                                          Imagebase:0x7ff679750000
                                                                          File size:162'816 bytes
                                                                          MD5 hash:0BA34D8D0BD01CB98F912114ACC7CF19
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:5
                                                                          Start time:09:15:27
                                                                          Start date:25/11/2024
                                                                          Path:C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exe
                                                                          Imagebase:0x400000
                                                                          File size:1'756'232 bytes
                                                                          MD5 hash:BA699791249C311883BAA8CE3432703B
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Antivirus matches:
                                                                          • Detection: 0%, ReversingLabs
                                                                          Reputation:low
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:6
                                                                          Start time:09:15:27
                                                                          Start date:25/11/2024
                                                                          Path:C:\Windows\System32\pcaui.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\Updateultra_4\ManyCam.exe"
                                                                          Imagebase:0x7ff679750000
                                                                          File size:162'816 bytes
                                                                          MD5 hash:0BA34D8D0BD01CB98F912114ACC7CF19
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:7
                                                                          Start time:09:15:30
                                                                          Start date:25/11/2024
                                                                          Path:C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe
                                                                          Imagebase:0x7ff77c2b0000
                                                                          File size:34'622'092 bytes
                                                                          MD5 hash:EC365EBEE931D7E4F59FFBE5099E0BAF
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Antivirus matches:
                                                                          • Detection: 3%, ReversingLabs
                                                                          Reputation:low
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:8
                                                                          Start time:09:15:30
                                                                          Start date:25/11/2024
                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                          Imagebase:0x1c0000
                                                                          File size:236'544 bytes
                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:9
                                                                          Start time:09:15:30
                                                                          Start date:25/11/2024
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff66e660000
                                                                          File size:862'208 bytes
                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:10
                                                                          Start time:09:15:31
                                                                          Start date:25/11/2024
                                                                          Path:C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Users\user\AppData\Roaming\Updateultra_4\DDHBEPMLZAWRHZK\installer.exe
                                                                          Imagebase:0x7ff77c2b0000
                                                                          File size:34'622'092 bytes
                                                                          MD5 hash:EC365EBEE931D7E4F59FFBE5099E0BAF
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:low
                                                                          Has exited:true

                                                                          General

                                                                          Target ID:12
                                                                          Start time:09:15:39
                                                                          Start date:25/11/2024
                                                                          Path:C:\Windows\SysWOW64\explorer.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Windows\SysWOW64\explorer.exe
                                                                          Imagebase:0x630000
                                                                          File size:4'514'184 bytes
                                                                          MD5 hash:DD6597597673F72E10C9DE7901FBA0A8
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          Disassembly

                                                                          Reset < >

                                                                            Non-executed Functions

                                                                            Function 00BB3C40 Relevance: 42.6, APIs: 28, Instructions: 644COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _CIpow.MSVCR80(?,?,?,?,?,?,?,?,?,?,?,00000001,?,00BB16C1,00000001), ref: 00BB3F18
                                                                            • _ftol.MSVCR80 ref: 00BB3F29
                                                                            • _CIpow.MSVCR80(?,?,?,?,?,?,?,?,?,?,?,00000001,?,00BB16C1,00000001), ref: 00BB3F4D
                                                                            • _ftol.MSVCR80 ref: 00BB3F5E
                                                                            • _CIpow.MSVCR80(?,?,?,?,?,?,?,?,?,?,?,00000001,?,00BB16C1,00000001), ref: 00BB3F82
                                                                            • _ftol.MSVCR80 ref: 00BB3F93
                                                                            • _CIpow.MSVCR80(?,?,?,?,?,?,?,?,?,?,?,00000001,?,00BB16C1,00000001), ref: 00BB3FB7
                                                                            • _ftol.MSVCR80 ref: 00BB3FC8
                                                                            • _CIpow.MSVCR80(?,?,?,?,?,?,?,?,?,?,?,00000001,?,00BB16C1,00000001), ref: 00BB3FEA
                                                                            • _ftol.MSVCR80 ref: 00BB3FFB
                                                                            • _CIpow.MSVCR80(?,?,?,?,?,?,?,?,?,?,?,00000001,?,00BB16C1,00000001), ref: 00BB401F
                                                                            • _ftol.MSVCR80 ref: 00BB4030
                                                                            • _CIpow.MSVCR80(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00BB42A9
                                                                            • _ftol.MSVCR80 ref: 00BB42B8
                                                                            • _CIpow.MSVCR80(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00BB42CC
                                                                            • _ftol.MSVCR80 ref: 00BB42DB
                                                                            • _CIpow.MSVCR80(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00BB4358
                                                                            • _ftol.MSVCR80 ref: 00BB4367
                                                                            • _CIpow.MSVCR80(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00BB438D
                                                                            • _ftol.MSVCR80 ref: 00BB439C
                                                                            • _CIpow.MSVCR80(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00BB43C5
                                                                            • _ftol.MSVCR80 ref: 00BB43D4
                                                                            • _CIpow.MSVCR80(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00BB43E8
                                                                            • _ftol.MSVCR80 ref: 00BB43F7
                                                                            • _CIpow.MSVCR80(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00BB440B
                                                                            • _ftol.MSVCR80 ref: 00BB441A
                                                                            • _CIpow.MSVCR80(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000001), ref: 00BB442E
                                                                            • _ftol.MSVCR80 ref: 00BB443D
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Ipow_ftol
                                                                            • String ID:
                                                                            • API String ID: 36068165-0
                                                                            • Opcode ID: 2717005c27b2225b216bb6c6537802b9c38c16679a267937e0ca1bb223459723
                                                                            • Instruction ID: 5c420fc019101473ba9fc2c6bbf65c4dfa4fb167f95170345e5340ba18af458e
                                                                            • Opcode Fuzzy Hash: 2717005c27b2225b216bb6c6537802b9c38c16679a267937e0ca1bb223459723
                                                                            • Instruction Fuzzy Hash: 9D52C034108B868BC324AF34C8552E7FBF1FF9A304F1549ADE4EA4B266EB719519C742
                                                                            Function 00BCEC10 Relevance: 32.4, Strings: 25, Instructions: 1185COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: %.100s: Can not read TIFF directory$%s: Bogus "%s" field, ignoring and calculating from imagelength$%s: Can not read TIFF directory$%s: Can not read TIFF directory count$%s: Failed to allocate space for IFD list$%s: Seek error accessing TIFF directory$%s: TIFF directory is missing required "%s" field, calculating from imagelength$%s: cannot handle zero number of %s$%s: cannot handle zero scanline size$%s: cannot handle zero strip size$%s: cannot handle zero tile size$%s: invalid TIFF directory; tags are not sorted in ascending order$%s: unknown field with tag %d (0x%x) encountered$%s: wrong data type %d for "%s"; tag ignored$Colormap$ImageLength$PlanarConfiguration$StripByteCounts$StripOffsets$TIFFReadDirectory$TileOffsets$strips$tiles$to read "TransferFunction" tag$to read TIFF directory
                                                                            • API String ID: 0-1977267626
                                                                            • Opcode ID: 77f5e82361d093822ec6f26e36a1afa7785347ab484386d55b9033b2b3570404
                                                                            • Instruction ID: ddeacdba23bc581433da20fc91bdc478f72a86e88e0f8472d85f12a4656d5515
                                                                            • Opcode Fuzzy Hash: 77f5e82361d093822ec6f26e36a1afa7785347ab484386d55b9033b2b3570404
                                                                            • Instruction Fuzzy Hash: 178202756007029BD724DB24D882FB7B3E6EF84314F1489FEF89A86242E735E945C7A1
                                                                            Function 00BB7920 Relevance: 21.4, APIs: 14, Instructions: 420COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _CIpow.MSVCR80(?,?,?,?,?,?,?,?,?,00BB3DAF,?,?,00000008,00B9A3F8,00000001), ref: 00BB79BC
                                                                            • _ftol.MSVCR80 ref: 00BB79CD
                                                                            • _CIpow.MSVCR80(?,?,?,?,?,?,?,?,?,?,?,00BB3DAF,?,?,00000008,00B9A3F8), ref: 00BB7A2E
                                                                            • _ftol.MSVCR80 ref: 00BB7A3F
                                                                            • _CIpow.MSVCR80(?,?,?,?,?,?,?,?,?,?,?,?,?,00BB3DAF,?), ref: 00BB7AAE
                                                                            • _ftol.MSVCR80 ref: 00BB7ABF
                                                                            • _CIpow.MSVCR80(?,?,?,?,?,?,?,?,?,?,?,00BB3DAF,?,?,00000008,00B9A3F8), ref: 00BB7C53
                                                                            • _ftol.MSVCR80 ref: 00BB7C5C
                                                                            • _CIpow.MSVCR80 ref: 00BB7D5F
                                                                            • _ftol.MSVCR80 ref: 00BB7D70
                                                                            • _CIpow.MSVCR80 ref: 00BB7E3D
                                                                            • _ftol.MSVCR80 ref: 00BB7E4E
                                                                            • _CIpow.MSVCR80 ref: 00BB7F2D
                                                                            • _ftol.MSVCR80 ref: 00BB7F3E
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Ipow_ftol
                                                                            • String ID:
                                                                            • API String ID: 36068165-0
                                                                            • Opcode ID: 228648f2377b8f0835d99bce623a426c9a0cc1d130142cbc6b2f8ccf6da6a035
                                                                            • Instruction ID: 9f9375579b6620483451be579412111554021df9604049c1d05437851365f932
                                                                            • Opcode Fuzzy Hash: 228648f2377b8f0835d99bce623a426c9a0cc1d130142cbc6b2f8ccf6da6a035
                                                                            • Instruction Fuzzy Hash: 9A027D706487428BD310DF24D8957AAFBF5FFC8300F5149AEE4AA9B261DB70E855CB42
                                                                            Function 0052309D Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 70memorylibraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsProcessorFeaturePresent.KERNEL32(0000000C,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?,0000040A), ref: 005230A0
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405), ref: 005230BA
                                                                            • GetProcAddress.KERNEL32(00000000,InterlockedPushEntrySList), ref: 005230D4
                                                                            • GetProcAddress.KERNEL32(00000000,InterlockedPopEntrySList), ref: 005230E1
                                                                            • GetProcessHeap.KERNEL32(00000000,00000008,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000), ref: 00523113
                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405), ref: 00523116
                                                                            • InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 0052312A
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000), ref: 00523136
                                                                            • HeapFree.KERNEL32(00000000,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405), ref: 00523139
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Heap$AddressProcProcess$AllocCompareExchangeFeatureFreeInterlockedLibraryLoadPresentProcessor
                                                                            • String ID: InterlockedPopEntrySList$InterlockedPushEntrySList$kernel32.dll
                                                                            • API String ID: 3830925854-2586642590
                                                                            • Opcode ID: 045a139df42147dc29b3cf1c1bb3d0180b322a35e46f72030a23bd9566d498ff
                                                                            • Instruction ID: 6a309bd71f26a8b6476057eaf9253ffddd2ea6d6ddf4b4a8f55772e675858cee
                                                                            • Opcode Fuzzy Hash: 045a139df42147dc29b3cf1c1bb3d0180b322a35e46f72030a23bd9566d498ff
                                                                            • Instruction Fuzzy Hash: 7E11B276610228AFE7209F69FC899177FACFF66B51B008419F605C3250D7389814EB60
                                                                            Function 00BC35A0 Relevance: 18.6, Strings: 14, Instructions: 1061COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: %s: Bad field type %d for "%s"$%s: Bad value %d for "%s"$%s: Bad value %f for "%s"$%s: Bad value %ld for "%s"$%s: Failed to allocate space for list of custom values$%s: Invalid %stag "%s" (not supported by codec)$%s: Pass by value is not implemented.$%s: Sorry, cannot nest SubIFDs$A$Bad value %ld for "%s" tag ignored$Nonstandard tile length %d, convert file$Nonstandard tile width %d, convert file$_TIFFVSetField$pseudo-
                                                                            • API String ID: 0-984486836
                                                                            • Opcode ID: db0aebc61ebce751fc84792a4767c7aab394075f3cad42eb5d73d6fb59937da3
                                                                            • Instruction ID: 29d5749630e0e832da22a07adaaefc21002afd343f9bdf1ca8ff89fd3f69281a
                                                                            • Opcode Fuzzy Hash: db0aebc61ebce751fc84792a4767c7aab394075f3cad42eb5d73d6fb59937da3
                                                                            • Instruction Fuzzy Hash: C482F3756042019FD310DF24D880F6AB7F4FF89708F5489ADE9999B351EB31EA05CBA2
                                                                            Function 00523722 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsDebuggerPresent.KERNEL32 ref: 0052439E
                                                                            • _crt_debugger_hook.MSVCR80(00000001), ref: 005243AB
                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 005243B3
                                                                            • UnhandledExceptionFilter.KERNEL32(00575E58), ref: 005243BE
                                                                            • _crt_debugger_hook.MSVCR80(00000001), ref: 005243CF
                                                                            • GetCurrentProcess.KERNEL32(C0000409), ref: 005243DA
                                                                            • TerminateProcess.KERNEL32(00000000), ref: 005243E1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
                                                                            • String ID: !ME
                                                                            • API String ID: 3369434319-2242867602
                                                                            • Opcode ID: fa064457d980cb34010aba6a9c8ddec48f34fb03e7b2cf8e25b020562b0318d8
                                                                            • Instruction ID: 39ba21fb788a80fe4ca9cc942bdb85b36a6e35659692cabfea893639d5bd73cc
                                                                            • Opcode Fuzzy Hash: fa064457d980cb34010aba6a9c8ddec48f34fb03e7b2cf8e25b020562b0318d8
                                                                            • Instruction Fuzzy Hash: 9521B0B4901214DFE700DF69FD4E6457BB4FB2A308F10441AF508877A0E7B0568DAF15
                                                                            Function 00BDBBB6 Relevance: 10.6, APIs: 7, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsDebuggerPresent.KERNEL32 ref: 00BDC2BF
                                                                            • _crt_debugger_hook.MSVCR80(00000001), ref: 00BDC2CC
                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00BDC2D4
                                                                            • UnhandledExceptionFilter.KERNEL32(00BE29FC), ref: 00BDC2DF
                                                                            • _crt_debugger_hook.MSVCR80(00000001), ref: 00BDC2F0
                                                                            • GetCurrentProcess.KERNEL32(C0000409), ref: 00BDC2FB
                                                                            • TerminateProcess.KERNEL32(00000000), ref: 00BDC302
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
                                                                            • String ID:
                                                                            • API String ID: 3369434319-0
                                                                            • Opcode ID: 31a740d789ef69da4a448668e309fb411f4ff643b67d9d784aeaa05b1f96b1fb
                                                                            • Instruction ID: 8679256a481723e691cd38c6c0d72c647c53e90032a3884b082742fa6f7b56ee
                                                                            • Opcode Fuzzy Hash: 31a740d789ef69da4a448668e309fb411f4ff643b67d9d784aeaa05b1f96b1fb
                                                                            • Instruction Fuzzy Hash: BC21FFB5801385DFC700DF68ECD5A487FA5FB08310F00445AE9199B3A1EFB0988A8F88
                                                                            Function 00488A00 Relevance: 7.6, APIs: 5, Instructions: 63COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • FindResourceW.KERNEL32(00000000,0047AE1E,00000006,?,0047AE1E), ref: 00488A3B
                                                                            • GetLastError.KERNEL32(?,0047AE1E), ref: 00488A4A
                                                                            • SizeofResource.KERNEL32(00000000,00000000,?,0047AE1E), ref: 00488A5A
                                                                            • GetLastError.KERNEL32(?,0047AE1E), ref: 00488A67
                                                                            • GetLastError.KERNEL32(000000FF,00000000,00000000,00000000,00000000,00000000,?,0047AE1E), ref: 00488AA8
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$Resource$FindSizeof
                                                                            • String ID:
                                                                            • API String ID: 1187693681-0
                                                                            • Opcode ID: 65827e7e1ba533ac49771d736c66928104eedf98d9c70884fcfb5a62a0082481
                                                                            • Instruction ID: c0cef2afab0bd7fe4f68a4e2e270c34d254ae90ade39b42375e279ad05fcd0b3
                                                                            • Opcode Fuzzy Hash: 65827e7e1ba533ac49771d736c66928104eedf98d9c70884fcfb5a62a0082481
                                                                            • Instruction Fuzzy Hash: 13215EB490410CAFDF04EFA8C894AAEBBB5AF58304F50855EF516E7380DB349A40DBA5
                                                                            Function 004B7920 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetLastError.KERNEL32(?,0050F176,00000000,?,?,?,?,?,?,A7504B2B), ref: 004B7929
                                                                            • FormatMessageW.KERNEL32(00001100,00000000,00000000,00000400,00000000,00000000,00000000), ref: 004B7951
                                                                              • Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
                                                                              • Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852
                                                                            • GlobalFree.KERNEL32(00000000), ref: 004B797D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorFormatFreeGlobalLastMessagefflushfwprintf
                                                                            • String ID: Error %lu(%XH): %s
                                                                            • API String ID: 800684769-2225916613
                                                                            • Opcode ID: 9c25a239c4296b40a1aac8e3427c21774919ee94bcf497bff91ff5139ac85dd7
                                                                            • Instruction ID: 92133e916cea4efcc1403b83aedde9febef4d0811e6201f309352de0de206619
                                                                            • Opcode Fuzzy Hash: 9c25a239c4296b40a1aac8e3427c21774919ee94bcf497bff91ff5139ac85dd7
                                                                            • Instruction Fuzzy Hash: 42F0AFB9E40208BBE714DBD4DC46F9EBB78AB58701F104159FB04A7280D7B06A45DBA5
                                                                            Function 004164A0 Relevance: 6.1, APIs: 4, Instructions: 97filestringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00416650: FindClose.KERNEL32(55C35DE5,00000000,?,004164B1,00000000,000001E2,-0000012B), ref: 00416686
                                                                            • lstrlenW.KERNEL32(00000000,00000000,000001E2), ref: 004164C4
                                                                            • FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                            • GetFullPathNameW.KERNEL32(00000000,00000104,?,00000000), ref: 0041652C
                                                                            • SetLastError.KERNEL32(0000007B), ref: 0041654D
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Find$CloseErrorFileFirstFullLastNamePathlstrlen
                                                                            • String ID:
                                                                            • API String ID: 333540133-0
                                                                            • Opcode ID: 171f62d7d2e46f7442e9afe65942f367c9dc7a9140c3c81f7060891864299191
                                                                            • Instruction ID: f4e42fcc4f8ec7ae6713741ac17fac935eec9a5453ba0a6ca1ec1d98cf041219
                                                                            • Opcode Fuzzy Hash: 171f62d7d2e46f7442e9afe65942f367c9dc7a9140c3c81f7060891864299191
                                                                            • Instruction Fuzzy Hash: 8E413AB0A00219AFDB00DFA4DC84BEE77B2BF44305F11856AE515AB385C778D984CB98
                                                                            Function 004170D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Versionmemset
                                                                            • String ID: Z
                                                                            • API String ID: 3136939366-1505515367
                                                                            • Opcode ID: 516b4f2a042728e0f0f59f6a94ebabed824618c26df89cb6cf625fad9862a033
                                                                            • Instruction ID: 947a03641c50d36fa0e939df1043f0996d18235827ec97ca73ee9231d218b9cc
                                                                            • Opcode Fuzzy Hash: 516b4f2a042728e0f0f59f6a94ebabed824618c26df89cb6cf625fad9862a033
                                                                            • Instruction Fuzzy Hash: 63017C7094522C9BDF28CF60DD0A7D8B7B4AB0A305F0001EAD54926381DB785BD8CF89
                                                                            Function 0050EC90 Relevance: 4.0, APIs: 3, Instructions: 229COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a7a71dcc478b47e40df8151f770de63c075e4e3c067fe5a625892b148f8ef34b
                                                                            • Instruction ID: b9a8476a3ded02214ffd1c961f0993893401f5a1c5ac13666dc1643a7a7c18ad
                                                                            • Opcode Fuzzy Hash: a7a71dcc478b47e40df8151f770de63c075e4e3c067fe5a625892b148f8ef34b
                                                                            • Instruction Fuzzy Hash: 5DB1FA7460424ADFCB04CF44C5959AEBBB2FF45344F248A99E8595B392C332EE52DF90
                                                                            Function 004B2100 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                              • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                              • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                            • CoCreateInstance.OLE32(?,00000000,00000001,00571980,00000000,?,?,0056F520,A7504B2B,?,?,?,?,00000000,005334CC,000000FF), ref: 004B21C6
                                                                            Strings
                                                                            • CGraphMgr::AddFilterByCLSID name=%s, xrefs: 004B214A
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$CreateInstanceclock
                                                                            • String ID: CGraphMgr::AddFilterByCLSID name=%s
                                                                            • API String ID: 918117742-3942708501
                                                                            • Opcode ID: 80f2d3ddaa8d4aa783709a640ee3d22423abe0e31a3af0e214f939dcddfe5315
                                                                            • Instruction ID: 6627f4356a5c181cec56012d4899b026b21b0b7ca21db5bf76fe668c849b38a9
                                                                            • Opcode Fuzzy Hash: 80f2d3ddaa8d4aa783709a640ee3d22423abe0e31a3af0e214f939dcddfe5315
                                                                            • Instruction Fuzzy Hash: C2411C75900209EFDB08DF98D984BEEB7B4FB08314F10865EE815A7390DB74AA01CB64
                                                                            Function 00BD619B Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: $
                                                                            • API String ID: 0-227171996
                                                                            • Opcode ID: 8a967e8653442695744293af3c3020a2332384adcd5d40305829022d169631dc
                                                                            • Instruction ID: 63bc77231bf9d3c099840ec8a91e7dc77a4c113ff4884723deb2d051e433ad95
                                                                            • Opcode Fuzzy Hash: 8a967e8653442695744293af3c3020a2332384adcd5d40305829022d169631dc
                                                                            • Instruction Fuzzy Hash: 2251AEB06087068BD728CF59E89026AFBE1FF84350F544A7EE49687741F775E849CB82
                                                                            Function 00523077 Relevance: 2.5, APIs: 2, Instructions: 12memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetProcessHeap.KERNEL32(00000000,00416AB4,00523168,00416AB4,0041507C,00415062,?,00415062,00416AB4,?,00416AB4,?,?,?,?), ref: 00523087
                                                                            • HeapFree.KERNEL32(00000000,?,00415062,00416AB4,?,00416AB4,?,?,?,?), ref: 0052308E
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Heap$FreeProcess
                                                                            • String ID:
                                                                            • API String ID: 3859560861-0
                                                                            • Opcode ID: 441a53b93ebf16eed188891ea13d12f94a6ae03e7d81ddeafca47d4340301828
                                                                            • Instruction ID: f319b3c51e495ac70aa74a2a88efa86c29433e891e0bee9a04cda8eb8d13ba05
                                                                            • Opcode Fuzzy Hash: 441a53b93ebf16eed188891ea13d12f94a6ae03e7d81ddeafca47d4340301828
                                                                            • Instruction Fuzzy Hash: D1D00274914214AFDE11ABA8AE8EA493B7ABF65702F504840F216D61A1D7399848FA21
                                                                            Function 00BC16C0 Relevance: 2.2, Strings: 1, Instructions: 969COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @
                                                                            • API String ID: 0-2766056989
                                                                            • Opcode ID: 3fa8951f2940d12dc94979624d177cde631ba41340da961c35e27d68b5f1a77f
                                                                            • Instruction ID: 4208989e25ccfa8ece7647be1964a93ddafd52665b80ec28747f871a0b5af776
                                                                            • Opcode Fuzzy Hash: 3fa8951f2940d12dc94979624d177cde631ba41340da961c35e27d68b5f1a77f
                                                                            • Instruction Fuzzy Hash: F37295756082464FC718CF28C490B6ABBE2EFCA304F198ABDE995DB356D630DD42CB51
                                                                            Function 00BB31B0 Relevance: 2.0, Strings: 1, Instructions: 718COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `
                                                                            • API String ID: 0-2679148245
                                                                            • Opcode ID: 1ffc9d91de1d7451dcb28e8bb8d5ee26e24ee8602e7e186a2baa0cc19b091c42
                                                                            • Instruction ID: 3242c8b1c4f095f8716156a25e4b83117c59a8a84e3d0651a736c564dfff378f
                                                                            • Opcode Fuzzy Hash: 1ffc9d91de1d7451dcb28e8bb8d5ee26e24ee8602e7e186a2baa0cc19b091c42
                                                                            • Instruction Fuzzy Hash: 505290756087828FC714CF2988806AAFBF2AFC9704F1989ADE9D8D7311D7B1D905CB52
                                                                            Function 00BD01C0 Relevance: 1.6, Strings: 1, Instructions: 383COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: to fetch tag value
                                                                            • API String ID: 0-3423917375
                                                                            • Opcode ID: 18fd0becfd822b0e812de00d8b561ce9006f76856b762df52862640a69e3fd1e
                                                                            • Instruction ID: 8199fac0b287c9dc040f404ac694acd5d904afe21a49d9d8d95868a9a32cea2d
                                                                            • Opcode Fuzzy Hash: 18fd0becfd822b0e812de00d8b561ce9006f76856b762df52862640a69e3fd1e
                                                                            • Instruction Fuzzy Hash: 9FB137656142026BD310BA64ACD1FBBF3E8EF99314F4400FEFD4886302FB559A15C6E5
                                                                            Function 00BD9650 Relevance: 1.6, Strings: 1, Instructions: 376COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: @
                                                                            • API String ID: 0-2766056989
                                                                            • Opcode ID: 0393913924a52a9871d7d0ba14da80ff8631716d030ee243ec460da7c8553430
                                                                            • Instruction ID: 2ab449c40a9e6489f9429d13b0f7949bc85536a514f384d044def0e4f2305728
                                                                            • Opcode Fuzzy Hash: 0393913924a52a9871d7d0ba14da80ff8631716d030ee243ec460da7c8553430
                                                                            • Instruction Fuzzy Hash: ABE17B35A083418FC724DF28C4806AAF7E1FFD9714F24496EE89997350E776E949CB82
                                                                            Function 00BCB130 Relevance: 1.6, Strings: 1, Instructions: 317COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • No space for Palette mapping table, xrefs: 00BCB16C
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocGlobal
                                                                            • String ID: No space for Palette mapping table
                                                                            • API String ID: 3761449716-3215607947
                                                                            • Opcode ID: d0e0f2761241080c5210c918d64e5c1d1f5cd14f0e3136db65a18748068c769a
                                                                            • Instruction ID: 1b83dfe451c56c9a22adf81d28a97cdcaab17acf34a4a29778baa18d7c583477
                                                                            • Opcode Fuzzy Hash: d0e0f2761241080c5210c918d64e5c1d1f5cd14f0e3136db65a18748068c769a
                                                                            • Instruction Fuzzy Hash: 0DC19E71A18B434EE310CF59C8C0366FBE2FFD6315F1886B8D5A08B79AD2B99449C391
                                                                            Function 00BC26F0 Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: U
                                                                            • API String ID: 0-3372436214
                                                                            • Opcode ID: d06a82b991ce4754ee4d6933da77f2c0cf392789228a3c13f634902435b0714b
                                                                            • Instruction ID: f2e9cde362e679c0e87f2507a8eca28bd244d10f76904d9e86c179c05e18771c
                                                                            • Opcode Fuzzy Hash: d06a82b991ce4754ee4d6933da77f2c0cf392789228a3c13f634902435b0714b
                                                                            • Instruction Fuzzy Hash: E2819F31A083518FC324CF2DC49066ABBE1EFD9710F584AAEEAD587351D6B2DC45CB82
                                                                            Function 00BD640B Relevance: .9, Instructions: 862COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 14232f15e1831484932be910bc7f0aa44b568e81c7c293894dd6046ade8b664e
                                                                            • Instruction ID: e7936ce3a056886099410c1d75898453e407c7f18da9dafc9170a18cf21ba5f5
                                                                            • Opcode Fuzzy Hash: 14232f15e1831484932be910bc7f0aa44b568e81c7c293894dd6046ade8b664e
                                                                            • Instruction Fuzzy Hash: 3F724B70A08B468FC718CF19D89066AF7E2FFD8304F24896EE59687754E771E849CB81
                                                                            Function 00BB55F0 Relevance: .6, Instructions: 587COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dc5ad7d822a4c71bc9fd73d8960d9994576aeaef53c3de34bd0ed5aa9e9f781b
                                                                            • Instruction ID: 023ce568cbea0a8631678c313e45acad0373302a61cb106e16a65fb9a1d246d9
                                                                            • Opcode Fuzzy Hash: dc5ad7d822a4c71bc9fd73d8960d9994576aeaef53c3de34bd0ed5aa9e9f781b
                                                                            • Instruction Fuzzy Hash: 52328F3550C7828BC325CF28C4912BAFFE1FF99304F185AADE4C99B342D661D946CB96
                                                                            Function 00BD5C10 Relevance: .6, Instructions: 580COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: a1b7a7e279de3a7f61ad13d052398b6446e338850ffc1c15977be21ada1b4b53
                                                                            • Instruction ID: 24fa52e6cf3ce9dd14555d2bb725dace40b4895e6865dfd52e8d9caf759b308f
                                                                            • Opcode Fuzzy Hash: a1b7a7e279de3a7f61ad13d052398b6446e338850ffc1c15977be21ada1b4b53
                                                                            • Instruction Fuzzy Hash: FD226C70604B428FD728CF69D89072BFBE2FB84700F544A6EE49687741E774E949CB92
                                                                            Function 00BC9AF0 Relevance: .5, Instructions: 548COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f98570f1da2ef88396b503b59543919c54530344b59367a5a6919e4541db2713
                                                                            • Instruction ID: 020a8a67d70017f23695d4a209b8d60334dce0297ca807ebab1fdb612a34c989
                                                                            • Opcode Fuzzy Hash: f98570f1da2ef88396b503b59543919c54530344b59367a5a6919e4541db2713
                                                                            • Instruction Fuzzy Hash: 63221C756086459FD328CF29C891EABB7EAFBC8340F148A1DF599C3354E670E905CB62
                                                                            Function 00BD91C0 Relevance: .4, Instructions: 425COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 20d3ab6a803731a58617f88bc5b109711e1954109ff6a08c1b7c1170a619673e
                                                                            • Instruction ID: 9583e03c941ea19cbc5a6b4df85b699cdda9ae1f426c2425f888f3b9ef79c423
                                                                            • Opcode Fuzzy Hash: 20d3ab6a803731a58617f88bc5b109711e1954109ff6a08c1b7c1170a619673e
                                                                            • Instruction Fuzzy Hash: 05E17C312083858FC719DF2CD89066AFBE1EB99308F1449BEE9DAC7342E675D846CB45
                                                                            Function 00BC85E2 Relevance: .4, Instructions: 414COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b79291703b6068f24cf64208f47805ea5fb78ec4ea564d673a31d3ef2e6da05a
                                                                            • Instruction ID: 3c03077c6023c123baffd422e0a054951bd66cb2db5f71f246438cccffaf3bf5
                                                                            • Opcode Fuzzy Hash: b79291703b6068f24cf64208f47805ea5fb78ec4ea564d673a31d3ef2e6da05a
                                                                            • Instruction Fuzzy Hash: D3D19062B54A4B0BD358DD6DCD52374BDC39FC9205F0CC239A888CEBEAF875964E9244
                                                                            Function 00BB6E10 Relevance: .4, Instructions: 385COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0f4d7cc1d784bf5f48adc2e43d82b5f32e457b01328a6e8d94e818da4365d5f4
                                                                            • Instruction ID: 2a23c8636c6c297977ec2c748bacd8b87c10da43998a0a2b9e898e78f8dca0e3
                                                                            • Opcode Fuzzy Hash: 0f4d7cc1d784bf5f48adc2e43d82b5f32e457b01328a6e8d94e818da4365d5f4
                                                                            • Instruction Fuzzy Hash: 7FC1372524E6C14FCB198A6CA4E95FAFFD1DB9E311F0881FDCAD4CB312C9558909C360
                                                                            Function 00BDABB0 Relevance: .4, Instructions: 379COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d4bfdb248b3fb90f8076a3fe4a1e75f7bd1b50aa5aafde52d762773f77742459
                                                                            • Instruction ID: abc7b31e5b4156d10d392fcecb324b549eacbbc4b470693a1d0da9947a7642ce
                                                                            • Opcode Fuzzy Hash: d4bfdb248b3fb90f8076a3fe4a1e75f7bd1b50aa5aafde52d762773f77742459
                                                                            • Instruction Fuzzy Hash: CAF18E725092418FC3098F18D5989E2BBE2FFA8714B1F42FAD4599B363D7729841CB92
                                                                            Function 00BD8CF0 Relevance: .4, Instructions: 364COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1597892f3f4f26d62b0053a32bee4d971b9123da6a1e5dfc1b359871c077577f
                                                                            • Instruction ID: 7c0f2534f06641cc03194c78ef09445804f4c662fe4cb24974cd54efcfa17ee1
                                                                            • Opcode Fuzzy Hash: 1597892f3f4f26d62b0053a32bee4d971b9123da6a1e5dfc1b359871c077577f
                                                                            • Instruction Fuzzy Hash: 25E1E275611B418FD329CF28C990AA7F3E6FF99304B14896ED8DA87B51EA31F841CB40
                                                                            Function 00BB7430 Relevance: .4, Instructions: 358COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3fdb552d395599088d1c18996914b216fac466eb725e100a4a57cdd7d645cd1c
                                                                            • Instruction ID: 806cbb710d5ae2c4ff7adb62b980f07ff0bb1a6d38a3818248b54fb52f665fd4
                                                                            • Opcode Fuzzy Hash: 3fdb552d395599088d1c18996914b216fac466eb725e100a4a57cdd7d645cd1c
                                                                            • Instruction Fuzzy Hash: B0C1C26114CAD68FD7129F2880547F9FFD2EBA6304F2846DDC4E58F382DAA2D909C751
                                                                            Function 00BBE680 Relevance: .4, Instructions: 352COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dbc2174e58715c54aecee3c3bf6848ed78d6c08002ab9511aa253823f953f947
                                                                            • Instruction ID: be8dfe2481acc6b97eadf49c83e05006654716e97139f7c053b3462bb0219ef6
                                                                            • Opcode Fuzzy Hash: dbc2174e58715c54aecee3c3bf6848ed78d6c08002ab9511aa253823f953f947
                                                                            • Instruction Fuzzy Hash: 16D1B172A087418FC704CF19C4942EAFBE1FBD9314F144AADE8A9AB364D775E909CB41
                                                                            Function 00BB5E3B Relevance: .3, Instructions: 343COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 196e7da152e4b61fa75d9370c863432e363dd0235d582f1c6e959e9dccacebc3
                                                                            • Instruction ID: acded123c2b93ad8afc4dd6ab214c493c1d0fb3031f8531296116ddf4f212bb0
                                                                            • Opcode Fuzzy Hash: 196e7da152e4b61fa75d9370c863432e363dd0235d582f1c6e959e9dccacebc3
                                                                            • Instruction Fuzzy Hash: CEB1F7213096824FD7265F3880A02FAAFE1EBB6304F6C95FDD5D64B342C5A9DD0ACB41
                                                                            Function 00BB6986 Relevance: .3, Instructions: 333COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1789579293c79cbf2715ca8a4557286e13fed795c1e070b62578e1622611b3b9
                                                                            • Instruction ID: b59fd9a4e7cf5e2a05da0ad4afe2db760cc8889164dbd9cb53f4006f5c8b018f
                                                                            • Opcode Fuzzy Hash: 1789579293c79cbf2715ca8a4557286e13fed795c1e070b62578e1622611b3b9
                                                                            • Instruction Fuzzy Hash: 5ED1A3352082824FC719DF2C84A15BAFFE1EF6A304B19C6BDD4DACB342D625D90ACB51
                                                                            Function 00BCBAE0 Relevance: .3, Instructions: 312COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: ffd81ed465567cd8b66eef8f6bd7542c107a98bfc5b2e0a65767b7a09a1653e4
                                                                            • Instruction ID: 656f4856d942766cc48ad19e91504af49231d3a2ad93e789a8bc7fb85411c991
                                                                            • Opcode Fuzzy Hash: ffd81ed465567cd8b66eef8f6bd7542c107a98bfc5b2e0a65767b7a09a1653e4
                                                                            • Instruction Fuzzy Hash: DD915F71A49AC00FE305CF7A48D42A9FFE3EACB209B58D1BDD5D68771AC5B5940B8310
                                                                            Function 00BDB1E0 Relevance: .3, Instructions: 295COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 1207af609020939aa81a7ae1d0784747c4b4d246787b3978d9ed635e7f236564
                                                                            • Instruction ID: 46aa57127ac71e0103306558c8297e72d761f6db45cce4f1d803d55378d6f75b
                                                                            • Opcode Fuzzy Hash: 1207af609020939aa81a7ae1d0784747c4b4d246787b3978d9ed635e7f236564
                                                                            • Instruction Fuzzy Hash: 5CD169756082918FC319CF18E5D88E67BE1FFA8740B0E42F9C98A9B323D7319945CB55
                                                                            Function 00BBE340 Relevance: .3, Instructions: 269COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b70c3912a0b96a4da76343c6791705357e7c54723d6ca868b618e930c8524668
                                                                            • Instruction ID: 7f71fb870d1ce38bfe4daedf187d3ddf74c938dc36bc886fd71a204a47f240fe
                                                                            • Opcode Fuzzy Hash: b70c3912a0b96a4da76343c6791705357e7c54723d6ca868b618e930c8524668
                                                                            • Instruction Fuzzy Hash: 9C91AF756083458BC714CE14D4507FAB7E1FBD8314F188AADE8EA97390D7B8D90ACB85
                                                                            Function 00BC7660 Relevance: .3, Instructions: 265COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 86083ace5ddd1e5b3b691a5711c961849cb9f60dfcb38de9d9e72bfc39260487
                                                                            • Instruction ID: cb045d9f075b0952a88976e1d31fc033ae21900429f13878b412a3adf2724763
                                                                            • Opcode Fuzzy Hash: 86083ace5ddd1e5b3b691a5711c961849cb9f60dfcb38de9d9e72bfc39260487
                                                                            • Instruction Fuzzy Hash: A9912E22B496900FB3058FBA4CD9596FFD3AEDB25434FD2BCC5D88B75AC5B5A00A8610
                                                                            Function 00BC7A10 Relevance: .3, Instructions: 258COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f8ffe6c03a7d4f0c8f5a2e2f11ff1e7a45ddb5b181ff78e47c464b6c76e93aee
                                                                            • Instruction ID: 698aab02a9119e35153fccfa07eddb6896b0dcd9e1dd0888b0bfbf47bace4bb6
                                                                            • Opcode Fuzzy Hash: f8ffe6c03a7d4f0c8f5a2e2f11ff1e7a45ddb5b181ff78e47c464b6c76e93aee
                                                                            • Instruction Fuzzy Hash: 34911222B4D5910FD3198F7A88E95A6FFE3AEDA20074ED1FDC9C987726C4A5940DC710
                                                                            Function 00BA0930 Relevance: .2, Instructions: 234COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 66d79a3bdcd1837356d7b6d5c2763f74f75547096311cd3189e516e2b25b5b64
                                                                            • Instruction ID: a0ad90a6a7d473b2f5311a309fedd84cfb36944586d3bc4e284653c20b0b7625
                                                                            • Opcode Fuzzy Hash: 66d79a3bdcd1837356d7b6d5c2763f74f75547096311cd3189e516e2b25b5b64
                                                                            • Instruction Fuzzy Hash: 9C91ACB05187028FD714EF18C484A27FBE0FF99708F5485ADE89A9B312E731E955CB92
                                                                            Function 00BA8380 Relevance: .2, Instructions: 228COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3de504337a70d3e81710e16bc2d910534e07e253a864f4b1529b3110b5428457
                                                                            • Instruction ID: 27905c55d7084e98dc2ca802d07a26b2cb54024af9332df87ea2a1b1bbf019e8
                                                                            • Opcode Fuzzy Hash: 3de504337a70d3e81710e16bc2d910534e07e253a864f4b1529b3110b5428457
                                                                            • Instruction Fuzzy Hash: EDA11B74A087418FC314CF29C49095AFBF2BFC9704F198A6DE99987325EB30E905CB82
                                                                            Function 00BC1410 Relevance: .2, Instructions: 220COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b584d68ecaa2991d1f89fb09f6f126c8128263169b38336828a0f969f0242cdf
                                                                            • Instruction ID: 062a8e73becf0b8304c4bbf0e809a89584b738e31046af2764d8927841ae0856
                                                                            • Opcode Fuzzy Hash: b584d68ecaa2991d1f89fb09f6f126c8128263169b38336828a0f969f0242cdf
                                                                            • Instruction Fuzzy Hash: 7B816071A093528FDB08CF18C4D075AB7E1FBDA314F198A6EE496AB341D731D909CB81
                                                                            Function 00BB7200 Relevance: .2, Instructions: 209COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: bba126c67f6213cc2c7b5393b6fe04b9bcee53e41702d629dad298e085c61df8
                                                                            • Instruction ID: ab8c7c2096f58291d4421e1ced2bd5f5b2964d4880374f6e0769c8639748cbd4
                                                                            • Opcode Fuzzy Hash: bba126c67f6213cc2c7b5393b6fe04b9bcee53e41702d629dad298e085c61df8
                                                                            • Instruction Fuzzy Hash: 3C71B43554C6828BCB11CF28C4846A5FFD2EBE6304F0CC6DDD8C99B356DAA2E909C791
                                                                            Function 00BA78C0 Relevance: .2, Instructions: 178COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 63bde09c537a4213f7de40edceb5d3d9a8bb7c75d367e40179410ee8b52a78f7
                                                                            • Instruction ID: 32a5d70953ca47ffec087dcc65130799d377f0ab7490f9d9cb58fc9a392b48ed
                                                                            • Opcode Fuzzy Hash: 63bde09c537a4213f7de40edceb5d3d9a8bb7c75d367e40179410ee8b52a78f7
                                                                            • Instruction Fuzzy Hash: 2681063954E7819FC711CF29C4D04A6FBE2BF9E204F5C999DE9C50B316C231A91ACB92
                                                                            Function 00BB4E30 Relevance: .2, Instructions: 169COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 781fb0ed2df7f391b7a24f592ad171469152a0d1336f9c4a55c7456bf35fb83e
                                                                            • Instruction ID: 741100b8c4a5c53ae01f250fffd8ae73fc92ff5de1ca7ca5eee08a89611588dd
                                                                            • Opcode Fuzzy Hash: 781fb0ed2df7f391b7a24f592ad171469152a0d1336f9c4a55c7456bf35fb83e
                                                                            • Instruction Fuzzy Hash: 3951E4366083914BD715DE2C94902B6FBE2EBD9324F1889EDD8E887342D7B1D80A8791
                                                                            Function 00BB6560 Relevance: .2, Instructions: 163COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9fae38c31ac3e6366611ebbb41cae401fea5393a98b7b8155f8df23b955ccbd4
                                                                            • Instruction ID: 896c21378ba8391086082a267c83a88411dfcaccb7523c2ea9eadb54a5693f9d
                                                                            • Opcode Fuzzy Hash: 9fae38c31ac3e6366611ebbb41cae401fea5393a98b7b8155f8df23b955ccbd4
                                                                            • Instruction Fuzzy Hash: B651C2366082874FC3259F2884611F9FBE1EFAA304F6C86BDD8D68B342D665D916CB50
                                                                            Function 00BD9B00 Relevance: .1, Instructions: 127COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0b4f27dd10139f30faea009d98bf7d04ad43b169fe1efa635cf320682f8d45aa
                                                                            • Instruction ID: 38526dfa775c662feddd8e57df0ce0a82ee860bf71183c887d693c2315907ddd
                                                                            • Opcode Fuzzy Hash: 0b4f27dd10139f30faea009d98bf7d04ad43b169fe1efa635cf320682f8d45aa
                                                                            • Instruction Fuzzy Hash: DF311E3374558203F71DCE2F9CA12BAEAD38FC522872ED57E99C98B356ECBA44178144
                                                                            Function 00BC8AFD Relevance: .1, Instructions: 117COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2884f95fcdafe70c70ecd4019d7835bcd498a4b6d07c35c5e4d26ae6450e3503
                                                                            • Instruction ID: e55d7fbf39b58b7cd40c08828abb676aef87834b5fc5c75b877ec82b140fc7a0
                                                                            • Opcode Fuzzy Hash: 2884f95fcdafe70c70ecd4019d7835bcd498a4b6d07c35c5e4d26ae6450e3503
                                                                            • Instruction Fuzzy Hash: B941CA71E096564FC318CE29C851576FBE2EFCA204F08C67EE898D7755EA30D8498B80
                                                                            Function 00419920 Relevance: 88.0, APIs: 45, Strings: 5, Instructions: 463COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                              • Part of subcall function 00418B80: CreateSolidBrush.GDI32(A7504B2B), ref: 00418B8B
                                                                            • FillRect.USER32(00000000,?,00000000), ref: 004199CF
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000), ref: 00419A41
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000), ref: 00419A5D
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419A8A
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419AA9
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419ABD
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419AD9
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419AFB
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419B10
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00419B22
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00419B34
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00419B58
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419B7A
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00419B96
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00419BB8
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 00419BE3
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00419BF8
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00419C14
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00419C28
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00419C3F
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00419C5D
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419C7F
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00419C9E
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00419CC1
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 00419CEE
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00419D0D
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00419D21
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00419D40
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00419D55
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00419D75
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419D8A
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00419D9C
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00419DAE
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00419DC5
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00419DE5
                                                                            • SetBkMode.GDI32(00000000,00000001), ref: 00419E09
                                                                            • GetTextColor.GDI32(00000000), ref: 00419E18
                                                                            • SetTextColor.GDI32(00000000,0096681D), ref: 00419E2C
                                                                            • memset.MSVCR80 ref: 00419ED8
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00419F18
                                                                            • memset.MSVCR80 ref: 00419F6A
                                                                            • memset.MSVCR80 ref: 00419FB1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Image@@$Height@Width@$C__@@Draw@T@@_Utag$memset$ColorRectText$BrushClientCreateFillModeObjectSelectSolid
                                                                            • String ID: %$Border$Clip Line$F$Tahoma
                                                                            • API String ID: 2569125150-2632024743
                                                                            • Opcode ID: fbd3d37cbcfb4a5d345145a4449552b179033964231fac46975376ef3b4c5788
                                                                            • Instruction ID: 6acad93585106d0d29ca26f9a2d8656a706cc7dc15e340c93166a7cfeebd7e9c
                                                                            • Opcode Fuzzy Hash: fbd3d37cbcfb4a5d345145a4449552b179033964231fac46975376ef3b4c5788
                                                                            • Instruction Fuzzy Hash: 5F226E709041199FEF18EB68CCA9BEEB7B8FF54304F1441ADE10AA7291DB742A85CF54
                                                                            Function 00B95960 Relevance: 72.1, APIs: 31, Strings: 10, Instructions: 384windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvError.CXCORE099(FFFFFF2D,cvCreateTrackbar,Bad trackbar maximal value,.\window_w32.cpp,000004B9), ref: 00B959C7
                                                                            • CreateToolbarEx.COMCTL32(?,40000201,00000001,00000000,00000000,00000000,00000000,00000000,00000010,00000014,00000010,00000010,00000014), ref: 00B95A4B
                                                                            • GetClientRect.USER32(?,?), ref: 00B95A5D
                                                                            • MoveWindow.USER32(?,00000000,00000000,?,0000001E,00000001), ref: 00B95A72
                                                                            • SendMessageA.USER32(?,00000421,00000000,00000000), ref: 00B95A83
                                                                            • ShowWindow.USER32(?,00000005), ref: 00B95A8B
                                                                            • GetWindowLongA.USER32(?,000000FC), ref: 00B95AA0
                                                                            • SetWindowLongA.USER32(?,000000FC,00B95630), ref: 00B95AC3
                                                                            • SetWindowLongA.USER32(?,000000EB,00000000), ref: 00B95ACC
                                                                            • SendMessageA.USER32(?,00000418,00000000,00000000), ref: 00B95ADB
                                                                            • cvError.CXCORE099(000000E5,cvCreateTrackbar,NULL window or trackbar name,.\window_w32.cpp,000004B6), ref: 00B95D9C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long$ErrorMessageSend$ClientCreateMoveRectShowToolbar
                                                                            • String ID: $.\window_w32.cpp$@$Bad trackbar maximal value$Buddy%p$NULL window or trackbar name$STATIC$Trackbar%p$cvCreateTrackbar$msctls_trackbar32
                                                                            • API String ID: 2803709427-1531181224
                                                                            • Opcode ID: 98192f8386ccd037f8597c62f190d5f55432c19856bf435bf1a3fa6296ae3e04
                                                                            • Instruction ID: cff6f2596079ce48ff09b68c64ea01307c523ecbdb6b8c3de1d9cfde3c376825
                                                                            • Opcode Fuzzy Hash: 98192f8386ccd037f8597c62f190d5f55432c19856bf435bf1a3fa6296ae3e04
                                                                            • Instruction Fuzzy Hash: 31D16DB1644700AFD724DF68CD81F6BF7E5FB88B00F404A1DB68997691EB70E8048BA5
                                                                            Function 00512040 Relevance: 67.0, APIs: 29, Strings: 9, Instructions: 499memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                              • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                              • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                              • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                              • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                              • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                              • Part of subcall function 004CB5F0: SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004CB626
                                                                              • Part of subcall function 004CB5F0: _wmkdir.MSVCR80 ref: 004CB633
                                                                              • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                              • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                            • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,?,00000001,\ManyCam,00000000,00569E94,?,00569E90,?,00569E8C,?,00000000,00000000), ref: 0051221A
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0051222B
                                                                              • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 00512251
                                                                              • Part of subcall function 004167E0: _DebugHeapAllocator.LIBCPMTD ref: 004167EE
                                                                              • Part of subcall function 004CC140: wcscpy_s.MSVCR80 ref: 004CC168
                                                                              • Part of subcall function 004CC140: SHFileOperationW.SHELL32(00000000), ref: 004CC1BD
                                                                            • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,NewEffect,00569EAC,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,A7504B2B), ref: 00512270
                                                                            • CreateDirectoryW.KERNEL32(00000000,?,?,?,?,00569ED4,640x480,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002), ref: 005122D0
                                                                            • CreateDirectoryW.KERNEL32(00000000,?,?,?,?,00569EE8,352x288,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002), ref: 0051234A
                                                                            • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,A7504B2B), ref: 00512372
                                                                            • ?SetFrame@CxImage@@QAEXJ@Z.CXIMAGECRT(00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,A7504B2B), ref: 00512383
                                                                            • ?SetRetreiveAllFrames@CxImage@@QAEX_N@Z.CXIMAGECRT(00000001,00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,A7504B2B), ref: 00512390
                                                                            • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,00000001,00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,A7504B2B), ref: 005123A6
                                                                            • ~_Mpunct.LIBCPMTD ref: 005123C8
                                                                              • Part of subcall function 004166C0: ?DestroyFrames@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166D3
                                                                              • Part of subcall function 004166C0: ?Destroy@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166DB
                                                                            • ?GetNumFrames@CxImage@@QBEJXZ.CXIMAGECRT(00000000,00000000,00000001,00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,A7504B2B), ref: 005123F6
                                                                            • ?GetNumFrames@CxImage@@QBEJXZ.CXIMAGECRT(?,?,?,?,00569F04,preview.jpg,00000000,00000000,00000001,00000000,00000000,?,00569E90,?,00569E8C), ref: 00512474
                                                                            • ?SetFrame@CxImage@@QAEXJ@Z.CXIMAGECRT(00000000,00000000,00000002,A7504B2B), ref: 005124F5
                                                                            • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,00000000,00000000,00000002,A7504B2B), ref: 0051250B
                                                                            • ?GetFrameDelay@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000002,A7504B2B), ref: 00512516
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000,00000000,00000001,00000000,00000000), ref: 005125AD
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000,00000000,00000001,00000000), ref: 005125B6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Image@@$AllocatorDebugHeap$CreateDirectoryFrames@$Frame@Load@$Delay@DestroyDestroy@FileFolderFrameHeight@MpunctOperationPathRetreiveSpecialWidth@_wmkdirwcscpy_s
                                                                            • String ID: .mce$352x288$640x480$InternalProperties$NewEffect$\ManyCam$blocked=0type_id=%dcategory_name=%screator_info=preview=%s$preview.jpg$preview.jpg
                                                                            • API String ID: 2719232945-3254136489
                                                                            • Opcode ID: edb56aa18bfe84e8b2a6fcb1c4672e86fafff6400bd075d5d8bb305b2034b014
                                                                            • Instruction ID: 9b3459efdfe137e0bd21340dd663e66a4f958181f4942486322fc66185ab85f6
                                                                            • Opcode Fuzzy Hash: edb56aa18bfe84e8b2a6fcb1c4672e86fafff6400bd075d5d8bb305b2034b014
                                                                            • Instruction Fuzzy Hash: D43219B19002599BDB24EB65CC95BEEBBB8BF44304F0041EDE509A7282DB746F84CF95
                                                                            Function 00409060 Relevance: 54.7, APIs: 22, Strings: 9, Instructions: 435COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                              • Part of subcall function 00418B80: CreateSolidBrush.GDI32(A7504B2B), ref: 00418B8B
                                                                            • FillRect.USER32(00000000,?,00000000), ref: 0040910F
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000), ref: 00409152
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040917C
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409191
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004091BC
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004091DB
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(000000E8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409212
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409231
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040924D
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000006,?,000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409269
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,-00000006,00000006,?,000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000), ref: 00409287
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(000000E8,00000000,00000000,00000000,-00000006,00000006,?,000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000), ref: 004092A3
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000006,00000000,000000E8,00000000,00000000,00000000,-00000006,00000006,?,000000E8,00000000,00000000,00000000,00000006), ref: 004092C4
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,005952B0,00000000,00000000,00000000,?,00000006,00000000,000000E8,00000000,00000000,00000000,-00000006,00000006,?,000000E8), ref: 004092E7
                                                                            • memset.MSVCR80 ref: 00409647
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00409676
                                                                            • SetTextColor.GDI32(00000000,00945121), ref: 0040968D
                                                                              • Part of subcall function 00415F90: CopyRect.USER32(?,004093A8), ref: 00415F9F
                                                                            • DrawTextW.USER32(00000000,00000000,00000000,00000018,00000020), ref: 004096E4
                                                                            • SelectObject.GDI32(00000000,?), ref: 004096F9
                                                                            • GetWindowRect.USER32(00000000,?), ref: 0040971D
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,000000FF,000000FF,00000000,00000000,?), ref: 0040974D
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,000000FF,000000FF,00000000,00000000,?), ref: 00409770
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Image@@$C__@@Draw@Utag$T@@_$Width@$Rect$Height@$ObjectSelectText$BrushClientColorCopyCreateDrawFillSolidU3@_Windowmemset
                                                                            • String ID: ,$Category:$Created by:$Name:$Select Resource File:$Tahoma$Type:$]$k
                                                                            • API String ID: 333958392-4118964679
                                                                            • Opcode ID: 57c0907e371b0e5315c579a3b0ab3a5d9bb1bc661649efe18dc397683e395b28
                                                                            • Instruction ID: c7ad2873c58e454c86f9403bdf801017c004aeaca137986ed775093af6690a25
                                                                            • Opcode Fuzzy Hash: 57c0907e371b0e5315c579a3b0ab3a5d9bb1bc661649efe18dc397683e395b28
                                                                            • Instruction Fuzzy Hash: 1712F970900258DFEB24EB64CC59BEEBB74AF55308F1081E9E10A7B291DB746E88CF55
                                                                            Function 004DFB90 Relevance: 53.0, APIs: 17, Strings: 13, Instructions: 467memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004DFBF8
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004DFCA8
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004DFD09
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004DFD20
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004DFD4C
                                                                            • ??2@YAPAXI@Z.MSVCR80(00000730,Objects,?,00000000,?,00000001,mce;png;gif;bmp;jpg,00000000,00000000,Avatars,Objects,?,Objects,00000000,?,?), ref: 004DFDA6
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004DFDDA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$??2@
                                                                            • String ID: Avatars$Avatars$Backgrounds$Backgrounds$Backgrounds$Face accessories$Face accessories$Face accessories$Objects$Objects$Objects$Text over video$mce;png;gif;bmp;jpg
                                                                            • API String ID: 1120120259-206835408
                                                                            • Opcode ID: d03f7ad0f4026a635888b16adfd0c88c78ab99df69ea574cede163314c466ec1
                                                                            • Instruction ID: 863c393ab99b281b1a89dc60ed5188a45fcf53b181839f16f77b3e1b5f5f418e
                                                                            • Opcode Fuzzy Hash: d03f7ad0f4026a635888b16adfd0c88c78ab99df69ea574cede163314c466ec1
                                                                            • Instruction Fuzzy Hash: B5222BB0D023589ADB64DB69CD45BDEBBB5AB49304F0041DEE009B7282DB745F84CF96
                                                                            Function 0041FEC0 Relevance: 52.8, APIs: 35, Instructions: 281COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                              • Part of subcall function 00418B80: CreateSolidBrush.GDI32(A7504B2B), ref: 00418B8B
                                                                            • FillRect.USER32(00000000,?,00000000), ref: 0041FF4E
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000), ref: 0041FF79
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000), ref: 0041FF88
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041FFA8
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041FFC4
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041FFD5
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0041FFE4
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00420003
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00420015
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00420024
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00420033
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 00420054
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00420066
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0042007F
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00420094
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 004200AF
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 004200C1
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 004200DA
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 004200EB
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004200FF
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 0042011A
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 0042012C
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0042013B
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0042014E
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 0042016B
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00420187
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00420198
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 004201A7
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 004201B9
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 004201D6
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 004201E8
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 004201F7
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00420206
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0042021A
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 00420237
                                                                              • Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Image@@$Height@Width@$C__@@Draw@T@@_Utag$Rect$BrushClientCreateFillSolid
                                                                            • String ID:
                                                                            • API String ID: 3081667405-0
                                                                            • Opcode ID: e5508424702d3637028a52f75ed04034ea68152d49e61552c755e5592890112e
                                                                            • Instruction ID: 1c2bfeca7ff6b3ab6ad25faf3ba119e10400a5b9e5fd5cc21205db22d06f93b4
                                                                            • Opcode Fuzzy Hash: e5508424702d3637028a52f75ed04034ea68152d49e61552c755e5592890112e
                                                                            • Instruction Fuzzy Hash: 9FB1CF71E00109ABDB08FBD8CCA5BFEB779EF84304F14412DA216B7295DF242959CB65
                                                                            Function 00B94590 Relevance: 51.1, APIs: 22, Strings: 7, Instructions: 311COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvGetMat.CXCORE099 ref: 00B945B5
                                                                            • cvGetErrStatus.CXCORE099(?,00000000,00000000,?), ref: 00B945BF
                                                                            • cvError.CXCORE099(000000FF,cvConvertImage,Inner function failed.,.\utils.cpp,00000203,?,00000000,00000000,?), ref: 00B945DE
                                                                            • cvReleaseMat.CXCORE099(?,?,?,?,?,?,?,00000000,00000000,?), ref: 00B945EB
                                                                            • cvGetMat.CXCORE099(?,?,00000000,00000000,?,?,00000000,00000000,?), ref: 00B94607
                                                                            • cvGetErrStatus.CXCORE099(?,?,?,?,?,00000000,00000000,?), ref: 00B94615
                                                                            • cvError.CXCORE099(000000FF,cvConvertImage,Inner function failed.,.\utils.cpp,00000204,?,?,?,?,?,00000000,00000000,?), ref: 00B94634
                                                                            • cvReleaseMat.CXCORE099(?,?,?,?,?,?,?,?,?,?,00000000,00000000,?), ref: 00B94642
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorReleaseStatus
                                                                            • String ID: .\utils.cpp$Destination image must be 8u$Destination image must have 1 or 3 channels$Inner function failed.$Source image must have 1, 3 or 4 channels$Unsupported combination of input/output formats$cvConvertImage
                                                                            • API String ID: 93656100-3009054405
                                                                            • Opcode ID: aad8cc51cff400f9955dbe7b68b98d18bcdd03bf389c92e3bfcf7a21960c00b1
                                                                            • Instruction ID: 34ccedb727d2df4ceaad5087f5b3c1e47e37a5d291dd9dafcbb2a3891cbd223e
                                                                            • Opcode Fuzzy Hash: aad8cc51cff400f9955dbe7b68b98d18bcdd03bf389c92e3bfcf7a21960c00b1
                                                                            • Instruction Fuzzy Hash: EF9126B2A403006BDA10EF58DC82F2BB7D8AB95714F180AA9F45557292F771ED0987A2
                                                                            Function 00BC5981 Relevance: 48.5, APIs: 14, Strings: 18, Instructions: 455COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: sprintf
                                                                            • String ID: Color channels$Compression$InkSet$Missing needed %s tag$Missing required "Colormap" tag$Out of memory for colormap copy$PhotometricInterpretation$Planarconfiguration$Samples/pixel$Sorry, LogL data must have %s=%d$Sorry, LogLuv data must have %s=%d or %d$Sorry, can not handle LogLuv images with %s=%d$Sorry, can not handle RGB image with %s=%d$Sorry, can not handle YCbCr images with %s=%d$Sorry, can not handle contiguous data with %s=%d, and %s=%d and Bits/Sample=%d$Sorry, can not handle image$Sorry, can not handle image with %s=%d$Sorry, can not handle separated image with %s=%d
                                                                            • API String ID: 590974362-2918685798
                                                                            • Opcode ID: a8fd80a09a35021c4afb7c8f56e659b39de9e15b5ae8c3f91dfbb29a74a09260
                                                                            • Instruction ID: 98b6e81f2783637e6c860bf6b4ab21b3552f685f34a9d2b8eefca1f282b68a37
                                                                            • Opcode Fuzzy Hash: a8fd80a09a35021c4afb7c8f56e659b39de9e15b5ae8c3f91dfbb29a74a09260
                                                                            • Instruction Fuzzy Hash: 26D11C716407006BE320BB29DC86EBB73E8EF80710F8445BEF946C6151E779F5868756
                                                                            Function 00BC5590 Relevance: 43.7, APIs: 12, Strings: 17, Instructions: 217COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            • Sorry, can not handle LogLuv images with %s=%d, xrefs: 00BC5820
                                                                            • Compression, xrefs: 00BC578F, 00BC57EB
                                                                            • Color channels, xrefs: 00BC5700
                                                                            • PhotometricInterpretation, xrefs: 00BC5614, 00BC56A5, 00BC57B4
                                                                            • Sorry, can not handle contiguous data with %s=%d, and %s=%d and Bits/Sample=%d, xrefs: 00BC56AA
                                                                            • Sorry, can not handle images with %d-bit samples, xrefs: 00BC583E
                                                                            • Sorry, can not handle image with %s=%d, xrefs: 00BC57B9
                                                                            • Sorry, LogLuv data must have %s=%d or %d, xrefs: 00BC57F0
                                                                            • Sorry, LogL data must have %s=%d, xrefs: 00BC5794
                                                                            • Sorry, can not handle YCbCr images with %s=%d, xrefs: 00BC56DE
                                                                            • Planarconfiguration, xrefs: 00BC56D9, 00BC581B
                                                                            • Missing needed %s tag, xrefs: 00BC5619
                                                                            • Samples/pixel, xrefs: 00BC569B, 00BC5761
                                                                            • InkSet, xrefs: 00BC572F
                                                                            • Sorry, can not handle RGB image with %s=%d, xrefs: 00BC5705
                                                                            • Sorry, can not handle separated image with %s=%d, xrefs: 00BC5734, 00BC5766
                                                                            • Sorry, requested compression method is not configured, xrefs: 00BC55A4
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: sprintf
                                                                            • String ID: Color channels$Compression$InkSet$Missing needed %s tag$PhotometricInterpretation$Planarconfiguration$Samples/pixel$Sorry, LogL data must have %s=%d$Sorry, LogLuv data must have %s=%d or %d$Sorry, can not handle LogLuv images with %s=%d$Sorry, can not handle RGB image with %s=%d$Sorry, can not handle YCbCr images with %s=%d$Sorry, can not handle contiguous data with %s=%d, and %s=%d and Bits/Sample=%d$Sorry, can not handle image with %s=%d$Sorry, can not handle images with %d-bit samples$Sorry, can not handle separated image with %s=%d$Sorry, requested compression method is not configured
                                                                            • API String ID: 590974362-4190150193
                                                                            • Opcode ID: f04b48f9a5e228cde9a1f842c995e0f321c9195a98665daebe713ef427992624
                                                                            • Instruction ID: 3d48875b639b6e7c5acb261bab011a367af1b2f238ea46e2d4cfc8385d71f68a
                                                                            • Opcode Fuzzy Hash: f04b48f9a5e228cde9a1f842c995e0f321c9195a98665daebe713ef427992624
                                                                            • Instruction Fuzzy Hash: A851D5367087516BD720EB39FC49EA773E8EF80700B4448BAF589D71A0E664AC86C756
                                                                            Function 00473AC0 Relevance: 40.5, APIs: 8, Strings: 15, Instructions: 263memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • wcsncpy.MSVCR80 ref: 00473B72
                                                                              • Part of subcall function 004749C0: List.LIBCMTD ref: 004749CA
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 00473BDF
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 00473BF7
                                                                            • wcsncpy.MSVCR80 ref: 00473C23
                                                                            • _wtoi.MSVCR80(00000000,font-size,font-family,-00000004,00000000,00000000,?,?), ref: 00473C46
                                                                            • _wtoi.MSVCR80(00000000,bold,normal,font-weight,font-size,font-family,-00000004,00000000,00000000,?,?), ref: 00473CA8
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 00473CE4
                                                                            • memcpy.MSVCR80(00000000,?,00000004,?,?,?,color,font-weight,font-size,font-family,-00000004,00000000,00000000,?,?), ref: 00473D09
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$_wtoiwcsncpy$Listmemcpy
                                                                            • String ID: Tahoma$bold$bottom$center$color$font-family$font-size$font-weight$left$middle$normal$right$text-align$top$vertical-align
                                                                            • API String ID: 2887013889-1516497678
                                                                            • Opcode ID: 788e32562ee1b3e60529b53916602aee49f0928f9813a148764b4366f98aa258
                                                                            • Instruction ID: 2ca92ed9edc0e43fd755dbe637c67a1d90932da1e7afedfaae36012b12e5aafe
                                                                            • Opcode Fuzzy Hash: 788e32562ee1b3e60529b53916602aee49f0928f9813a148764b4366f98aa258
                                                                            • Instruction Fuzzy Hash: 8DB17470600109DFDB04DF65D991AEEBBB4BF14305F10845EE80577392EB38EA59CB65
                                                                            Function 004F6BD0 Relevance: 38.7, APIs: 15, Strings: 7, Instructions: 165fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,Dynamic), ref: 004F6C39
                                                                            • GetFileSize.KERNEL32(000000FF,00000000), ref: 004F6C72
                                                                            • CloseHandle.KERNEL32(000000FF), ref: 004F6C83
                                                                              • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                            • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,?,Dynamic), ref: 004F6CD4
                                                                            Strings
                                                                            • Dynamic, xrefs: 004F6C05
                                                                            • The file size is larger than the maximum allowed (10 Mb)., xrefs: 004F6C89
                                                                            • The Resource File is corrupted. Please select another., xrefs: 004F6C48
                                                                            • You have selected a file with the size larger than 3Mb., xrefs: 004F6D24
                                                                            • The Resource File is corrupted. Please select another., xrefs: 004F6CE3
                                                                            • You have selected an image with the dimension larger than 3000x2000., xrefs: 004F6DDB
                                                                            • The Resource File is corrupted. Please select another., xrefs: 004F6D81
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: File$Create$AllocatorCloseDebugHandleHeapSize
                                                                            • String ID: Dynamic$The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$The file size is larger than the maximum allowed (10 Mb).$You have selected a file with the size larger than 3Mb.$You have selected an image with the dimension larger than 3000x2000.
                                                                            • API String ID: 1944681888-4013501048
                                                                            • Opcode ID: db53ed9e86c52f9cf1fd276464b43294e0c4f6e7b9bf3ea5ce6500d8ea47b909
                                                                            • Instruction ID: 602c555bb4c1e2a523d70d8c740280473e2c328c7d9138f782ffa9abfa287272
                                                                            • Opcode Fuzzy Hash: db53ed9e86c52f9cf1fd276464b43294e0c4f6e7b9bf3ea5ce6500d8ea47b909
                                                                            • Instruction Fuzzy Hash: 27613C70A00258ABDB14EF54DC96BEEBB75FB40314F50465AF91AAB2D0CB34AF81DB44
                                                                            Function 00B914C0 Relevance: 38.7, APIs: 21, Strings: 1, Instructions: 157windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • capGetDriverDescriptionA.AVICAP32(?,?,00000050,?,00000050,00000000,?,?,?), ref: 00B91512
                                                                            • capCreateCaptureWindowA.AVICAP32(My Own Capture Window,C0000000,00000000,00000000,00000140,000000F0,00000000,00000000,?,?,00000050,?,00000050,00000000), ref: 00B91537
                                                                            • IsWindow.USER32(00000000), ref: 00B9153F
                                                                            • SendMessageA.USER32(00000000,0000040A,?,00000000), ref: 00B9154E
                                                                            • DestroyWindow.USER32(00000000,?,?,?), ref: 00B91555
                                                                            • memset.MSVCR80 ref: 00B91590
                                                                            • IsWindow.USER32(00000000), ref: 00B91599
                                                                            • SendMessageA.USER32(00000000,0000040E,00000004,?), ref: 00B915A8
                                                                            • MoveWindow.USER32(00000000,00000000,00000000,00000140,000000F0,00000001,?,?,?), ref: 00B915BB
                                                                            • IsWindow.USER32(00000000), ref: 00B915C2
                                                                            • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 00B915D5
                                                                            • IsWindow.USER32(00000000), ref: 00B915D8
                                                                            • SendMessageA.USER32(00000000,00000405,00000000,00B91470), ref: 00B915EB
                                                                            • IsWindow.USER32(00000000), ref: 00B915EE
                                                                            • SendMessageA.USER32(00000000,00000441,00000060,?), ref: 00B91601
                                                                            • IsWindow.USER32 ref: 00B9160C
                                                                            • SendMessageA.USER32(00000000,00000440,00000060,?), ref: 00B9161F
                                                                            • IsWindow.USER32(00000000), ref: 00B91622
                                                                            • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00B91632
                                                                            • IsWindow.USER32(00000000), ref: 00B91635
                                                                            • SendMessageA.USER32(00000000,00000434,00000001,00000000), ref: 00B91645
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageSend$CaptureCreateDescriptionDestroyDriverMovememset
                                                                            • String ID: My Own Capture Window
                                                                            • API String ID: 3791414574-3038378883
                                                                            • Opcode ID: 55f2f722ea0dc361d8fcfccc1fae8f2c3d5fcd9dfd1379d76276762de9ab9471
                                                                            • Instruction ID: 0b0abd0cbf95fb945603a6808409046b019c5c27df95758b22f953f6e744bb5e
                                                                            • Opcode Fuzzy Hash: 55f2f722ea0dc361d8fcfccc1fae8f2c3d5fcd9dfd1379d76276762de9ab9471
                                                                            • Instruction Fuzzy Hash: 4041E9307817137BF6209B298C42FAF76DCEF86B40F010465F345AA1C0EBB4E901866E
                                                                            Function 00420D30 Relevance: 37.7, APIs: 25, Instructions: 218windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Color$Rect$BrushCreateDeleteObjectSolidText$Fill$DrawFocusFrameModewcslen
                                                                            • String ID:
                                                                            • API String ID: 2925841201-0
                                                                            • Opcode ID: 26bd2938b346416d1ad719aebc76d141ac748537c15b6b170e29b0edcf1e6a47
                                                                            • Instruction ID: 66e9c8a567400198a530f2ea5b8cee96818a293c6e558f9a1399f5342b62ddb8
                                                                            • Opcode Fuzzy Hash: 26bd2938b346416d1ad719aebc76d141ac748537c15b6b170e29b0edcf1e6a47
                                                                            • Instruction Fuzzy Hash: 36A1BAB5A00208DFDB08CFD8D9989AEBBB5FF9C310F108119EA19AB355D734A945DF90
                                                                            Function 00B968E0 Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 178COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvInitSystem.HIGHGUI099(00000000,00000000), ref: 00B968EC
                                                                              • Part of subcall function 00B96810: LoadIconA.USER32 ref: 00B9685D
                                                                              • Part of subcall function 00B96810: LoadCursorA.USER32(00000000,00007F03), ref: 00B9686D
                                                                              • Part of subcall function 00B96810: GetStockObject.GDI32(00000002), ref: 00B9687F
                                                                              • Part of subcall function 00B96810: RegisterClassA.USER32(?), ref: 00B96890
                                                                              • Part of subcall function 00B96810: GetStockObject.GDI32(00000002), ref: 00B968A1
                                                                              • Part of subcall function 00B96810: RegisterClassA.USER32(?), ref: 00B968B4
                                                                            • cvError.CXCORE099(000000E5,cvNamedWindow,NULL name string,.\window_w32.cpp,00000173), ref: 00B96912
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ClassLoadObjectRegisterStock$CursorErrorIconInitSystem
                                                                            • String ID: .\window_w32.cpp$Frame window can not be created$HighGUI class$Inner function failed.$Main HighGUI class$NULL name string$cvNamedWindow
                                                                            • API String ID: 574138462-2062437467
                                                                            • Opcode ID: 2c695fd037a8fff041b61a8356e13d7a6ef6778d2bdd1f40fa606d61e0bb7043
                                                                            • Instruction ID: 5c2a826da5cd9efc62a58a9dcd17515045349358f545227455a6d95d2ea02c17
                                                                            • Opcode Fuzzy Hash: 2c695fd037a8fff041b61a8356e13d7a6ef6778d2bdd1f40fa606d61e0bb7043
                                                                            • Instruction Fuzzy Hash: 0B51D6B17443117BDB109F6A9C85F56BBD8EB88B21F1442BBF508A72D1E7B0E8108BD4
                                                                            Function 004DF9D0 Relevance: 36.8, APIs: 11, Strings: 10, Instructions: 100COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Backgrounds$Dynamic$Eyebrow$Eyeglasses$Face$Face accessories$Hair$Hats$Objects$Static
                                                                            • API String ID: 0-1997589367
                                                                            • Opcode ID: 901aaf5dd029739a1d3c8ae11e8e018cde442a6ffa83023b5c9d53f9021075d0
                                                                            • Instruction ID: 0d5221454f0c8e7e8b894d99aff3531fa54f2736b105361686d27a0df3d4384b
                                                                            • Opcode Fuzzy Hash: 901aaf5dd029739a1d3c8ae11e8e018cde442a6ffa83023b5c9d53f9021075d0
                                                                            • Instruction Fuzzy Hash: AC413B30A042199BCB25DF14D8A5BAB7761BB41708F1405BBB41A5B3D0CB79AEC9CB89
                                                                            Function 0041EA80 Relevance: 35.3, APIs: 16, Strings: 4, Instructions: 259windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 0041EAEF
                                                                            • FillRect.USER32(00000000,?,00000000), ref: 0041EB03
                                                                            • LoadIconW.USER32(00000000,00000087), ref: 0041EB51
                                                                            • DrawIconEx.USER32(00000000,0000000A,0000000A,?,00000020,00000020,00000000,00000000,00000003), ref: 0041EB75
                                                                            • DeleteObject.GDI32(?), ref: 0041EB7F
                                                                            • SetBkMode.GDI32(00000000,00000001), ref: 0041EBB2
                                                                            • GetTextColor.GDI32(00000000), ref: 0041EBC1
                                                                            • SetTextColor.GDI32(00000000,00000000), ref: 0041EBD2
                                                                            • memset.MSVCR80 ref: 0041EC7C
                                                                              • Part of subcall function 00417240: CreateFontIndirectW.GDI32(00409661), ref: 0041724B
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 0041ECBC
                                                                            • memset.MSVCR80 ref: 0041ECE8
                                                                            • memset.MSVCR80 ref: 0041ED12
                                                                            • memset.MSVCR80 ref: 0041ED3C
                                                                            • wcslen.MSVCR80 ref: 0041EDE0
                                                                            • DrawTextW.USER32(00000000,?,00000000), ref: 0041EE04
                                                                            • SelectObject.GDI32(00000000,?), ref: 0041EE1C
                                                                            Strings
                                                                            • Please confirm that ManyCam has permission to add this codec to your computer., xrefs: 0041ECF5
                                                                            • Verdana, xrefs: 0041EC42
                                                                            • For more information please visit , xrefs: 0041ED1F
                                                                            • To run ManyCam's dynamic background effects it is necessary to have the Indeo(R) codec installed and registered on your computer., xrefs: 0041ECCD
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: memset$ColorObjectText$DrawIconRectSelect$BrushClientCreateDeleteFillFontIndirectLoadModewcslen
                                                                            • String ID: For more information please visit $Please confirm that ManyCam has permission to add this codec to your computer.$To run ManyCam's dynamic background effects it is necessary to have the Indeo(R) codec installed and registered on your computer.$Verdana
                                                                            • API String ID: 744489110-1759026381
                                                                            • Opcode ID: 58b7292fdbef0849fd6a32aea5d5f1962e852a66df7108f83bd5b60b6f2a3ebe
                                                                            • Instruction ID: 8647ecc2d404d113b85be19741f6e1cb79f34e612718a269b33a6944d2f87c5b
                                                                            • Opcode Fuzzy Hash: 58b7292fdbef0849fd6a32aea5d5f1962e852a66df7108f83bd5b60b6f2a3ebe
                                                                            • Instruction Fuzzy Hash: 00C147B0D00219DBDB14CF94DC94BEEBBB9BF54304F1081AAE509AB381DB746A89CF54
                                                                            Function 00402130 Relevance: 33.7, APIs: 16, Strings: 3, Instructions: 433COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvError.CXCORE099(000000FB,cvCylDrawCylinder,Invalid parameter.,.\src\cylaux.cpp,0000009A), ref: 00402670
                                                                              • Part of subcall function 00405340: cvSet.CXCORE099(?,?,?,?,00000000,0040217B), ref: 0040535D
                                                                            • cvGEMM.CXCORE099(?,?), ref: 004021A7
                                                                            • _CIcos.MSVCR80 ref: 004021DD
                                                                            • _CIsin.MSVCR80 ref: 004021EA
                                                                            • cvGEMM.CXCORE099(?,?), ref: 0040225F
                                                                            • cvGEMM.CXCORE099(?,?), ref: 004022C4
                                                                            • cvGEMM.CXCORE099(?,?), ref: 00402325
                                                                            • _CIsqrt.MSVCR80 ref: 004023DC
                                                                            • _CIsqrt.MSVCR80 ref: 004023F7
                                                                            • _CIacos.MSVCR80 ref: 00402431
                                                                            • cvSet2D.CXCORE099(?,?,?), ref: 00402488
                                                                            • _CIcos.MSVCR80 ref: 004024E9
                                                                            • _CIsin.MSVCR80 ref: 00402517
                                                                            • cvGEMM.CXCORE099(?,?), ref: 00402559
                                                                            • cvGEMM.CXCORE099(?,?), ref: 004025DA
                                                                            • cvLine.CXCORE099(?,?,?,?,?), ref: 0040264C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: IcosIsinIsqrt$ErrorIacosLineSet2
                                                                            • String ID: .\src\cylaux.cpp$Invalid parameter.$cvCylDrawCylinder
                                                                            • API String ID: 3689646513-1738803442
                                                                            • Opcode ID: 8deb28bca9f0b0be666a0c88b69cf3ae356be30c15ac8f98f76c123cc54bb843
                                                                            • Instruction ID: ee0604925432baceefbd38c3e5584ac40f80a2529fa49fd9d4d055b72c52293a
                                                                            • Opcode Fuzzy Hash: 8deb28bca9f0b0be666a0c88b69cf3ae356be30c15ac8f98f76c123cc54bb843
                                                                            • Instruction Fuzzy Hash: C8F1A171A05601DBD304AF60D989696BFF0FF84780F614D88E5D4672A9EB3198B4CFC6
                                                                            Function 004018D0 Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 298COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvError.CXCORE099(000000FB,cvCylGetModelPosition,Null pointer to tracker context.,.\src\cyltracker.cpp,00000223,?,?,?), ref: 004018F9
                                                                            • cvError.CXCORE099(000000FB,cvCylGetModelPosition,Null pointer to head config structure.,.\src\cyltracker.cpp,00000226,?,?,?), ref: 00401925
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Error
                                                                            • String ID: .\src\cyltracker.cpp$Null pointer to head config structure.$Null pointer to tracker context.$cvCylGetModelPosition
                                                                            • API String ID: 2619118453-1894096719
                                                                            • Opcode ID: 94b001c55bfdf0bd65362a55d97ec9160b4cac4fd4508785464b6c2c950edd66
                                                                            • Instruction ID: 9f04fb016eb92f5e31f0ef4e1e4ba15881229676976377827f4aa03fecfd0c42
                                                                            • Opcode Fuzzy Hash: 94b001c55bfdf0bd65362a55d97ec9160b4cac4fd4508785464b6c2c950edd66
                                                                            • Instruction Fuzzy Hash: 95C12770609210EFC354AF14D58996ABFB0FF84340F929D98F4E5672A9D730E971CB86
                                                                            Function 0041EFD0 Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 268windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 0041F03F
                                                                            • FillRect.USER32(00000000,000000FF,00000000), ref: 0041F053
                                                                            • LoadIconW.USER32(00000000,00000087), ref: 0041F0A1
                                                                            • DrawIconEx.USER32(00000000,0000000A,0000000A,00529873,0000000A,0000000A,00000000,00000000,00000003), ref: 0041F0D3
                                                                            • DeleteObject.GDI32(00529873), ref: 0041F0DD
                                                                            • SetBkMode.GDI32(00000000,00000001), ref: 0041F110
                                                                            • GetTextColor.GDI32(00000000), ref: 0041F11F
                                                                            • SetTextColor.GDI32(00000000,00000000), ref: 0041F130
                                                                            • memset.MSVCR80 ref: 0041F1DA
                                                                              • Part of subcall function 00417240: CreateFontIndirectW.GDI32(00409661), ref: 0041724B
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 0041F21A
                                                                            • memset.MSVCR80 ref: 0041F293
                                                                            • memset.MSVCR80 ref: 0041F2BA
                                                                            • wcslen.MSVCR80 ref: 0041F35E
                                                                            • DrawTextW.USER32(00000000,?,00000000), ref: 0041F385
                                                                            • SelectObject.GDI32(00000000,?), ref: 0041F39D
                                                                            Strings
                                                                            • This feature requires a special video codec to function properly. Unfortunately, xrefs: 0041F22B
                                                                            • Verdana, xrefs: 0041F1A0
                                                                            • visit the ManyCam website help page , xrefs: 0041F2A0
                                                                            • this codec doesn, xrefs: 0041F27B
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ColorObjectTextmemset$DrawIconRectSelect$BrushClientCreateDeleteFillFontIndirectLoadModewcslen
                                                                            • String ID: This feature requires a special video codec to function properly. Unfortunately$Verdana$this codec doesn$visit the ManyCam website help page
                                                                            • API String ID: 923866622-1098169901
                                                                            • Opcode ID: 3f31620da8421e62cd21c6cfa0caa7031ff0a88d6dc715023633d5f283328bfa
                                                                            • Instruction ID: 6f95be4a3cc1c25362b5af6b12462e5a34df96a0e09e544e1f1783aa57f49324
                                                                            • Opcode Fuzzy Hash: 3f31620da8421e62cd21c6cfa0caa7031ff0a88d6dc715023633d5f283328bfa
                                                                            • Instruction Fuzzy Hash: 83D1F7B0D002189FDB14DF99DC54BDEBBB8BF58304F1081AAE509AB391DB746A89CF54
                                                                            Function 004D1F20 Relevance: 31.9, APIs: 15, Strings: 3, Instructions: 394windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                              • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                            • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D2030
                                                                            • GetTickCount.KERNEL32 ref: 004D2076
                                                                            • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D20A0
                                                                            • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D212D
                                                                            • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D21FB
                                                                            • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D228A
                                                                            • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D22EE
                                                                            • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D2358
                                                                            • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D23CB
                                                                            • GetTickCount.KERNEL32 ref: 004D23FB
                                                                            • IsWindow.USER32(?), ref: 004D243D
                                                                            • PostMessageW.USER32(?,00008190,000000FF,FFFFFFFF), ref: 004D245E
                                                                            • SendMessageW.USER32(00000000,00008194,00000000,?), ref: 004D249E
                                                                            • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D24B5
                                                                            • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D24E2
                                                                              • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                            Strings
                                                                            • CPlayList::ActivateItem (%s) pos=%d reset=%d, xrefs: 004D1F6A
                                                                            • Couldn't activate item., xrefs: 004D221C
                                                                            • fUS, xrefs: 004D2447
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Concurrency::cancellation_token_source::~cancellation_token_source$CountMessageTickclock$AllocatorDebugHeapPostSendWindow
                                                                            • String ID: CPlayList::ActivateItem (%s) pos=%d reset=%d$Couldn't activate item.$fUS
                                                                            • API String ID: 2714024287-817954826
                                                                            • Opcode ID: 72d5d28fb81e9cb43a23bfa0ae115a46047e039f4e0d0dee57b90eda3ef89231
                                                                            • Instruction ID: cd11fd919a321e88f285589761f8251e1514877f7c039c8d1d7105039d16572d
                                                                            • Opcode Fuzzy Hash: 72d5d28fb81e9cb43a23bfa0ae115a46047e039f4e0d0dee57b90eda3ef89231
                                                                            • Instruction Fuzzy Hash: FA027970A00218DFDB14DBA4CD61BEEBBB1AF55308F14819EE5096B382CB746E89CF55
                                                                            Function 004C8720 Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 318COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                              • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                            • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C878C
                                                                            • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C879B
                                                                            • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C87D2
                                                                            • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C87E1
                                                                              • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                            Strings
                                                                            • CManyCamModel::UpdateGraphTopologyOnSourceChange, xrefs: 004C8755
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Concurrency::cancellation_token_source::~cancellation_token_source$clock$AllocatorDebugHeap
                                                                            • String ID: CManyCamModel::UpdateGraphTopologyOnSourceChange
                                                                            • API String ID: 952932671-1321120180
                                                                            • Opcode ID: 0b90ff5f2a21a3f5109c721d4de8bebc9373ba52e13293d6d0797d08fd4d5099
                                                                            • Instruction ID: 10940e179f8bca40d99c735d3df1e6ff842ee16e2e5db1de052c77a05b9f2183
                                                                            • Opcode Fuzzy Hash: 0b90ff5f2a21a3f5109c721d4de8bebc9373ba52e13293d6d0797d08fd4d5099
                                                                            • Instruction Fuzzy Hash: 5BE13E70D04248DECB04EFA5D961BEEBBB0AF15308F10815FF4166B282EF785A45DB99
                                                                            Function 004B2A80 Relevance: 31.7, APIs: 3, Strings: 15, Instructions: 169COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 004B76D0: fwprintf.MSVCR80 ref: 004B7764
                                                                              • Part of subcall function 004B76D0: fflush.MSVCR80 ref: 004B7774
                                                                            • StringFromGUID2.OLE32()K,?,00000040,)K,0056F910,)K,00574DDC), ref: 004B2C30
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: FromStringfflushfwprintf
                                                                            • String ID: Bit count = %d$Format type = %s$Format type = FORMAT_VideoInfo$Format type = GUID_NULL$Frame size = %dx%d$Major type = %s$Major type = GUID_NULL$Major type = MEDIATYPE_Video$Mediatype info:$Subtype = %s$Subtype = GUID_NULL$Subtype = MEDIASUBTYPE_RGB24$Subtype = MEDIASUBTYPE_RGB32$vids$)K
                                                                            • API String ID: 2684700382-3987823964
                                                                            • Opcode ID: e2d8f3dbb539b25badfc673ac368b6ee49d21c1c39eb2143ec57eff8d32f1992
                                                                            • Instruction ID: 0a30e523ff0296b33be7bff9fb0a9039800934aade4f4bd872009a2dad4e24fd
                                                                            • Opcode Fuzzy Hash: e2d8f3dbb539b25badfc673ac368b6ee49d21c1c39eb2143ec57eff8d32f1992
                                                                            • Instruction Fuzzy Hash: A951C870E5420867DB10AF19DC57EDE3B34BF44705F00841AB908A6283EFB4EA59D7BA
                                                                            Function 00B96090 Relevance: 30.2, APIs: 20, Instructions: 218COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00B94A80: GetWindowLongA.USER32(?,000000EB), ref: 00B94A83
                                                                            • DefWindowProcA.USER32(?,?,?,?), ref: 00B960B6
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Window$LongProc
                                                                            • String ID:
                                                                            • API String ID: 2275667008-0
                                                                            • Opcode ID: 44f14b74e0578ae6fe68c301a41bae6ff7f960ce3d9901b2b80d022c868bad66
                                                                            • Instruction ID: db2e0c6da9f3953046750d2bfd243113ad3efe1afa1f74bc6c692cb5e801f837
                                                                            • Opcode Fuzzy Hash: 44f14b74e0578ae6fe68c301a41bae6ff7f960ce3d9901b2b80d022c868bad66
                                                                            • Instruction Fuzzy Hash: 29716CB5204201AFD714DB64DD84E6BFBE8FB88714F004A1DF98593250DB75ED05CBA1
                                                                            Function 00402C80 Relevance: 30.2, APIs: 20, Instructions: 174COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00403140: cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,0040120F), ref: 00403198
                                                                              • Part of subcall function 00403140: cvCreateImage.CXCORE099(?,?,80000010,00000001,?,00000000,?,0040120F), ref: 004031AF
                                                                              • Part of subcall function 00403140: cvCreateImage.CXCORE099(?,?,80000010,00000001,?,?,?,?,?,00000000,?,0040120F), ref: 004031C7
                                                                            • cvCreateMat.CXCORE099(00000004,00000004,00000005,0040120F), ref: 00402C98
                                                                            • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,0040120F), ref: 00402CB4
                                                                            • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,0040120F), ref: 00402CD0
                                                                            • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,0040120F), ref: 00402CEC
                                                                            • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,?,?,?,0040120F), ref: 00402D08
                                                                            • cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00402D24
                                                                            • cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00402D40
                                                                            • cvCreateMat.CXCORE099(00000003,00000004,00000005), ref: 00402D5C
                                                                            • cvCreateMat.CXCORE099(00000003,00000004,00000005), ref: 00402D78
                                                                            • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402D94
                                                                            • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402DB0
                                                                            • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402DCC
                                                                            • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402DE8
                                                                            • cvCreateMat.CXCORE099(00000003,00000001,00000005), ref: 00402E04
                                                                            • cvCreateMat.CXCORE099(00000006,00000006,00000005), ref: 00402E20
                                                                            • cvCreateMat.CXCORE099(00000006,00000001,00000005), ref: 00402E38
                                                                            • cvCreateMat.CXCORE099(00000006,00000001,00000005), ref: 00402E50
                                                                            • cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00402E68
                                                                            • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402E80
                                                                            • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402E98
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Create$Image
                                                                            • String ID:
                                                                            • API String ID: 1237808576-0
                                                                            • Opcode ID: ae6bf935b923b4879af12b20d1e7ba834aac778abf3f025c7bd5bd2a014dc142
                                                                            • Instruction ID: 61334a59a6328505146fa154266dd27d5a2e39e93b606410563eabcbac9550f4
                                                                            • Opcode Fuzzy Hash: ae6bf935b923b4879af12b20d1e7ba834aac778abf3f025c7bd5bd2a014dc142
                                                                            • Instruction Fuzzy Hash: 225106B0A81B027AF67057719E0BB9326912B26B01F050539BB4DB83C6FBF59521CA99
                                                                            Function 004B8960 Relevance: 30.1, APIs: 7, Strings: 10, Instructions: 397COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • Moniker is NULL., xrefs: 004B89FF
                                                                            • Failed to create the graph with hr=%X, xrefs: 004B8C85
                                                                            • Creating the graph for camera %s, xrefs: 004B8C3E
                                                                            • Error: camera name is empty., xrefs: 004B89BB
                                                                            • CManyCamGraphMgr::AddCameraInput, xrefs: 004B8995
                                                                            • Desired frame size is invalid., xrefs: 004B8A49
                                                                            • Such camera is already in the list: %s, xrefs: 004B8AC7
                                                                            • Graph creation failed with hr=%X, xrefs: 004B8E3F
                                                                            • Creating new entry for camera %s, xrefs: 004B8D86
                                                                            • Destroy the graph for camera %s, xrefs: 004B8B94
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: clock$AllocatorDebugHeapfflushfwprintf
                                                                            • String ID: CManyCamGraphMgr::AddCameraInput$Creating new entry for camera %s$Creating the graph for camera %s$Desired frame size is invalid.$Destroy the graph for camera %s$Error: camera name is empty.$Failed to create the graph with hr=%X$Graph creation failed with hr=%X$Moniker is NULL.$Such camera is already in the list: %s
                                                                            • API String ID: 2739697835-1067953073
                                                                            • Opcode ID: 8320536623643fb9a82ccd93883c4b51503a044c0bfe6443a3796fe1dcf3ba29
                                                                            • Instruction ID: 0c2db78db8441f90a5655b608386306daf3177cd87543fca05d57ae7838a8fe2
                                                                            • Opcode Fuzzy Hash: 8320536623643fb9a82ccd93883c4b51503a044c0bfe6443a3796fe1dcf3ba29
                                                                            • Instruction Fuzzy Hash: F5024C70900208EFDB14EF95CC92BEEBBB5BF54304F10415EE5066B2D2DB786A45CBA9
                                                                            Function 00402EC0 Relevance: 30.1, APIs: 20, Instructions: 126COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012A4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032CA
                                                                              • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012A8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032DC
                                                                              • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012AC,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032EA
                                                                              • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012C0,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403302
                                                                              • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012C4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403314
                                                                              • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012C8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403326
                                                                            • cvReleaseMat.CXCORE099(00000118,?), ref: 00402ED9
                                                                            • cvReleaseMat.CXCORE099(00000114), ref: 00402EEB
                                                                            • cvReleaseMat.CXCORE099(0000011C), ref: 00402EFD
                                                                            • cvReleaseMat.CXCORE099(00000120), ref: 00402F0F
                                                                            • cvReleaseMat.CXCORE099(00000124), ref: 00402F21
                                                                            • cvReleaseMat.CXCORE099(00000128), ref: 00402F33
                                                                            • cvReleaseMat.CXCORE099(0000012C), ref: 00402F45
                                                                            • cvReleaseMat.CXCORE099(00000130), ref: 00402F57
                                                                            • cvReleaseMat.CXCORE099(00000134), ref: 00402F69
                                                                            • cvReleaseMat.CXCORE099(00000100), ref: 00402F77
                                                                            • cvReleaseMat.CXCORE099(00000104), ref: 00402F89
                                                                            • cvReleaseMat.CXCORE099(00000110), ref: 00402F9B
                                                                            • cvReleaseMat.CXCORE099(00000108), ref: 00402FAD
                                                                            • cvReleaseMat.CXCORE099(0000010C), ref: 00402FBF
                                                                            • cvReleaseMat.CXCORE099(00000138), ref: 00402FD1
                                                                            • cvReleaseMat.CXCORE099(0000013C), ref: 00402FE3
                                                                            • cvReleaseMat.CXCORE099(00000140), ref: 00402FF5
                                                                            • cvReleaseMat.CXCORE099(00000144), ref: 00403007
                                                                            • cvReleaseMat.CXCORE099(00000148), ref: 00403019
                                                                            • cvReleaseMat.CXCORE099(0000014C), ref: 0040302C
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Release$Image
                                                                            • String ID:
                                                                            • API String ID: 1442443227-0
                                                                            • Opcode ID: 18739cc84c4e819f13137b706e7aec6c30c3c301381e9e13cdbf496b20ef20f3
                                                                            • Instruction ID: e9e9c9bdbcc23bd9ce4fc92c64f6ef92138ef717c9158f18fb2c09d524048864
                                                                            • Opcode Fuzzy Hash: 18739cc84c4e819f13137b706e7aec6c30c3c301381e9e13cdbf496b20ef20f3
                                                                            • Instruction Fuzzy Hash: 3A415AB1C01B11ABDA70DB60D94EB97B6EC7F01300F44493E914B929D0EB79F658CAA3
                                                                            Function 004AF1A0 Relevance: 30.0, APIs: 2, Strings: 15, Instructions: 270comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                              • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                            • CoCreateInstance.OLE32(0056F320,00000000,00000001,00571B10,00000000,?,00000000,?,?,A7504B2B), ref: 004AF229
                                                                              • Part of subcall function 004B76D0: fwprintf.MSVCR80 ref: 004B7764
                                                                              • Part of subcall function 004B76D0: fflush.MSVCR80 ref: 004B7774
                                                                            • CoCreateInstance.OLE32(0056F2E0,00000000,00000001,00571B40,00000000,00000000,00000000,?,?,A7504B2B), ref: 004AF297
                                                                            Strings
                                                                            • Failed with hr = %X., xrefs: 004AF37E
                                                                            • Getting IMediaControlInterface., xrefs: 004AF333
                                                                            • Getting IMediaSeeking Interface., xrefs: 004AF3A9
                                                                            • Failed with hr = %X., xrefs: 004AF308
                                                                            • Init cap graph builder., xrefs: 004AF2C1
                                                                            • Getting IMediaEventEx interface., xrefs: 004AF41F
                                                                            • Failed with hr = %X., xrefs: 004AF3F4
                                                                            • Failed with hr = %X., xrefs: 004AF46A
                                                                            • Creating an instance of IGraphBuilder., xrefs: 004AF1FD
                                                                            • Creating cature graph builder., xrefs: 004AF26B
                                                                            • Failed with hr = %X., xrefs: 004AF23C
                                                                            • Getting IMediaFilter interface., xrefs: 004AF492
                                                                            • Failed with hr = %X., xrefs: 004AF2AA
                                                                            • CGraphMgr::InitInternalInterfaces, xrefs: 004AF1C8
                                                                            • Failed with hr = %X., xrefs: 004AF4DD
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: CreateInstance$AllocatorDebugHeapclockfflushfwprintf
                                                                            • String ID: CGraphMgr::InitInternalInterfaces$Creating an instance of IGraphBuilder.$Creating cature graph builder.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Getting IMediaControlInterface.$Getting IMediaEventEx interface.$Getting IMediaFilter interface.$Getting IMediaSeeking Interface.$Init cap graph builder.
                                                                            • API String ID: 3340919952-3253057602
                                                                            • Opcode ID: 9b086fe0cb3031e3bc22e440be552398c93d060f0653d1dd36aa5157d34c403a
                                                                            • Instruction ID: 91a63dad0f67e3e0232ba0b1807ee47d54ee56e4fdf06e0acade68bce617adf4
                                                                            • Opcode Fuzzy Hash: 9b086fe0cb3031e3bc22e440be552398c93d060f0653d1dd36aa5157d34c403a
                                                                            • Instruction Fuzzy Hash: 10A18270E402099BDB04EBD9DC62BBE77B0BF99719F10402EF80677282DB796905C769
                                                                            Function 00B92C30 Relevance: 29.9, APIs: 11, Strings: 6, Instructions: 157COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvGetMat.CXCORE099(?,?,00000000,00000000), ref: 00B92C6F
                                                                            • cvGetErrStatus.CXCORE099 ref: 00B92C79
                                                                            • cvError.CXCORE099(000000FF,cvSaveImage,Inner function failed.,.\loadsave.cpp,000001C4), ref: 00B92C98
                                                                            • cvError.CXCORE099(000000F1,cvSaveImage,00BDD488,.\loadsave.cpp,000001CB), ref: 00B92CEB
                                                                            • cvError.CXCORE099(000000FE,cvSaveImage,could not save the image,.\loadsave.cpp,000001D9), ref: 00B92D1C
                                                                            • cvFlip.CXCORE099(?,?,00000000), ref: 00B92D44
                                                                            • cvGetErrStatus.CXCORE099(?,?,?,?,?,?,?,?,?,?,?,?,?,00B92287,?,?), ref: 00B92D4E
                                                                            • cvFlip.CXCORE099(00000000,00000000,00000000), ref: 00B92D6D
                                                                            • cvGetErrStatus.CXCORE099(?,?,?), ref: 00B92D75
                                                                            • cvError.CXCORE099(000000E5,cvSaveImage,null filename,.\loadsave.cpp,000001C2), ref: 00B92DEA
                                                                            • cvGetErrStatus.CXCORE099 ref: 00B92DF2
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorStatus$Flip
                                                                            • String ID: .\loadsave.cpp$Inner function failed.$could not find a filter for the specified extension$could not save the image$cvSaveImage$null filename
                                                                            • API String ID: 2640733558-2883540358
                                                                            • Opcode ID: 4c5e0771d07e20323fbdc083f66435f272a4439b9e604bd6e80e63cd0c9c9bed
                                                                            • Instruction ID: bb5bd88270fc64c14f95fc2dc916111891dfa52a60ddc3ed75485787b08364a1
                                                                            • Opcode Fuzzy Hash: 4c5e0771d07e20323fbdc083f66435f272a4439b9e604bd6e80e63cd0c9c9bed
                                                                            • Instruction Fuzzy Hash: 6B415571E803107BDE24AB188C52F6EB7D9DF98B50F1441FAFC55673D2E2B1E84486A2
                                                                            Function 004A8E90 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 328memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004A8F0A
                                                                              • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                              • Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                            • wcscmp.MSVCR80 ref: 004A8F3A
                                                                            • wcscmp.MSVCR80 ref: 004A8F53
                                                                            • wcscmp.MSVCR80 ref: 004A8F80
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004A92EC
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004A9304
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004A9324
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$wcscmp$FileFindFirst
                                                                            • String ID: InternalProperties
                                                                            • API String ID: 1222566788-1350816593
                                                                            • Opcode ID: c6da74deea4d9cd51fd66fbdb8e43503fd6c04aced2bb07cda00fcb46decaaae
                                                                            • Instruction ID: d461dac8b76a5e630202117bde1037354cd356562fc5738dbdf76f67a61ac83d
                                                                            • Opcode Fuzzy Hash: c6da74deea4d9cd51fd66fbdb8e43503fd6c04aced2bb07cda00fcb46decaaae
                                                                            • Instruction Fuzzy Hash: 30F13AB49001199FDB14DF54CC94BAEB7B5BF55304F1085DAEA0AA7381DB34AE88CF68
                                                                            Function 004010A0 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 187COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvError.CXCORE099(000000FB,cvCylCreateTrackerContext,Invalid frame size.,.\src\cyltracker.cpp,00000064), ref: 004012DF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Error
                                                                            • String ID: .\src\cyltracker.cpp$Insufficient memory for initializing tracker$Insufficient memory.$Invalid frame size.$Invalid method.$Invalid model type.$Invalid pyramid type.$cvCylCreateTrackerContext
                                                                            • API String ID: 2619118453-4185331338
                                                                            • Opcode ID: 159e2c39b6469685c728ac88f41f5128306c1347d163a9cc52779d86d74ae199
                                                                            • Instruction ID: 99194e5ea39f0bab6f8ac41c15566c549df518491d95b6df1d49c7cd51309a21
                                                                            • Opcode Fuzzy Hash: 159e2c39b6469685c728ac88f41f5128306c1347d163a9cc52779d86d74ae199
                                                                            • Instruction Fuzzy Hash: 6F51F5B6B4031157DB149E58AC82BA67790BB85710F0881BEFE0CBF3D2E6759904C7A6
                                                                            Function 00B92A40 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 145COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvCreateMat.CXCORE099(?,?,?), ref: 00B92AD3
                                                                            • cvGetErrStatus.CXCORE099 ref: 00B92ADF
                                                                            • cvCreateImage.CXCORE099(?,?,00000008,?), ref: 00B92AF4
                                                                            • cvGetErrStatus.CXCORE099 ref: 00B92B00
                                                                            • cvError.CXCORE099(000000FF,cvLoadImage,Inner function failed.,.\loadsave.cpp,00000189), ref: 00B92B1F
                                                                            • cvGetMat.CXCORE099(?,?,00000000,00000000), ref: 00B92B37
                                                                            • cvReleaseMat.CXCORE099(?), ref: 00B92B6A
                                                                            • cvGetErrStatus.CXCORE099(?,?,?,?,?,?,?,00B92BFF,00000000,00B92123,?,?), ref: 00B92B7D
                                                                            • cvReleaseMat.CXCORE099 ref: 00B92B93
                                                                            • cvReleaseImage.CXCORE099(?), ref: 00B92BB2
                                                                            • cvError.CXCORE099(000000E5,cvLoadImage,null filename,.\loadsave.cpp,00000174,?,?,?,?,?,?,?,00B92BFF,00000000,00B92123,?), ref: 00B92BCF
                                                                            • cvReleaseImage.CXCORE099(?), ref: 00B92BDE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Release$ImageStatus$CreateError
                                                                            • String ID: .\loadsave.cpp$Inner function failed.$cvLoadImage$null filename
                                                                            • API String ID: 3787916741-4128775367
                                                                            • Opcode ID: 634642ce48e0209415a6f409255ebfd79e817705e24d1733f8db888929997c05
                                                                            • Instruction ID: 4fd236d01a7ddc29cb1e2944016642a8a080f688506ec4265cf43fdbf0a7b267
                                                                            • Opcode Fuzzy Hash: 634642ce48e0209415a6f409255ebfd79e817705e24d1733f8db888929997c05
                                                                            • Instruction Fuzzy Hash: 6D41C2B19043007BDF20EF25CC42F6AB7D59F94710F1889F9F49947292E735E9098792
                                                                            Function 004735B0 Relevance: 26.6, APIs: 7, Strings: 8, Instructions: 324COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                              • Part of subcall function 00474150: _DebugHeapAllocator.LIBCPMTD ref: 00474184
                                                                            • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00473611
                                                                              • Part of subcall function 0040EDB0: _DebugHeapAllocator.LIBCPMTD ref: 0040EDE7
                                                                            • swscanf.MSVCR80 ref: 00473710
                                                                            • swscanf.MSVCR80 ref: 0047372B
                                                                            • swscanf.MSVCR80 ref: 00473746
                                                                            Strings
                                                                            • Error parsing color field: wrong number of symbols after '#', xrefs: 00473689
                                                                            • rgb(, xrefs: 0047378C
                                                                            • Unspecified error., xrefs: 004735EB
                                                                            • Error parsing color field: one of color components is not specified, xrefs: 00473891
                                                                            • Success., xrefs: 00473A16
                                                                            • Error parsing color field: unexpected symbols '%s'., xrefs: 004739E1
                                                                            • Error parsing color field: one of color components is not specified, xrefs: 0047392B
                                                                            • Error parsing color field: one of color components is not specified, xrefs: 00473803
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeapswscanf$Base::Concurrency::details::ContextIdentityQueueWork
                                                                            • String ID: Error parsing color field: one of color components is not specified$Error parsing color field: one of color components is not specified$Error parsing color field: one of color components is not specified$Error parsing color field: unexpected symbols '%s'.$Error parsing color field: wrong number of symbols after '#'$Success.$Unspecified error.$rgb(
                                                                            • API String ID: 1122337173-231897244
                                                                            • Opcode ID: 683619098a5f14be788e1fbab1df8c809ac1bea4690c2859a926c6c666e65a2e
                                                                            • Instruction ID: 514317ef524717ef2c7c16df4d54ca1b957cd51d0b51933f763c983e9b3e5875
                                                                            • Opcode Fuzzy Hash: 683619098a5f14be788e1fbab1df8c809ac1bea4690c2859a926c6c666e65a2e
                                                                            • Instruction Fuzzy Hash: 64D16F71901208EEDB04EBA5DC56BEEBB74AF10304F50816EF41AA72D1DB786B48CB95
                                                                            Function 00BC0110 Relevance: 26.5, APIs: 9, Strings: 6, Instructions: 223COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            • Invalid cHRM green point specified, xrefs: 00BC03FF
                                                                            • Invalid cHRM white point specified, xrefs: 00BC042B
                                                                            • white_x=%f, white_y=%f, xrefs: 00BC0452
                                                                            • Invalid cHRM blue point specified, xrefs: 00BC03E9
                                                                            • Invalid cHRM red point specified, xrefs: 00BC0415
                                                                            • cHRM, xrefs: 00BC03D3
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: _ftol$fprintf
                                                                            • String ID: Invalid cHRM blue point specified$Invalid cHRM green point specified$Invalid cHRM red point specified$Invalid cHRM white point specified$cHRM$white_x=%f, white_y=%f
                                                                            • API String ID: 3291409459-3520686153
                                                                            • Opcode ID: 9e220e80cd3a152a743ebf6b958aa87b44018f042b26d66631b970bf85d37787
                                                                            • Instruction ID: ef0e694ddc1fc45a01d09d85eaf00abe3a3232ef785e71385f36c5b170620622
                                                                            • Opcode Fuzzy Hash: 9e220e80cd3a152a743ebf6b958aa87b44018f042b26d66631b970bf85d37787
                                                                            • Instruction Fuzzy Hash: 88717CB140465AE3EB04BB40EE2DAABBBF8FFC9780F040A99F1D511165EFB5D4958702
                                                                            Function 00401E00 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 165COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvCreateImage.CXCORE099(?,?,00000008,00000001), ref: 00401E39
                                                                            • cvCreateImage.CXCORE099(?,?,00000008,00000001), ref: 00401E7D
                                                                            • cvCvtColor.CV099(?,?,00000006,?,?,00000008,00000001), ref: 00401E8E
                                                                            • cvResize.CV099(?,?,00000001), ref: 00401EA2
                                                                            • cvEqualizeHist.CV099(?,?), ref: 00401EB0
                                                                            • cvClearMemStorage.CXCORE099(?,?,?), ref: 00401EB6
                                                                            • cvHaarDetectObjects.CV099(?,?,?,0000001E,0000001E), ref: 00401EDE
                                                                            • cvReleaseImage.CXCORE099(?), ref: 00401EED
                                                                            • cvReleaseImage.CXCORE099(?), ref: 00401EFA
                                                                            • cvGetSeqElem.CXCORE099(00000000,00000000), ref: 00401F0F
                                                                            • cvClearSeq.CXCORE099(00000000), ref: 00401FC9
                                                                            • cvError.CXCORE099(000000FE,auxDetectFace,Invalid input data,.\src\cylaux.cpp,0000002C), ref: 00401FF0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Image$ClearCreateRelease$ColorDetectElemEqualizeErrorHaarHistObjectsResizeStorage
                                                                            • String ID: .\src\cylaux.cpp$Invalid input data$auxDetectFace
                                                                            • API String ID: 2437743724-1894629017
                                                                            • Opcode ID: 2bb4529f379278a41ca53a7c36763ca3dde82cfa4019168cc177150fd70c6ded
                                                                            • Instruction ID: ac98781828b75c9019f3c1cd100c5520617b492f8a1ed74b89b13fa435fe6163
                                                                            • Opcode Fuzzy Hash: 2bb4529f379278a41ca53a7c36763ca3dde82cfa4019168cc177150fd70c6ded
                                                                            • Instruction Fuzzy Hash: 0951B170608710ABD300AF14E84AA2BBBE4FFC8714F054E58F489672A5DA31D974CB56
                                                                            Function 00B95160 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 164COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvError.CXCORE099(000000E5,cvShowImage,NULL name,.\window_w32.cpp,0000026B), ref: 00B951BF
                                                                            • cvGetMat.CXCORE099(?,?,00000000,00000000), ref: 00B95211
                                                                            • cvGetErrStatus.CXCORE099 ref: 00B9521F
                                                                            • cvError.CXCORE099(000000FF,cvShowImage,Inner function failed.,.\window_w32.cpp,00000274), ref: 00B9523E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Error$Status
                                                                            • String ID: .\window_w32.cpp$Inner function failed.$NULL name$cvShowImage
                                                                            • API String ID: 483703942-1490608787
                                                                            • Opcode ID: ba539ed09172e7520002fe2abba57de94d8b08ac515c272f822029af0a9c36ac
                                                                            • Instruction ID: 4ce69bc61eb7b2099568027050c7495b4d021fee2d497e247b0fa058542f73d8
                                                                            • Opcode Fuzzy Hash: ba539ed09172e7520002fe2abba57de94d8b08ac515c272f822029af0a9c36ac
                                                                            • Instruction Fuzzy Hash: B851B3B2648300AFDB20DF64DC81F5BB7E8EBD8704F04496DF58997291E770E9058BA6
                                                                            Function 00506610 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 118fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0050665D
                                                                            • GetFileSize.KERNEL32(000000FF,00000000), ref: 0050669D
                                                                            • CloseHandle.KERNEL32(000000FF), ref: 005066AE
                                                                              • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                            Strings
                                                                            • You have selected a file with the size larger than 3Mb., xrefs: 005066B4
                                                                            • You have selected an image with the dimension larger than 3000x2000., xrefs: 0050676F
                                                                            • The Resource File is corrupted. Please select another., xrefs: 00506718
                                                                            • The Resource File is corrupted. Please select another., xrefs: 0050666C
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: File$AllocatorCloseCreateDebugHandleHeapSize
                                                                            • String ID: The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$You have selected a file with the size larger than 3Mb.$You have selected an image with the dimension larger than 3000x2000.
                                                                            • API String ID: 1278540365-1045440647
                                                                            • Opcode ID: a2995053e53532cd3cc61e84a4e3e243a16d3489957e33b38d496d8e3a878c98
                                                                            • Instruction ID: bf2e516d7632956263a6d0b7edc6ab055445a249ca0629827ad9313cad8a857e
                                                                            • Opcode Fuzzy Hash: a2995053e53532cd3cc61e84a4e3e243a16d3489957e33b38d496d8e3a878c98
                                                                            • Instruction Fuzzy Hash: 3D513C70900259ABDB25EF14DC55BEDBBB0FF45704F1085AAF819AB2D0CB75AE84CB80
                                                                            Function 00513E80 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 118fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00513ECD
                                                                            • GetFileSize.KERNEL32(000000FF,00000000), ref: 00513F0D
                                                                            • CloseHandle.KERNEL32(000000FF), ref: 00513F1E
                                                                              • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                            Strings
                                                                            • You have selected a file with the size larger than 3Mb., xrefs: 00513F24
                                                                            • The Resource File is corrupted. Please select another., xrefs: 00513F88
                                                                            • You have selected an image with the dimension larger than 3000x2000., xrefs: 00513FDF
                                                                            • The Resource File is corrupted. Please select another., xrefs: 00513EDC
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: File$AllocatorCloseCreateDebugHandleHeapSize
                                                                            • String ID: The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$You have selected a file with the size larger than 3Mb.$You have selected an image with the dimension larger than 3000x2000.
                                                                            • API String ID: 1278540365-1045440647
                                                                            • Opcode ID: 31dae65b8d5032fe5dc687f767acb6db0229cd793d994c6b1de10459a5ee8fd9
                                                                            • Instruction ID: 23f2238794eb66d98ba3da9ec40f43027c5041e0f5ff9c1f0f1834951436c019
                                                                            • Opcode Fuzzy Hash: 31dae65b8d5032fe5dc687f767acb6db0229cd793d994c6b1de10459a5ee8fd9
                                                                            • Instruction Fuzzy Hash: 27511970900259AFEB15EF14DC55BEDBB70BB45344F10859AE815AB2D0CB74AF84DF80
                                                                            Function 004E5580 Relevance: 24.9, APIs: 11, Strings: 3, Instructions: 371memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                              • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                            • ??2@YAPAXI@Z.MSVCR80(000001F8,00000000,?,?,?,?,?,?,?,?,?,A7504B2B), ref: 004E56C0
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004E56E8
                                                                              • Part of subcall function 004D7750: _DebugHeapAllocator.LIBCPMTD ref: 004D7791
                                                                              • Part of subcall function 00418CB0: EnterCriticalSection.KERNEL32(xJ,00000001,?,004A78E3,?,004A7688,00000001,A7504B2B,?,?,00000000,005372A8,000000FF,?,004602DC), ref: 00418CBB
                                                                            • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004E5761
                                                                            • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004E57BA
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004E57A0
                                                                              • Part of subcall function 00418D00: LeaveCriticalSection.KERNEL32(00000001,00000000,?,00418CE9,00000001,?,00418C7A,00417F19,?,00522EAF,?,005A2ECC,005A2ECC,?,00417F19), ref: 00418D0B
                                                                            Strings
                                                                            • Changing source to type=%d, name=%s, xrefs: 004E5615
                                                                            • SetVideoSource completed with bStatus = %d., xrefs: 004E5A61
                                                                            • CVideoLayer::SetVideoSource (%s), xrefs: 004E55B2
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$Concurrency::cancellation_token_source::~cancellation_token_sourceCriticalSection$??2@EnterLeaveclock
                                                                            • String ID: CVideoLayer::SetVideoSource (%s)$Changing source to type=%d, name=%s$SetVideoSource completed with bStatus = %d.
                                                                            • API String ID: 940658134-2688229957
                                                                            • Opcode ID: ed1a128956794bde5e5230a4d138cfadb2c5c7bc89fd5ac7b4d3999619687d38
                                                                            • Instruction ID: dba240629de62da63940887bf9cd1e5b9116a74bbdd400ead28e10356bf54a65
                                                                            • Opcode Fuzzy Hash: ed1a128956794bde5e5230a4d138cfadb2c5c7bc89fd5ac7b4d3999619687d38
                                                                            • Instruction Fuzzy Hash: 0EF12B70E00248DFDB04DF95C8A1BEEB7B5AF48308F24816EE4196B392DB796D41CB95
                                                                            Function 0040C220 Relevance: 24.8, APIs: 9, Strings: 5, Instructions: 308memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0040FA80: List.LIBCMTD ref: 0040FA8A
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0040C2DC
                                                                              • Part of subcall function 004DBD20: Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 004DBD89
                                                                            • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 0040C305
                                                                              • Part of subcall function 004DB530: _DebugHeapAllocator.LIBCPMTD ref: 004DB54A
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0040C35E
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0040C371
                                                                              • Part of subcall function 004DAFB0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004DB014
                                                                            • _snwprintf.MSVCR80 ref: 0040C591
                                                                            • wcslen.MSVCR80 ref: 0040C59E
                                                                            • wcscpy.MSVCR80 ref: 0040C5CE
                                                                            • wcslen.MSVCR80 ref: 0040C5DB
                                                                              • Part of subcall function 0040F760: _invalid_parameter_noinfo.MSVCR80(00000000,?,00409D5D,?,?,00000000,?,?,?,mce,?,?,?,?,?,?), ref: 0040F774
                                                                            • wcscat.MSVCR80 ref: 0040C633
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$Base::Concurrency::details::$PolicySchedulerwcslen$ContextIdentityListQueueWork_invalid_parameter_noinfo_snwprintfwcscatwcscpy
                                                                            • String ID: %s files (%s)$*.%s$*.%s$;*.%s$;*.%s
                                                                            • API String ID: 3673500439-2222090975
                                                                            • Opcode ID: 410b57a6a7f9a888242e909b12c55668fef034fc55ece74735e624549ad644eb
                                                                            • Instruction ID: 0f1205feb10db953e557daecc0f66cfc6334ceda2ae244769a0a321528e6ad92
                                                                            • Opcode Fuzzy Hash: 410b57a6a7f9a888242e909b12c55668fef034fc55ece74735e624549ad644eb
                                                                            • Instruction Fuzzy Hash: 7BC12F71D00208DBDB14EBA5E892BEEB775AF54308F10417EF116B72D1DB385A48CB99
                                                                            Function 0041A3B0 Relevance: 24.8, APIs: 6, Strings: 8, Instructions: 308memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0041A415
                                                                              • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                              • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                              • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0041A437
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0041A455
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0041A47D
                                                                              • Part of subcall function 00472C60: _wfopen_s.MSVCR80 ref: 00472CBE
                                                                              • Part of subcall function 00472C60: fclose.MSVCR80 ref: 00472CDF
                                                                              • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                              • Part of subcall function 004730D0: _DebugHeapAllocator.LIBCPMTD ref: 0047314B
                                                                              • Part of subcall function 004730D0: _DebugHeapAllocator.LIBCPMTD ref: 0047316D
                                                                            • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,?,00000000,?,0053E990,?,?,?,?,?,\class.xml,?,?,?,data\images\), ref: 0041A530
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$Image@@Load@_wfopen_sfclose
                                                                            • String ID: 8S$P$\class.xml$data\images\$icon$icon_and_text$style$S
                                                                            • API String ID: 255584289-693003568
                                                                            • Opcode ID: 603b225bfe0989b9d3390ef585aae42c8b49bc1da2bbc25a9b3d303a95ec7668
                                                                            • Instruction ID: 810976337b1479ad00da3f975604671f65968c870661c51cbc195e462080606e
                                                                            • Opcode Fuzzy Hash: 603b225bfe0989b9d3390ef585aae42c8b49bc1da2bbc25a9b3d303a95ec7668
                                                                            • Instruction Fuzzy Hash: 4BD16EB0D012189BDB14DB95CD92BEDBBB4BF18304F10819EE14A77281DB746E85CF9A
                                                                            Function 00401690 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 176COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvCvtColor.CV099(?,?,00000007), ref: 004016FA
                                                                            • cvGetImageROI.CXCORE099(?,?), ref: 0040170E
                                                                            • cvSobel.CV099(?,?,00000001,00000000,00000003,?,?), ref: 00401742
                                                                            • cvSobel.CV099(?,?,00000000,00000001,00000003), ref: 00401758
                                                                            • cvGEMM.CXCORE099(?,?,?,00000000,?,00000000), ref: 004017D9
                                                                            • cvCopy.CXCORE099(?,?,00000000), ref: 004017F1
                                                                            • cvError.CXCORE099(000000FB,cvCylTrackModel,Invalid input frame.,.\src\cyltracker.cpp,000001A0), ref: 00401886
                                                                            • cvSetImageROI.CXCORE099(?), ref: 004018B5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ImageSobel$ColorCopyError
                                                                            • String ID: .\src\cyltracker.cpp$Invalid input frame.$Null pointer to the tracker context.$cvCylTrackModel
                                                                            • API String ID: 3140367126-428952811
                                                                            • Opcode ID: 3ec082688a0413c58711cd9b83bdb17f3b228cbd943129101cc4b4c10cf63d8e
                                                                            • Instruction ID: 66ebd014f4a14a4e4a4a45a8ae43f3bc62eaeaf842471fa18c085293a8b48d64
                                                                            • Opcode Fuzzy Hash: 3ec082688a0413c58711cd9b83bdb17f3b228cbd943129101cc4b4c10cf63d8e
                                                                            • Instruction Fuzzy Hash: 5051A1B1B00601ABC608EB64DC86FA6F7A5BF89710F008229FA58573D1D774E924CBD6
                                                                            Function 00B96350 Relevance: 24.3, APIs: 16, Instructions: 305COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00B94A80: GetWindowLongA.USER32(?,000000EB), ref: 00B94A83
                                                                            • DefWindowProcA.USER32(?,?,?), ref: 00B96394
                                                                            • SetCapture.USER32 ref: 00B965F8
                                                                            • ReleaseCapture.USER32 ref: 00B96616
                                                                            • GetClientRect.USER32(?,?), ref: 00B9662E
                                                                            • DefWindowProcA.USER32(?,?,?), ref: 00B966B4
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Window$CaptureProc$ClientLongRectRelease
                                                                            • String ID:
                                                                            • API String ID: 81580808-0
                                                                            • Opcode ID: f7c7ac7ecadc59b9c37d91d66d2000a400560e5ce704e074679cc101f44bff6f
                                                                            • Instruction ID: 307f802d2db86b9a777ac61f12f976e7a504b723aae1109b80eca2661e159216
                                                                            • Opcode Fuzzy Hash: f7c7ac7ecadc59b9c37d91d66d2000a400560e5ce704e074679cc101f44bff6f
                                                                            • Instruction Fuzzy Hash: 7AB1D2715083029FDB24CF64C898BAFBBE5EBC8304F11496EF98597251D774E845CB92
                                                                            Function 00BDBEA0 Relevance: 24.1, APIs: 16, Instructions: 141sleepCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Sleep.KERNEL32(000003E8,?,?,00000001,?,00BDC0CA,00000001,?,?,00BE3960,00000010,00BDC196,?), ref: 00BDBEFD
                                                                            • InterlockedCompareExchange.KERNEL32(00BED220,?,00000000), ref: 00BDBF06
                                                                            • _amsg_exit.MSVCR80 ref: 00BDBF24
                                                                            • _initterm_e.MSVCR80 ref: 00BDBF3F
                                                                            • _initterm.MSVCR80 ref: 00BDBF5B
                                                                            • InterlockedExchange.KERNEL32(00BED220,00000000), ref: 00BDBF70
                                                                            • Sleep.KERNEL32(000003E8,?,?,00000001,?,00BDC0CA,00000001,?,?,00BE3960,00000010,00BDC196,?), ref: 00BDBFC1
                                                                            • InterlockedCompareExchange.KERNEL32(00BED220,00000001,00000000), ref: 00BDBFCB
                                                                            • _amsg_exit.MSVCR80 ref: 00BDBFDD
                                                                            • _decode_pointer.MSVCR80(?,?,00000001,?,00BDC0CA,00000001,?,?,00BE3960,00000010,00BDC196,?), ref: 00BDBFF1
                                                                            • _decode_pointer.MSVCR80(?,00000001,?,00BDC0CA,00000001,?,?,00BE3960,00000010,00BDC196,?), ref: 00BDC000
                                                                            • _encoded_null.MSVCR80(00000001,?,00BDC0CA,00000001,?,?,00BE3960,00000010,00BDC196,?), ref: 00BDC012
                                                                            • _decode_pointer.MSVCR80(?,?,00BDC0CA,00000001,?,?,00BE3960,00000010,00BDC196,?), ref: 00BDC022
                                                                            • free.MSVCR80 ref: 00BDC02F
                                                                            • _encoded_null.MSVCR80(?,00BE3960,00000010,00BDC196,?), ref: 00BDC036
                                                                            • InterlockedExchange.KERNEL32(00BED220,00000000), ref: 00BDC053
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ExchangeInterlocked$_decode_pointer$CompareSleep_amsg_exit_encoded_null$_initterm_initterm_efree
                                                                            • String ID:
                                                                            • API String ID: 2174737765-0
                                                                            • Opcode ID: 771b923fa2d5699d359c5fe235b1fa28830183841917b08d1fb3a6a8507b2e84
                                                                            • Instruction ID: 789492e6c99a749125446639d112f27dfd02712bcb19e53928187c46863079de
                                                                            • Opcode Fuzzy Hash: 771b923fa2d5699d359c5fe235b1fa28830183841917b08d1fb3a6a8507b2e84
                                                                            • Instruction Fuzzy Hash: 19419931509246DFC620AF65EC94A2AFFE4EB48314F2104ABF6459B2A1FFB1D841DF91
                                                                            Function 004B8420 Relevance: 23.0, APIs: 4, Strings: 9, Instructions: 284memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                              • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004B84DB
                                                                            • ??2@YAPAXI@Z.MSVCR80(00000030,?,?,?,?,?,?,?,A7504B2B), ref: 004B84E2
                                                                              • Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
                                                                              • Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852
                                                                              • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                            Strings
                                                                            • Creating frame grabbing graph for file %s, xrefs: 004B856B
                                                                            • Destroying the graph., xrefs: 004B8725
                                                                            • AppModel pointer is NULL! Returning E_FAIL., xrefs: 004B8472
                                                                            • Setting current pos for the graph %s, xrefs: 004B8616
                                                                            • Failed creating graph with hr=%X; preparing to clean up., xrefs: 004B8697
                                                                            • Couldn't find the graph %s!, xrefs: 004B86E7
                                                                            • Creating frame grabbing graph for camera %s, xrefs: 004B84C0
                                                                            • Setting graph state %d, xrefs: 004B8655
                                                                            • CManyCamGraphMgr::CreateGraph, xrefs: 004B8448
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeapclock$??2@fflushfwprintf
                                                                            • String ID: AppModel pointer is NULL! Returning E_FAIL.$CManyCamGraphMgr::CreateGraph$Couldn't find the graph %s!$Creating frame grabbing graph for camera %s$Creating frame grabbing graph for file %s$Destroying the graph.$Failed creating graph with hr=%X; preparing to clean up.$Setting current pos for the graph %s$Setting graph state %d
                                                                            • API String ID: 1778695617-1153812090
                                                                            • Opcode ID: f1e7f66eff02cda7a9ed3db3bcb49d45f39b49662cdf193da7ba6901c3f1654f
                                                                            • Instruction ID: f3cb85e83180b36cfd0b303413b5ba2857901d6173e86f69feec068597868732
                                                                            • Opcode Fuzzy Hash: f1e7f66eff02cda7a9ed3db3bcb49d45f39b49662cdf193da7ba6901c3f1654f
                                                                            • Instruction Fuzzy Hash: FBC11B75D00209AFDB04DF99CC92BEEB7B4AF48308F14411EF5167B292DB786A05CB69
                                                                            Function 005062D0 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 206memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 00506312
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 00506336
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 00506352
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0050636E
                                                                              • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                              • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                              • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                              • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                              • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                            • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,000000FF,?,?,?,?,?,?,?,?,?,00000000,?,00000002,A7504B2B), ref: 005063A1
                                                                            • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,00000000,000000FF,?,?,?,?,?,?,?,?,?,00000000,?,00000002,A7504B2B), ref: 005063B5
                                                                              • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                              • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4E3
                                                                              • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4FF
                                                                            • memcpy.MSVCR80(?,?,?,A7504B2B), ref: 0050646C
                                                                            • ??3@YAXPAX@Z.MSVCR80(?,?,anonymous_type,?,?,mask_reader_ver,?,?,mask_type,?,?,?,?,A7504B2B), ref: 0050652C
                                                                            • ??3@YAXPAX@Z.MSVCR80(?,?,?,?,?,A7504B2B), ref: 0050653E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$??3@Image@@$memcpy
                                                                            • String ID: anonymous_type$mask_reader_ver$mask_type$properties
                                                                            • API String ID: 3418783136-1683271502
                                                                            • Opcode ID: ea6c7d0e71fb220edab34224d6aa0e07e57cb9ccd2759369dc2a5b15c5864e21
                                                                            • Instruction ID: 830ff7d4bb77275050dcf287e18c53aa9cee5c96830a24d37f20f8f55580aab9
                                                                            • Opcode Fuzzy Hash: ea6c7d0e71fb220edab34224d6aa0e07e57cb9ccd2759369dc2a5b15c5864e21
                                                                            • Instruction Fuzzy Hash: 8891F7B1E002489FDB04DFA8D896BEEBBB5BF88304F10816DE419A7381DB345A45CF91
                                                                            Function 00B94C20 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 192registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00020019,?), ref: 00B94CA7
                                                                            • RegCreateKeyExA.ADVAPI32(80000001,?,00000000,00000000,00000000,0004001F,00000000,?,00000000), ref: 00B94D0E
                                                                            • RegEnumKeyExA.ADVAPI32(?,?,?,?,?,?,00000000,?,?,00000000,00000000,00000000,?), ref: 00B94D4B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: CreateEnumOpen
                                                                            • String ID: Left$Top
                                                                            • API String ID: 1535768306-3873733008
                                                                            • Opcode ID: 4c0648dfdea83312e0bfb7d06edf043e98eee5851714373c65693d9a76f06aab
                                                                            • Instruction ID: 6e87f522736512c6fe8a7eae09d9f516ea508e247532cff44db2d58015d81c91
                                                                            • Opcode Fuzzy Hash: 4c0648dfdea83312e0bfb7d06edf043e98eee5851714373c65693d9a76f06aab
                                                                            • Instruction Fuzzy Hash: D651C3B2104245AFDB20DB64DC90EBBB7EDFBC8304F04496DF69587251E771AD0987A2
                                                                            Function 00514480 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 157memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(A7504B2B,000000FF,?,005125AA,?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000), ref: 005144AB
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(A7504B2B,000000FF,?,005125AA,?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000), ref: 005144B6
                                                                            • ?Resample@CxImage@@QAE_NJJHPAV1@@Z.CXIMAGECRT(00000160,00000000,00000001,00000000,?,?,?,00000160,00000120,00000001,A7504B2B,000000FF,?,005125AA,?,?), ref: 00514559
                                                                            • ?IncreaseBpp@CxImage@@QAE_NK@Z.CXIMAGECRT(00000018,00000160,00000000,00000001,00000000,?,?,?,00000160,00000120,00000001,A7504B2B,000000FF,?,005125AA,?), ref: 00514563
                                                                            • ?AlphaCreate@CxImage@@QAE_NXZ.CXIMAGECRT(00000018,00000160,00000000,00000001,00000000,?,?,?,00000160,00000120,00000001,A7504B2B,000000FF,?,005125AA,?), ref: 0051456B
                                                                            • ?Save@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000004,00000160,00000120,00000001,A7504B2B,000000FF,?,005125AA,?,?,?,00000000,?,?,?), ref: 005145B1
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 005145DC
                                                                            • ?Resample@CxImage@@QAE_NJJHPAV1@@Z.CXIMAGECRT(?,00569E8C,00000001,00000000,00000000,0056A220,00000000,00000004,00000160,00000120,00000001,A7504B2B,000000FF,?,005125AA,?), ref: 0051463E
                                                                            • ?Save@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000004,?,00569E8C,00000001,00000000,00000000,0056A220,00000000,00000004,00000160,00000120,00000001,A7504B2B,000000FF), ref: 00514651
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Image@@$Resample@Save@V1@@$AllocatorAlphaBpp@Create@DebugHeapHeight@IncreaseWidth@
                                                                            • String ID: %s\%d.png$%s\%d.png$352x288$640x480
                                                                            • API String ID: 2860891125-2440275166
                                                                            • Opcode ID: a43d91bb6eb54d53ff6a1737a5b0fe56c092a8fccabc49aed94ca0378de78455
                                                                            • Instruction ID: acc42daae56a842fc35e0990e2763de5810e809cf3d34599ed660b5ee8a323ea
                                                                            • Opcode Fuzzy Hash: a43d91bb6eb54d53ff6a1737a5b0fe56c092a8fccabc49aed94ca0378de78455
                                                                            • Instruction Fuzzy Hash: 5A6107B5E00209AFDB04EF99D892AEEBBB5FF88300F108529F515B7291DB746941CF94
                                                                            Function 00B9CA70 Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 371COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??2@YAPAXI@Z.MSVCR80(00000000), ref: 00B9CAF6
                                                                            • ??2@YAPAXI@Z.MSVCR80(00000000,00000000), ref: 00B9CB12
                                                                            • ??2@YAPAXI@Z.MSVCR80(?,00000000,00000000), ref: 00B9CB1F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ??2@
                                                                            • String ID: II*$r+b
                                                                            • API String ID: 1033339047-1110506143
                                                                            • Opcode ID: 2b274b65d65becda1309347fc64fad1e50ab1d8a2a37c986607af837f9e5be9b
                                                                            • Instruction ID: 0c2a133c2c35482d06dad41d4a2fc286bc70289c90cc079c61663bb460c097bd
                                                                            • Opcode Fuzzy Hash: 2b274b65d65becda1309347fc64fad1e50ab1d8a2a37c986607af837f9e5be9b
                                                                            • Instruction Fuzzy Hash: FCC18070348300ABDB14DF28C892B2FBBE5EBC9740F50086DF6869B391DBB5D9458796
                                                                            Function 00472C60 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 270memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$_wfopen_sfclose
                                                                            • String ID: base_class$class$name$prop$val
                                                                            • API String ID: 1905607448-2961531382
                                                                            • Opcode ID: 265c9ab7eb5baf22480eda760dc822cfc626c5c0d99404b903e2b5ff3dc1b93f
                                                                            • Instruction ID: 751db2e67e60f486d96aaf90422ccf13f7de2e4e99e3856fc400571b524def08
                                                                            • Opcode Fuzzy Hash: 265c9ab7eb5baf22480eda760dc822cfc626c5c0d99404b903e2b5ff3dc1b93f
                                                                            • Instruction Fuzzy Hash: 47C14C70901258DEDB14EBA4CD55BEEBBB4BF50308F10819EE14A67292DB781F88CF95
                                                                            Function 00BB0E70 Relevance: 21.2, APIs: 4, Strings: 8, Instructions: 178COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: _setjmp3
                                                                            • String ID: 1.2.2$1.2.8$Application is running with png.c from libpng-%.20s$Application was compiled with png.h from libpng-%.20s$Incompatible libpng version in application and library$Unknown zlib error$zlib memory error$zlib version error
                                                                            • API String ID: 3837033383-2455210892
                                                                            • Opcode ID: d655362dc4bb40aa4ec354c44a7d4f37f9be14dffc00173809a9344935bf2ca2
                                                                            • Instruction ID: 81ad38f9c51c413c3ef469b1891d16a2e0b608cb485c04328f480d0dc28552fd
                                                                            • Opcode Fuzzy Hash: d655362dc4bb40aa4ec354c44a7d4f37f9be14dffc00173809a9344935bf2ca2
                                                                            • Instruction Fuzzy Hash: 8751D271A10744AFD720AF649852FFBB7E9EF45300F044599F98997301EBF0A9058BA1
                                                                            Function 0042E150 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 171memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0042E198
                                                                              • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0042E1D1
                                                                              • Part of subcall function 004167E0: _DebugHeapAllocator.LIBCPMTD ref: 004167EE
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0042E203
                                                                              • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0042E23C
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0042E258
                                                                            • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000400), ref: 0042E295
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0042E2A5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$DateFormat
                                                                            • String ID: Created by: $Creation date: $Name: $www.manycam.com$www.manycam.com
                                                                            • API String ID: 393568584-1701023392
                                                                            • Opcode ID: 6ae18c8123b619394136c12ce8f0d690e019f5e653af45ce7849ef6131bd0f08
                                                                            • Instruction ID: cbadc1f5ef3ad51f7f35ce95d366eb704496e5c2bb1529dbc726db86d70e8f02
                                                                            • Opcode Fuzzy Hash: 6ae18c8123b619394136c12ce8f0d690e019f5e653af45ce7849ef6131bd0f08
                                                                            • Instruction Fuzzy Hash: 65711771A001199FCB14EB64CD91BEEB7B4BF48304F10869DE55AA7291DF34AE88CF94
                                                                            Function 00406670 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 164COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00406840: GetWindowLongW.USER32(?,000000F0), ref: 0040684F
                                                                            • GetParent.USER32 ref: 0040669A
                                                                            • GetWindow.USER32(?,00000004), ref: 004066AD
                                                                            • GetWindowRect.USER32(?,?), ref: 004066C0
                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D
                                                                            • GetWindowRect.USER32(00000000,?), ref: 0040673B
                                                                            • GetParent.USER32(?), ref: 00406749
                                                                            • GetClientRect.USER32(?,?), ref: 0040675A
                                                                            • GetClientRect.USER32(00000000,?), ref: 00406768
                                                                            • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 0040677C
                                                                            • SetWindowPos.USER32(A7504B2B,00000000,00000000,A7504B2B,000000FF,000000FF,00000015,?,?), ref: 00406826
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Rect$ClientLongParent$InfoParametersPointsSystem
                                                                            • String ID: *b@
                                                                            • API String ID: 2289592163-3951841937
                                                                            • Opcode ID: 85e0b70c33394ba71c68aafcb1af9cf7bac2a856a7ed6dfd4d8bfa7c3afbd8a7
                                                                            • Instruction ID: 1e1c0fd00856f1237eb481f10da8126670bc63b2ce16d521bf68457a350c038b
                                                                            • Opcode Fuzzy Hash: 85e0b70c33394ba71c68aafcb1af9cf7bac2a856a7ed6dfd4d8bfa7c3afbd8a7
                                                                            • Instruction Fuzzy Hash: BA611975E00209EFDB04CFE8C984AEEBBB5BF88304F148629E516BB394D734A945CB54
                                                                            Function 00499CC0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 164windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetActiveWindow.USER32 ref: 00499D15
                                                                            • GetLastActivePopup.USER32(00000000), ref: 00499D31
                                                                            • SendMessageW.USER32(00000000,0000000D,00000104,?), ref: 00499D71
                                                                            • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00499DEB
                                                                            • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00499E0B
                                                                            • wcscat.MSVCR80 ref: 00499E61
                                                                            • GetPrivateProfileStringW.KERNEL32(DoNotAsk,00000000,00557E44,?,00000010,?), ref: 00499E9A
                                                                            • wcstoul.MSVCR80 ref: 00499EAF
                                                                            • MessageBeep.USER32(?), ref: 00499F1C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ActiveMessageName$BeepFileFullLastModulePathPopupPrivateProfileSendStringWindowwcscatwcstoul
                                                                            • String ID: %s%d$DoNotAsk$PPMessageBox.ini
                                                                            • API String ID: 3999366269-2647165371
                                                                            • Opcode ID: 88fe661ea0f20f6091777b59d426feaaedbdce2cd2330f005451ca6092a7d098
                                                                            • Instruction ID: 52c43eb377399d7600db362d3f6ba6012730098c3eeec84a0b2b3f1ac4b66590
                                                                            • Opcode Fuzzy Hash: 88fe661ea0f20f6091777b59d426feaaedbdce2cd2330f005451ca6092a7d098
                                                                            • Instruction Fuzzy Hash: D571697190022A9BEF34DB54CD85BEAB7B8FB48305F0005EAE509A76D0DB742E84DF54
                                                                            Function 004F7A10 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 94memorylibraryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004F7A47
                                                                            • wcscat.MSVCR80 ref: 004F7A59
                                                                            • _wfopen.MSVCR80 ref: 004F7A6E
                                                                            • fclose.MSVCR80 ref: 004F7A96
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004F7ABD
                                                                            • LoadLibraryW.KERNEL32(00000000,manycam.dll,?), ref: 004F7ACE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugDirectoryHeapLibraryLoadSystem_wfopenfclosewcscat
                                                                            • String ID: \ir50_32.dll$install_indeo_codec$manycam.dll
                                                                            • API String ID: 2772874605-3707710387
                                                                            • Opcode ID: 575395483891dccec64e4652b6b9411fdd4f3bf58853aa2061394f1fea350114
                                                                            • Instruction ID: 8c6a274a38a71000309de35580737fca633a3ace6444322c61b51428c5e4b817
                                                                            • Opcode Fuzzy Hash: 575395483891dccec64e4652b6b9411fdd4f3bf58853aa2061394f1fea350114
                                                                            • Instruction Fuzzy Hash: E7416E71C012189FDB24EFA0ED89BAEB7B4BF08314F104299E516A7290DB786B48CF54
                                                                            Function 0041C950 Relevance: 19.7, APIs: 13, Instructions: 185COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                            • GetStockObject.GDI32(00000000), ref: 0041C9C4
                                                                            • FillRect.USER32(?,?,00000000), ref: 0041C9D3
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT ref: 0041C9FF
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT ref: 0041CA2E
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000), ref: 0041CA56
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000), ref: 0041CA6D
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CA97
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CAC5
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB0E
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB36
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB4D
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB77
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CBA5
                                                                              • Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Image@@$C__@@Draw@U3@_Utag$Width@$Rect$ClientFillHeight@ObjectStock
                                                                            • String ID:
                                                                            • API String ID: 1214153398-0
                                                                            • Opcode ID: 1d1617abfc9fbb8697bfd5c8fbec6c435857e0e2642eb5cd6e205186f3222b68
                                                                            • Instruction ID: 64adb8edbe6d6a745132db4a95317a47dd4f78eb1bf019a77eab89ed2a27929a
                                                                            • Opcode Fuzzy Hash: 1d1617abfc9fbb8697bfd5c8fbec6c435857e0e2642eb5cd6e205186f3222b68
                                                                            • Instruction Fuzzy Hash: 8A81C3B4D002099FDB58EF98D991BEEB7B5BF48304F20816AE519B7381DB342A45CF64
                                                                            Function 00502A40 Relevance: 19.7, APIs: 13, Instructions: 160COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 898b4d837ae699b25311b23fbbf044c2f725344d7131efd26da484f397ae12a6
                                                                            • Instruction ID: 12e37dd4abdcf4f70f14d239c3f2fb0002299592faa212dd5bf358f334e534ec
                                                                            • Opcode Fuzzy Hash: 898b4d837ae699b25311b23fbbf044c2f725344d7131efd26da484f397ae12a6
                                                                            • Instruction Fuzzy Hash: 20615470904308EFDB14DFA4D85AAEEBFB6BF55310F204A19E516AB2D1EB305A48DB50
                                                                            Function 00434E60 Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 254COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: #NC$Backgrounds$Date & Time$Drawing over video$Text over video
                                                                            • API String ID: 0-745308588
                                                                            • Opcode ID: e89cde5ceba465d579d9307fe3d900b605cbcdb901679e140c7094b8ba2244ab
                                                                            • Instruction ID: 61b0055fb2e5cbe1d4e4773f87cdc9b928e12edc189f893c90bd2281fadebac5
                                                                            • Opcode Fuzzy Hash: e89cde5ceba465d579d9307fe3d900b605cbcdb901679e140c7094b8ba2244ab
                                                                            • Instruction Fuzzy Hash: D4B14271D052189FCF08EFE5D851BEEBBB5BF48308F14452EE10A6B282DB385945CB99
                                                                            Function 00499F90 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 250windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00488640: ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP80(?,?,0049A02E,A7504B2B,?,?), ref: 0048864A
                                                                              • Part of subcall function 00479BB0: GetSysColor.USER32(00000010), ref: 00479DFB
                                                                            • GetModuleHandleW.KERNEL32(00000000,A7504B2B,?,?), ref: 0049A14F
                                                                            • GetModuleHandleW.KERNEL32(00000000,A7504B2B,?,?), ref: 0049A16C
                                                                            • memset.MSVCR80 ref: 0049A286
                                                                            • SystemParametersInfoW.USER32(00000029,00000000,000001F8,00000000), ref: 0049A2A5
                                                                            • CreateFontIndirectW.GDI32(?), ref: 0049A2AF
                                                                            • LoadIconW.USER32(00000000,00007F01), ref: 0049A31D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: HandleModule$??0?$basic_string@_ColorCreateFontIconIndirectInfoLoadParametersSystemU?$char_traits@_V?$allocator@_W@2@@std@@W@std@@memset
                                                                            • String ID: p
                                                                            • API String ID: 89581510-2181537457
                                                                            • Opcode ID: a881004d8c46297404a52378e96728856b1f8b23cb2602775ab0371babacd52b
                                                                            • Instruction ID: 0b2ca985f61fbf1d9d73a94fc23b706029f1d57e4e767938025d9d6251a87b1b
                                                                            • Opcode Fuzzy Hash: a881004d8c46297404a52378e96728856b1f8b23cb2602775ab0371babacd52b
                                                                            • Instruction Fuzzy Hash: 46C13230901158EFDB24DFA4D859BADB7B1AF48304F2481DED50A6B382CB795E84CF55
                                                                            Function 0050F480 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 216COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: _mAnnnYca@aM_
                                                                            • API String ID: 0-3995523097
                                                                            • Opcode ID: d785f2585446dacc2ea26e3cd8fc161da3962a7f22c1aaa8b953898c058bd1e2
                                                                            • Instruction ID: 03f3f580957dd8d98fe766c3b08c4ea85ac32c8ace33bb22cf726ef2f4b4dfae
                                                                            • Opcode Fuzzy Hash: d785f2585446dacc2ea26e3cd8fc161da3962a7f22c1aaa8b953898c058bd1e2
                                                                            • Instruction Fuzzy Hash: 51A12CB1A4021A9FDB24DF54DC95FEEB775BF88304F1082E8E50967281DB31AA80CF91
                                                                            Function 0050F080 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 129fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                              • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                            • SetFileAttributesW.KERNEL32(00000000,00000080,?,?,A7504B2B), ref: 0050F10D
                                                                            • CreateFileW.KERNEL32(00000000,001F01FF,00000000,00000000,00000003,00000000,00000000,?,?,A7504B2B), ref: 0050F134
                                                                              • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Fileclock$AllocatorAttributesCreateDebugHeap
                                                                            • String ID: CMCEData::FlushToDisk()$Couldn't open a file to flush MCE data to disk: %s$_mAnnnYca@aM_$h-Z
                                                                            • API String ID: 3526691834-3819927071
                                                                            • Opcode ID: c250c6d348c6a577bac95d433ffd8b1c35fd8412c96bf1b7ac210eb878312dd3
                                                                            • Instruction ID: 3fd365fe576ff881e40a2fa1f18d14bb5eaede2e8814e90bc3ea97a76a5821e3
                                                                            • Opcode Fuzzy Hash: c250c6d348c6a577bac95d433ffd8b1c35fd8412c96bf1b7ac210eb878312dd3
                                                                            • Instruction Fuzzy Hash: 62517C70E44318ABEB24DB64DC46BEAB774FB94700F0082ADE619672C1DF792A84CF54
                                                                            Function 0041D3A0 Relevance: 18.2, APIs: 12, Instructions: 178COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(?,A7504B2B,A7504B2B,A7504B2B), ref: 0041D427
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,A7504B2B,A7504B2B,A7504B2B), ref: 0041D453
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,?,A7504B2B,A7504B2B,A7504B2B), ref: 0041D478
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,?,A7504B2B,A7504B2B,A7504B2B), ref: 0041D48C
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,A7504B2B,A7504B2B,A7504B2B), ref: 0041D4B3
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,A7504B2B,A7504B2B,A7504B2B), ref: 0041D4DE
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,A7504B2B,A7504B2B,A7504B2B), ref: 0041D506
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,A7504B2B,A7504B2B,A7504B2B), ref: 0041D532
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041D557
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041D56B
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041D592
                                                                            • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041D5BD
                                                                              • Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Image@@$C__@@Draw@U3@_Utag$Width@$Height@$ClientRect
                                                                            • String ID:
                                                                            • API String ID: 800822957-0
                                                                            • Opcode ID: 48e4cdac09fd2584f099d7bad379a9fdd4af48967efff26b200e1ab649f63517
                                                                            • Instruction ID: 8b69319c21aec3ddee00cb00959702adc85bce415fb2168130725632d218664d
                                                                            • Opcode Fuzzy Hash: 48e4cdac09fd2584f099d7bad379a9fdd4af48967efff26b200e1ab649f63517
                                                                            • Instruction Fuzzy Hash: C671B3B5D002099FDB18EFA8D991BEEBBB5AF48304F20412EE515B7381DB342A45CF65
                                                                            Function 00406B70 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 325stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetClassNameW.USER32(?,00000000,00000008), ref: 00406BCD
                                                                            • lstrcmpiW.KERNEL32(00000000,static), ref: 00406BE4
                                                                              • Part of subcall function 00407320: GetWindowLongW.USER32(-00000004,000000F0), ref: 00407331
                                                                              • Part of subcall function 00406840: GetWindowLongW.USER32(?,000000F0), ref: 0040684F
                                                                            • LoadCursorW.USER32(00000000,00007F89), ref: 00406C72
                                                                            • GetStockObject.GDI32(0000000D), ref: 00406CC9
                                                                            • memset.MSVCR80 ref: 00406D0D
                                                                            • CreateFontIndirectW.GDI32(00000000), ref: 00406D7E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: LongWindow$ClassCreateCursorFontIndirectLoadNameObjectStocklstrcmpimemset
                                                                            • String ID: Anchor Color$Anchor Color Visited$Software\Microsoft\Internet Explorer\Settings$static
                                                                            • API String ID: 537339791-2739629574
                                                                            • Opcode ID: 99ecedde21c05c3d22bbeafe7e2b67f4cdb7fe62b879cd42fd35616c0f2689b9
                                                                            • Instruction ID: 199e44e7be4628ee2e688c610ba56af09b0a08d7a3a9a70c30624c5daa12086b
                                                                            • Opcode Fuzzy Hash: 99ecedde21c05c3d22bbeafe7e2b67f4cdb7fe62b879cd42fd35616c0f2689b9
                                                                            • Instruction Fuzzy Hash: 45E14970A042689FDB64DB65CC49BAEB7B1AF04304F1042EAE54A772D2DB346EC4CF59
                                                                            Function 004AAFD0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 254COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: clock$AllocatorDebugHeapfflushfwprintf
                                                                            • String ID: CEffectStack::SelectEffect$Effect pointer is NULL.$No such effect found in stack$AN
                                                                            • API String ID: 2739697835-3664681806
                                                                            • Opcode ID: 221cc7908e8e233be853d1dd1845420aec90c9ea438a58ddf34726c8fe8ac0e0
                                                                            • Instruction ID: 60628f8e65fa033cdeac9a30f19292ee3b75e2ecbf0df95034a13fcf3e9652a5
                                                                            • Opcode Fuzzy Hash: 221cc7908e8e233be853d1dd1845420aec90c9ea438a58ddf34726c8fe8ac0e0
                                                                            • Instruction Fuzzy Hash: FEB13A70E00208DFDB14DFA9C895BEEBBB5FF59314F10811EE415AB292DB786905CB98
                                                                            Function 00BB9C70 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 160COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            • Ignoring attempt to set negative chromaticity value, xrefs: 00BB9F1B
                                                                            • Ignoring attempt to set chromaticity value exceeding 21474.83, xrefs: 00BB9F0B
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: _ftol
                                                                            • String ID: Ignoring attempt to set chromaticity value exceeding 21474.83$Ignoring attempt to set negative chromaticity value
                                                                            • API String ID: 2545261903-1928962588
                                                                            • Opcode ID: 3f56ec2db3fc1ca85903a98619f27c2295566257b2a88fa86aed4e9f67b4d511
                                                                            • Instruction ID: 6456b4c038c8cb1d6d6f49463760314b90dea20f2aca757bc7e01c34bb30960b
                                                                            • Opcode Fuzzy Hash: 3f56ec2db3fc1ca85903a98619f27c2295566257b2a88fa86aed4e9f67b4d511
                                                                            • Instruction Fuzzy Hash: 65513C70005B5AD7EB106F10F61C3A6BBF4FB89790F010E9AE1E5551A9DFB1E4A9C702
                                                                            Function 00BBCC40 Relevance: 17.7, APIs: 1, Strings: 9, Instructions: 159COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • Duplicate sRGB chunk, xrefs: 00BBCC9E
                                                                            • Unknown sRGB intent, xrefs: 00BBCD0C
                                                                            • Ignoring incorrect gAMA value when sRGB is also present, xrefs: 00BBCD38
                                                                            • incorrect gamma=(%d/100000), xrefs: 00BBCD53
                                                                            • Invalid sRGB after IDAT, xrefs: 00BBCC5F
                                                                            • Missing IHDR before sRGB, xrefs: 00BBCC4E
                                                                            • Out of place sRGB chunk, xrefs: 00BBCC80
                                                                            • Ignoring incorrect cHRM value when sRGB is also present, xrefs: 00BBCE14
                                                                            • Incorrect sRGB chunk length, xrefs: 00BBCCC4
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Duplicate sRGB chunk$Ignoring incorrect cHRM value when sRGB is also present$Ignoring incorrect gAMA value when sRGB is also present$Incorrect sRGB chunk length$Invalid sRGB after IDAT$Missing IHDR before sRGB$Out of place sRGB chunk$Unknown sRGB intent$incorrect gamma=(%d/100000)
                                                                            • API String ID: 0-1854797742
                                                                            • Opcode ID: 15d62596973379f738e0b8c0f291941daaae913da8739d71c017c38a12be711d
                                                                            • Instruction ID: af90abe57d709b34c2ba3bdbe020a2d6d87fe2fbb4e17b999ed89d70ed677c9f
                                                                            • Opcode Fuzzy Hash: 15d62596973379f738e0b8c0f291941daaae913da8739d71c017c38a12be711d
                                                                            • Instruction Fuzzy Hash: C841E5716006456BE724E618DCC6EFB6BD4EF81B54F1408E9F548E2392C7D8FCA492B2
                                                                            Function 005139F0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 149memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,?,?,A7504B2B), ref: 00513A57
                                                                            • ~_Mpunct.LIBCPMTD ref: 00513AF1
                                                                              • Part of subcall function 004166C0: ?DestroyFrames@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166D3
                                                                              • Part of subcall function 004166C0: ?Destroy@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166DB
                                                                            • ??2@YAPAXI@Z.MSVCR80(000001C4,352x288,?,?,?,?,00000000,?,?,A7504B2B), ref: 00513B1A
                                                                            • ??0CxImage@@QAE@ABV0@_N11@Z.CXIMAGECRT(?,00000001,00000001,00000001,00000000,?,?,A7504B2B), ref: 00513B48
                                                                            • ~_Mpunct.LIBCPMTD ref: 00513B85
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 00513A74
                                                                              • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                              • Part of subcall function 0050DF50: _DebugHeapAllocator.LIBCPMTD ref: 0050DF91
                                                                              • Part of subcall function 0050DF50: _DebugHeapAllocator.LIBCPMTD ref: 0050DFAD
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 00513BCC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$Image@@$Mpunct$??2@DestroyDestroy@Frames@N11@V0@_
                                                                            • String ID: %d.png$352x288$352x288
                                                                            • API String ID: 1128305235-4221946874
                                                                            • Opcode ID: 3d3a3092ae457ba20b6bf654cef30ca65db4711d383323e92277891cfebd2fe8
                                                                            • Instruction ID: 81933645b3eb8f3328e915e61d60693adeebe1464ca0442654379e8e1d16d656
                                                                            • Opcode Fuzzy Hash: 3d3a3092ae457ba20b6bf654cef30ca65db4711d383323e92277891cfebd2fe8
                                                                            • Instruction Fuzzy Hash: F07116B0D01259DADB24EB64D899BEEBBB4BB04304F1086EDE419A72C1DB745F84CF94
                                                                            Function 005047C0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0_Lockit@std@@QAE@H@Z.MSVCP80(00000000,A7504B2B,?,?,?,00000000,00538D49,000000FF,?,0050405E,?), ref: 005047EA
                                                                            • ??Bid@locale@std@@QAEIXZ.MSVCP80(?,?,?,00000000,00538D49,000000FF,?,0050405E), ref: 00504804
                                                                            • ?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z.MSVCP80(00538D49,?,?,?,00000000,00538D49,000000FF,?,0050405E), ref: 00504814
                                                                            • ??1_Lockit@std@@QAE@XZ.MSVCP80(00585C98,00585C98), ref: 00504898
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Getfacet@locale@std@@Vfacet@12@
                                                                            • String ID: ^@P$bad cast
                                                                            • API String ID: 2261832285-3230263104
                                                                            • Opcode ID: 3b2a1131cef9067ba1ac1022581be8c82768a399d86bdfc45b63dcb7fc16c2e6
                                                                            • Instruction ID: 824bbbae0ea1dedba38b35fd60e665a14d2ea96d15b6e9388a122e9d75c37290
                                                                            • Opcode Fuzzy Hash: 3b2a1131cef9067ba1ac1022581be8c82768a399d86bdfc45b63dcb7fc16c2e6
                                                                            • Instruction Fuzzy Hash: 4631F9B4D04209DFDB08DFA5E845AAEBBB5FF58310F108A2AE922A33D0DB745905DF50
                                                                            Function 00499B60 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0_Lockit@std@@QAE@H@Z.MSVCP80(00000000,A7504B2B,?,00495099,00531878,000000FF,?,004968AA,00495099,?), ref: 00499B8A
                                                                            • ??Bid@locale@std@@QAEIXZ.MSVCP80(?,00495099,00531878,000000FF,?,004968AA,00495099,?), ref: 00499BA5
                                                                            • ?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z.MSVCP80(?,?,00495099,00531878,000000FF,?,004968AA,00495099,?), ref: 00499BB5
                                                                            • ??1_Lockit@std@@QAE@XZ.MSVCP80(?,?,00495099), ref: 00499C3A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Getfacet@locale@std@@Vfacet@12@
                                                                            • String ID: bad cast
                                                                            • API String ID: 2261832285-3145022300
                                                                            • Opcode ID: e8d9317ff7b667e4345a0d9ab4755c0ed9f6fbdd2f1abd810e1704a9855df511
                                                                            • Instruction ID: ac16ab481d142800d0c9b8599a912b67046f6ada141286fa39e373667d809841
                                                                            • Opcode Fuzzy Hash: e8d9317ff7b667e4345a0d9ab4755c0ed9f6fbdd2f1abd810e1704a9855df511
                                                                            • Instruction Fuzzy Hash: 9A31FDB4D04219DFDF04DF98EC44AAEBBB5FB58310F10862AE922A33A0D7785905DF55
                                                                            Function 00403D80 Relevance: 16.9, APIs: 11, Instructions: 407COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Image$Ipow
                                                                            • String ID:
                                                                            • API String ID: 2361920412-0
                                                                            • Opcode ID: ae5365c12a2100a1903be52b5529a37c0f6dfca9bd181234086edb2fe99e62fb
                                                                            • Instruction ID: 2a68433d30ada8fa05db26af022ad57aeecc5f41bf496e9e98d865bd8f4dde78
                                                                            • Opcode Fuzzy Hash: ae5365c12a2100a1903be52b5529a37c0f6dfca9bd181234086edb2fe99e62fb
                                                                            • Instruction Fuzzy Hash: 180255B0608301CFC314DF29D585A5ABBF1FF88304F11899DE9999B2A6D731E865CF86
                                                                            Function 00BBBD20 Relevance: 16.8, APIs: 2, Strings: 9, Instructions: 314COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            • Not enough memory to decompress chunk, xrefs: 00BBBF59
                                                                            • Not enough memory to decompress chunk.., xrefs: 00BBBE5C
                                                                            • Buffer error in compressed datastream in %s chunk, xrefs: 00BBBFE6
                                                                            • Not enough memory for text., xrefs: 00BBC054
                                                                            • Not enough memory to decompress chunk., xrefs: 00BBBDD5
                                                                            • Data error in compressed datastream in %s chunk, xrefs: 00BBBFFE
                                                                            • Unknown zTXt compression type %d, xrefs: 00BBC0B7
                                                                            • Incomplete compressed datastream in %s chunk, xrefs: 00BBC011
                                                                            • Error decoding compressed text, xrefs: 00BBBF15, 00BBBFB0
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: sprintf
                                                                            • String ID: Buffer error in compressed datastream in %s chunk$Data error in compressed datastream in %s chunk$Error decoding compressed text$Incomplete compressed datastream in %s chunk$Not enough memory for text.$Not enough memory to decompress chunk$Not enough memory to decompress chunk.$Not enough memory to decompress chunk..$Unknown zTXt compression type %d
                                                                            • API String ID: 590974362-1349257056
                                                                            • Opcode ID: c574cfb1be46fc766cd4d0dcad4e9aed8f2e66d88e2508abe8694121230a2c95
                                                                            • Instruction ID: 84dda99d968ca64c5466ddce437ac674e0f79c3ad76251876832a03256a1bf22
                                                                            • Opcode Fuzzy Hash: c574cfb1be46fc766cd4d0dcad4e9aed8f2e66d88e2508abe8694121230a2c95
                                                                            • Instruction Fuzzy Hash: 51B17B716042498FCB24DE68C881ABFB7EAEF84300F44456CFD8A97341DBF5A904CB92
                                                                            Function 00421CF0 Relevance: 16.8, APIs: 11, Instructions: 266windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetWindowDC.USER32(?,A7504B2B), ref: 00421D28
                                                                            • memset.MSVCR80 ref: 00421D39
                                                                            • SendMessageW.USER32(?,0000104B,00000000,0000000A), ref: 00421D6A
                                                                            • GetFocus.USER32 ref: 00421DBA
                                                                            • FillRect.USER32(00000000,?,00000000), ref: 00421DFA
                                                                            • FillRect.USER32(00000000,?,00000000), ref: 00421E4F
                                                                            • FillRect.USER32(00000000,?,00000000), ref: 00421EA1
                                                                            • FillRect.USER32(00000000,?,00000000), ref: 00421F01
                                                                              • Part of subcall function 00418B80: CreateSolidBrush.GDI32(A7504B2B), ref: 00418B8B
                                                                              • Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805
                                                                            • FillRect.USER32(00000000,?,00000000), ref: 00421F86
                                                                            • FillRect.USER32(00000000,?,00000000), ref: 00421FE4
                                                                            • FillRect.USER32(00000000,?,00000000), ref: 00422050
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: FillRect$BrushCreateFocusMessageSendSolidWindowmemset
                                                                            • String ID:
                                                                            • API String ID: 3296630587-0
                                                                            • Opcode ID: bd8db1096d9cabbb8c9f779fe1f9d4af00673308db442fb5e711c755f01d8847
                                                                            • Instruction ID: 1f0a01801004120218575c110c1400e9efd9d02beb715d72da90ce3cbae75a6f
                                                                            • Opcode Fuzzy Hash: bd8db1096d9cabbb8c9f779fe1f9d4af00673308db442fb5e711c755f01d8847
                                                                            • Instruction Fuzzy Hash: EAB126B0A042189FCB04EFE9CD91BDEBB74BF54308F10815EE106AB295DF346A85CB44
                                                                            Function 00B91AA0 Relevance: 16.7, APIs: 11, Instructions: 152windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • memset.MSVCR80 ref: 00B91AC2
                                                                            • IsWindow.USER32(?), ref: 00B91ACB
                                                                            • SendMessageA.USER32(?,0000042C,0000002C,?), ref: 00B91AE5
                                                                            • ICSendMessage.MSVFW32(?,0000400E,00000000,00000000), ref: 00B91B7D
                                                                            • ICClose.MSVFW32(?,?,0000400E,00000000,00000000), ref: 00B91B86
                                                                            • ICOpen.MSVFW32(43444956,?,00000002), ref: 00B91B97
                                                                            • ICSendMessage.MSVFW32(00000000,0000400C,?,?,43444956,?,00000002), ref: 00B91BB7
                                                                            • cvReleaseImage.CXCORE099(?,00000000,0000400C,?,?,43444956,?,00000002), ref: 00B91BC8
                                                                            • cvCreateImage.CXCORE099(?,?,00000008,00000003,?,00000000,0000400C,?,?,43444956,?,00000002), ref: 00B91BDB
                                                                            • ICDecompress.MSVFW32(?,00000000,?,?,00000008,?,?,?,00000008,00000003,?,00000000,0000400C,?,?,43444956), ref: 00B91C08
                                                                            • cvInitImageHeader.CXCORE099(?,?,?,00000008,00000003,00000001,00000004,?,?,?,?,00000000,0000400C,?,?,43444956), ref: 00B91C2F
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ImageMessageSend$CloseCreateDecompressHeaderInitOpenReleaseWindowmemset
                                                                            • String ID:
                                                                            • API String ID: 2363853983-0
                                                                            • Opcode ID: 4d66b33db47b87435439d3d4777eebc809bc781824500107d53350743be99990
                                                                            • Instruction ID: f722e5ac73b2dc57269b18ff6922b45c49d643f4d65add79988010ee4ad1461b
                                                                            • Opcode Fuzzy Hash: 4d66b33db47b87435439d3d4777eebc809bc781824500107d53350743be99990
                                                                            • Instruction Fuzzy Hash: 40518E712443019BDB24EF18CC91F6B77E9EF94700F1448ADFA40AB282E771E845DB91
                                                                            Function 004087B0 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 464memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetSystemMetrics.USER32(00000004), ref: 004087E6
                                                                              • Part of subcall function 0040DA70: SetWindowPos.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,0040880B,?,?,0040880B,00000000,00000000,00000000,000001E2,-0000012B), ref: 0040DA95
                                                                              • Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD
                                                                              • Part of subcall function 00406670: GetParent.USER32 ref: 0040669A
                                                                              • Part of subcall function 00406670: GetWindowRect.USER32(?,?), ref: 004066C0
                                                                              • Part of subcall function 00406670: GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
                                                                              • Part of subcall function 00406670: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D
                                                                              • Part of subcall function 004CB5F0: SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004CB626
                                                                              • Part of subcall function 004CB5F0: _wmkdir.MSVCR80 ref: 004CB633
                                                                              • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                              • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                              • Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                            • MoveWindow.USER32(00000000,?,00000485,00000015,0000002D,00000052,00000017,00000000,00000117,000000C6,000000AF,00000017,00000001,00000000,?,0000048A), ref: 00408C6C
                                                                            • MoveWindow.USER32(00000000,?,0000048B,0000011C,00000104,00000058,00000017,00000000), ref: 00408CA4
                                                                            • MoveWindow.USER32(00000000,?,0000048C,0000017A,00000104,00000058,00000017,00000000), ref: 00408CDC
                                                                            • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00408D50
                                                                            • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00408DF3
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 00408E57
                                                                            Strings
                                                                            • http://manycam.com/help/effects, xrefs: 00408A61
                                                                            • \ManyCam\TempBackgroundPreview, xrefs: 00408853
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Window$AllocatorDebugHeapMove$ParentSystem$Base::Concurrency::details::Concurrency::task_options::get_schedulerFileFindFirstFolderInfoLongMetricsParametersPathPolicyRectSchedulerSpecial_wmkdir
                                                                            • String ID: \ManyCam\TempBackgroundPreview$http://manycam.com/help/effects
                                                                            • API String ID: 802195438-2992585156
                                                                            • Opcode ID: ad0380625fa3cecf4b5e51684995b29088e82c278d6510ee7f53ab51bdbc22ca
                                                                            • Instruction ID: 373e2faf4f294b9354e902988eb878b0a96774ffebd8d1961b2fcec7c08dd6c9
                                                                            • Opcode Fuzzy Hash: ad0380625fa3cecf4b5e51684995b29088e82c278d6510ee7f53ab51bdbc22ca
                                                                            • Instruction Fuzzy Hash: 11121F70A041189BEB24EB55CD91BED7775AF44308F0044EEA20E7B2C2DE796E94CF69
                                                                            Function 004099E0 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 433memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • memset.MSVCR80 ref: 00409A4E
                                                                              • Part of subcall function 0040F0F0: SendMessageW.USER32(-0000012F,00000147,00000000,00000000), ref: 0040F106
                                                                            • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00409AD9
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 00409B1D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorBase::Concurrency::details::DebugHeapMessagePolicySchedulerSendmemset
                                                                            • String ID: New category...$mce
                                                                            • API String ID: 1679045135-800315401
                                                                            • Opcode ID: 84cff37b60f26b6a8f6ffd572ec932ad64bfde54e516b5dd0315aff2655b6aaf
                                                                            • Instruction ID: f62fc7b589a48f9eaf1a8544f81ff00b290309f3dd4f0067dcca3c15644f716f
                                                                            • Opcode Fuzzy Hash: 84cff37b60f26b6a8f6ffd572ec932ad64bfde54e516b5dd0315aff2655b6aaf
                                                                            • Instruction Fuzzy Hash: B5121D719012199BCB24EB65CC99BAEB7B5AF44304F1041EEE10AB72D1DB386F84CF59
                                                                            Function 004D1350 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 253COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                              • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                            • GetTickCount.KERNEL32 ref: 004D1414
                                                                            • GetTickCount.KERNEL32 ref: 004D1444
                                                                            • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D14CE
                                                                              • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                            Strings
                                                                            • Playback mode is now %s., xrefs: 004D165E
                                                                            • CPlayList::SetPlaybackMode (%s), xrefs: 004D1387
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: CountTickclock$AllocatorConcurrency::cancellation_token_source::~cancellation_token_sourceDebugHeap
                                                                            • String ID: CPlayList::SetPlaybackMode (%s)$Playback mode is now %s.
                                                                            • API String ID: 1115989059-4040813284
                                                                            • Opcode ID: 263e4469555b9ead60d827bbea961355ac1bf97b033ce6d991a803799773ecf7
                                                                            • Instruction ID: 9d0510614a657932bc22ac5f2c18324a99722429085df9436aa323c14c0834bd
                                                                            • Opcode Fuzzy Hash: 263e4469555b9ead60d827bbea961355ac1bf97b033ce6d991a803799773ecf7
                                                                            • Instruction Fuzzy Hash: 66B14CB0E04218EFDB04DFD8C8A5BAEBBB1BF44308F10815EE8066B395DB789945CB55
                                                                            Function 00BBDC20 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 187COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • malformed width string in sCAL chunk, xrefs: 00BBDD12
                                                                            • Invalid sCAL data, xrefs: 00BBDDC6
                                                                            • Invalid sCAL after IDAT, xrefs: 00BBDC71
                                                                            • Missing IHDR before sCAL, xrefs: 00BBDC32
                                                                            • malformed height string in sCAL chunk, xrefs: 00BBDD55
                                                                            • Duplicate sCAL chunk, xrefs: 00BBDCA2
                                                                            • Out of memory while processing sCAL chunk, xrefs: 00BBDC57
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Duplicate sCAL chunk$Invalid sCAL after IDAT$Invalid sCAL data$Missing IHDR before sCAL$Out of memory while processing sCAL chunk$malformed height string in sCAL chunk$malformed width string in sCAL chunk
                                                                            • API String ID: 0-2190877121
                                                                            • Opcode ID: 3d58a6fef7a9dc5b87a20275046a122ccb8ce910b505f25955fc21deddd8c998
                                                                            • Instruction ID: 6e12b7665773636694042c42e2fab95c99dddf21b94081067c091a95d50a7524
                                                                            • Opcode Fuzzy Hash: 3d58a6fef7a9dc5b87a20275046a122ccb8ce910b505f25955fc21deddd8c998
                                                                            • Instruction Fuzzy Hash: C2414E756002042BD700BB04ACC1EFB77D8EFC6B65F8405D9F98852253E7EE991A92B2
                                                                            Function 00BBC470 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 130COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            • Invalid gAMA after IDAT, xrefs: 00BBC48F
                                                                            • Ignoring incorrect gAMA value when sRGB is also present, xrefs: 00BBC572
                                                                            • Duplicate gAMA chunk, xrefs: 00BBC4D2
                                                                            • Ignoring gAMA chunk with gamma=0, xrefs: 00BBC548
                                                                            • gamma = (%d/100000), xrefs: 00BBC587
                                                                            • Missing IHDR before gAMA, xrefs: 00BBC47E
                                                                            • Incorrect gAMA chunk length, xrefs: 00BBC4F8
                                                                            • Out of place gAMA chunk, xrefs: 00BBC4B0
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: fprintf
                                                                            • String ID: Duplicate gAMA chunk$Ignoring gAMA chunk with gamma=0$Ignoring incorrect gAMA value when sRGB is also present$Incorrect gAMA chunk length$Invalid gAMA after IDAT$Missing IHDR before gAMA$Out of place gAMA chunk$gamma = (%d/100000)
                                                                            • API String ID: 383729395-996772653
                                                                            • Opcode ID: 2f12f70489f75b95bc38666ccd36350b3e3dc8a5b1a9aabae1c178908b6d4e32
                                                                            • Instruction ID: 5d2d4baf0e1025db1494f64e1d4d0d1b60b3c1703b779e9f63a496171b286cdf
                                                                            • Opcode Fuzzy Hash: 2f12f70489f75b95bc38666ccd36350b3e3dc8a5b1a9aabae1c178908b6d4e32
                                                                            • Instruction Fuzzy Hash: E23157B27006042BD610FA19EC92EFF7BD8EFD1755F0804E9F588A2253DBD49A0182E6
                                                                            Function 0050E050 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 116memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0050E09D
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0050E0C5
                                                                              • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4E3
                                                                              • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4FF
                                                                            • ??0CxImage@@QAE@PAEKK@Z.CXIMAGECRT(&<Q,?,00000000,?,?,?,&<Q), ref: 0050E12E
                                                                            • ?Encode2RGBA@CxImage@@QAE_NAAPAEAAJ_N@Z.CXIMAGECRT(00000000,00000000,00000000,&<Q,?,00000000,?,?,?,&<Q), ref: 0050E155
                                                                            • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,&<Q,?,00000000,?,?,?,&<Q), ref: 0050E160
                                                                            • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,&<Q,?,00000000,?,?,?,&<Q), ref: 0050E16C
                                                                            • ??3@YAXPAX@Z.MSVCR80(?,00000000,?,?,00000008,00000004,00000000,00000004,00000000,00000000,00000000,00000000,00000000,&<Q,?,00000000), ref: 0050E1B7
                                                                            • ~_Mpunct.LIBCPMTD ref: 0050E1D3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeapImage@@$??3@Encode2Height@MpunctWidth@
                                                                            • String ID: &<Q
                                                                            • API String ID: 2867035028-2887711709
                                                                            • Opcode ID: fbbaa05d77a0a2c3aee7ba4de5523e50d8f2c9dc1e9e8a6a3e8fff9c4fd9968c
                                                                            • Instruction ID: 4fa1d1e2ea6a526748637154a1db03ed3227427cf2602f353b57d12039db24cc
                                                                            • Opcode Fuzzy Hash: fbbaa05d77a0a2c3aee7ba4de5523e50d8f2c9dc1e9e8a6a3e8fff9c4fd9968c
                                                                            • Instruction Fuzzy Hash: 175137B1D00259AFDB14EF54CC46BEEBBB8AF54304F1082ADE519A7281DB746B84CF90
                                                                            Function 00B95370 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 116COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvError.CXCORE099(000000E5,cvResizeWindow,NULL name,.\window_w32.cpp,000002A9), ref: 00B95392
                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00B9540A
                                                                            • GetClientRect.USER32(?,?), ref: 00B95415
                                                                            • GetWindowRect.USER32(?,?), ref: 00B95424
                                                                            • MoveWindow.USER32(?,00000001,?,?,?,00000001,?,?,?,?,00000000), ref: 00B95460
                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00B954A2
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Move$Rect$ClientError
                                                                            • String ID: .\window_w32.cpp$NULL name$cvResizeWindow
                                                                            • API String ID: 3901070998-2204944233
                                                                            • Opcode ID: bacbd2835c980b100319c26609096e08bb296ad4098642e6969e94b8079c553f
                                                                            • Instruction ID: 325be935fdbd6aa692cd579f16625d861016bd2c3417570e5b2a8840696cba5a
                                                                            • Opcode Fuzzy Hash: bacbd2835c980b100319c26609096e08bb296ad4098642e6969e94b8079c553f
                                                                            • Instruction Fuzzy Hash: 20317975214301AFCB18DF28CC95D2BB7E9FBC8714F098A5CF98A97254E670E8018B91
                                                                            Function 004197E0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 80memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0041987F
                                                                              • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                              • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                              • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004198BD
                                                                            • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,0000047D,00000046,0053E730,data\images\backgroundControl\background\,00000046,?,?,A7504B2B,?,0000047D,00000023,00000046), ref: 004198E0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$Image@@Load@
                                                                            • String ID: .png$0S$LS$`S$data\images\backgroundControl\background\$S
                                                                            • API String ID: 1315443971-3997788365
                                                                            • Opcode ID: 02809580c12525f98958325a7bfa43803c747b7b9b7e3c1d56384f9c16ba48a1
                                                                            • Instruction ID: c255484564948487ca09c12a6e8e79ec8d091f34d803f33d82e763e2732db065
                                                                            • Opcode Fuzzy Hash: 02809580c12525f98958325a7bfa43803c747b7b9b7e3c1d56384f9c16ba48a1
                                                                            • Instruction Fuzzy Hash: B13114B1D11288EBDB08EF95D886BDEBBF4FB05308F10452EE4117B281DB741949CB99
                                                                            Function 0041FDA0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 77memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0041FE2A
                                                                              • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                              • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                              • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0041FE68
                                                                            • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,?,?,005429BC,data\images\maindlg\,?,?,?,A7504B2B), ref: 0041FE8B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$Image@@Load@
                                                                            • String ID: .png$0*T$P*T$data\images\maindlg\$t*T$)T
                                                                            • API String ID: 1315443971-2295826820
                                                                            • Opcode ID: b28412237c5bc7e99220c79d57fe91d3a5a16ad0d12286994cfe2e3a1bceef49
                                                                            • Instruction ID: f5b459e8cabe00e602950f671fa5acb7728e02973b21c567d8fe0f45fcb8015d
                                                                            • Opcode Fuzzy Hash: b28412237c5bc7e99220c79d57fe91d3a5a16ad0d12286994cfe2e3a1bceef49
                                                                            • Instruction Fuzzy Hash: 353137B1D01258ABCB18DF95E985BDDBBB4FF04308F50452EF41677281CBB81A09CB99
                                                                            Function 00504470 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0_Lockit@std@@QAE@H@Z.MSVCP80(00000000,A7504B2B,?,00538D19,000000FF,?,005028F6,?,?,00000000,00000001), ref: 0050449A
                                                                            • ??Bid@locale@std@@QAEIXZ.MSVCP80(?,005028F6,?,?,00000000), ref: 005044B4
                                                                            • ?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z.MSVCP80(005028F6,?,005028F6,?,?,00000000), ref: 005044C4
                                                                            • ??1_Lockit@std@@QAE@XZ.MSVCP80(00585C98,00585C98), ref: 00504548
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Getfacet@locale@std@@Vfacet@12@
                                                                            • String ID: bad cast
                                                                            • API String ID: 2261832285-3145022300
                                                                            • Opcode ID: 923687adefb6f0c19f08b85b92506c3169178af31264b40b8c27a0d15710eb83
                                                                            • Instruction ID: daf008f5657916d2d0eedf94b6e793cb89aacae9b3ddac5973414a6306a2ac1a
                                                                            • Opcode Fuzzy Hash: 923687adefb6f0c19f08b85b92506c3169178af31264b40b8c27a0d15710eb83
                                                                            • Instruction Fuzzy Hash: CE31F7B5D04209DFDB18DFA4EC45AAEBBB4FB58310F10862AE922A33D0DB745945DF50
                                                                            Function 00B96810 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 51registrywindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadIconA.USER32 ref: 00B9685D
                                                                            • LoadCursorA.USER32(00000000,00007F03), ref: 00B9686D
                                                                            • GetStockObject.GDI32(00000002), ref: 00B9687F
                                                                            • RegisterClassA.USER32(?), ref: 00B96890
                                                                            • GetStockObject.GDI32(00000002), ref: 00B968A1
                                                                            • RegisterClassA.USER32(?), ref: 00B968B4
                                                                              • Part of subcall function 00BDBDA9: __onexit.MSVCRT ref: 00BDBDAD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ClassLoadObjectRegisterStock$CursorIcon__onexit
                                                                            • String ID: #$HighGUI class$Main HighGUI class
                                                                            • API String ID: 1477171359-2338146754
                                                                            • Opcode ID: 1dcc0684175f16a4743a60ba82c4ef0c2cf243225e40fbc357ceaf89d5e64d49
                                                                            • Instruction ID: c28e802bf3dd6dd4d86efbaba184166e4b4f6d0d929e8c287c467e14abe1a2ea
                                                                            • Opcode Fuzzy Hash: 1dcc0684175f16a4743a60ba82c4ef0c2cf243225e40fbc357ceaf89d5e64d49
                                                                            • Instruction Fuzzy Hash: 2E1116B28193119FC740DF69D888A0AFBE4FB88B04F00096FF48897261E7B495498F86
                                                                            Function 00402680 Relevance: 15.4, APIs: 10, Instructions: 409COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvSet.CXCORE099(?,?,?,?,?,?,00000000), ref: 004026F7
                                                                            • cvGEMM.CXCORE099(?,?), ref: 00402755
                                                                            • _CIsqrt.MSVCR80 ref: 004027F6
                                                                            • cvGEMM.CXCORE099(?,?), ref: 00402852
                                                                            • cvSet2D.CXCORE099(?,?,?), ref: 004028DB
                                                                            • cvGEMM.CXCORE099(?,?,?,00000000,?,00000000), ref: 00402925
                                                                            • cvSet2D.CXCORE099(?,?,?), ref: 0040299E
                                                                            • cvGEMM.CXCORE099(?,?,?,00000000,?,00000000), ref: 00402A4D
                                                                            • cvGEMM.CXCORE099(?,?), ref: 00402ADA
                                                                            • cvLine.CXCORE099(?,?,?,?,?), ref: 00402B4D
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Set2$IsqrtLine
                                                                            • String ID:
                                                                            • API String ID: 2296038289-0
                                                                            • Opcode ID: 5380ecd6c58ae11980828ad1f4b84ea6df1e54ba14efa23bf64b0481e8ed7457
                                                                            • Instruction ID: 98af563dca7e08dae4733c818569099b16958337ef14baff457f1a71e3476642
                                                                            • Opcode Fuzzy Hash: 5380ecd6c58ae11980828ad1f4b84ea6df1e54ba14efa23bf64b0481e8ed7457
                                                                            • Instruction Fuzzy Hash: C8F16CB1A05601DFC305AF60D589A6ABFF0FF84740F614D88E4D5262A9E731D8B5CF86
                                                                            Function 00B95630 Relevance: 15.1, APIs: 10, Instructions: 145COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00B94A80: GetWindowLongA.USER32(?,000000EB), ref: 00B94A83
                                                                            • DefWindowProcA.USER32(?,?,?,?), ref: 00B95656
                                                                            • CallWindowProcA.USER32(?,?,?,?,?), ref: 00B95687
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Proc$CallLong
                                                                            • String ID:
                                                                            • API String ID: 2055830364-0
                                                                            • Opcode ID: 781e254806f28d8ec1998a1fdf62ac066f1f4662daf48ff0b73b9976a098207e
                                                                            • Instruction ID: 07f4ca85a8015ac2f5064d515c453b55e06e997a5d10826443d9742014c300f8
                                                                            • Opcode Fuzzy Hash: 781e254806f28d8ec1998a1fdf62ac066f1f4662daf48ff0b73b9976a098207e
                                                                            • Instruction Fuzzy Hash: 1841A2B2644700AFD720DB28DC95F6BB3E8FB88710F408A1DFA8593291D770ED018BA5
                                                                            Function 004057D0 Relevance: 15.1, APIs: 10, Instructions: 88COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,00000000), ref: 004057DA
                                                                            • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,00000000), ref: 004057EC
                                                                            • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,00000000), ref: 004057FE
                                                                            • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405810
                                                                              • Part of subcall function 004053A0: cvSet.CXCORE099(?,?,?,?,00000000,?,FFFFFFFE,?,00405829), ref: 004053C2
                                                                              • Part of subcall function 004055D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,FFFFFFFE,?,?,?,00405837,?), ref: 004055E2
                                                                              • Part of subcall function 004055D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,FFFFFFFE,?,?,?,00405837,?), ref: 004055F4
                                                                              • Part of subcall function 004055D0: cvGEMM.CXCORE099(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFE), ref: 00405639
                                                                              • Part of subcall function 004055D0: cvSet.CXCORE099(?), ref: 00405662
                                                                              • Part of subcall function 004055D0: _CIcos.MSVCR80 ref: 004056A5
                                                                              • Part of subcall function 004055D0: _CIsin.MSVCR80 ref: 004056BA
                                                                              • Part of subcall function 00405740: cvSet.CXCORE099(?,?,?,?,00000000,?,FFFFFFFE,?,00405847), ref: 00405762
                                                                            • cvGEMM.CXCORE099(?,?), ref: 0040586A
                                                                            • cvGEMM.CXCORE099(?,?), ref: 00405895
                                                                            • cvReleaseMat.CXCORE099(?), ref: 004058A2
                                                                            • cvReleaseMat.CXCORE099(?), ref: 004058AF
                                                                            • cvReleaseMat.CXCORE099(?), ref: 004058BC
                                                                            • cvReleaseMat.CXCORE099(?), ref: 004058C9
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Create$Release$IcosIsin
                                                                            • String ID:
                                                                            • API String ID: 2101255812-0
                                                                            • Opcode ID: ca56298a2f5984f68f116382747911cee6aa4628ff14558b2bd9ab42edaa6797
                                                                            • Instruction ID: 0f02d04bed9878b01ec6eb7d24bee74ec2e50252446297c38aea4db588333580
                                                                            • Opcode Fuzzy Hash: ca56298a2f5984f68f116382747911cee6aa4628ff14558b2bd9ab42edaa6797
                                                                            • Instruction Fuzzy Hash: E5215CB0A05702ABD610FB649C4BB1BBBA0AFC4704F444D2CFA94662C1EA71D528CB97
                                                                            Function 004888F0 Relevance: 15.1, APIs: 10, Instructions: 73COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(A7504B2B,?,?,?,?,?,?,00530C89,000000FF), ref: 00488924
                                                                            • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 00488936
                                                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 00488941
                                                                            • ?capacity@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 00488952
                                                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 0048895D
                                                                            • ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z.MSVCP80(00000000,00000000,?,?,?,?,00530C89,000000FF), ref: 0048897B
                                                                            • ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z.MSVCP80(?,?,?,?,?,00530C89,000000FF), ref: 00488998
                                                                            • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 004889A8
                                                                            • ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z.MSVCP80(00000000,00000000,?,?,?,?,00530C89,000000FF), ref: 004889B7
                                                                            • ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z.MSVCP80(00000000,?,?,?,?,00530C89,000000FF), ref: 004889C6
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$?append@?$basic_string@_V12@$?size@?$basic_string@D@2@@std@@D@std@@Myptr@?$basic_string@_U?$char_traits@V?$allocator@$??0?$basic_string@_??1?$basic_string@_?capacity@?$basic_string@_V12@@
                                                                            • String ID:
                                                                            • API String ID: 2582929383-0
                                                                            • Opcode ID: 99d232171a17d203477813e664fcae17ef49d5089341ea70655ec06df161d3e9
                                                                            • Instruction ID: cf8cf326054b3b9829f24e0287d30cae8bbcd3a7b8d77b238681494193127ac1
                                                                            • Opcode Fuzzy Hash: 99d232171a17d203477813e664fcae17ef49d5089341ea70655ec06df161d3e9
                                                                            • Instruction Fuzzy Hash: 62316F75900118EFDB04EF64D844AADBBB6FF98350F00852AF91697390DB349D45CF84
                                                                            Function 004013A0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 261COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvCvtColor.CV099(?,?,00000007), ref: 0040147C
                                                                            • cvError.CXCORE099(000000FB,cvCylInitModel,Invalid input frame.,.\src\cyltracker.cpp,00000126), ref: 00401675
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ColorError
                                                                            • String ID: .\src\cyltracker.cpp$Invalid input frame.$Invalid model parameters were specified.$Null pointer to tracker context.$cvCylInitModel
                                                                            • API String ID: 4088650746-2904168572
                                                                            • Opcode ID: 839d2cbad712c6fb12a95abb139124923537f8022364e14e69f8706239253386
                                                                            • Instruction ID: 1c253823393e59d8f389e9ec3cb6c3af1bef9396372c058acdeb4534553bb085
                                                                            • Opcode Fuzzy Hash: 839d2cbad712c6fb12a95abb139124923537f8022364e14e69f8706239253386
                                                                            • Instruction Fuzzy Hash: 0D81E5B2F04202ABC7027E50D9457DA7BA4FB80794F214E99E9DA711F5F33588718EC9
                                                                            Function 004F1030 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 220COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: fseek$ftell
                                                                            • String ID: zS
                                                                            • API String ID: 1687442226-3280143790
                                                                            • Opcode ID: e640e00341aeb39dc5ad3ada3b11ef7366c8acaf58e60699a3a6dc06e33046a1
                                                                            • Instruction ID: d51d2314559d3de73f7ebb59d383f0640d42414dd441d265d43309b2b2205bb6
                                                                            • Opcode Fuzzy Hash: e640e00341aeb39dc5ad3ada3b11ef7366c8acaf58e60699a3a6dc06e33046a1
                                                                            • Instruction Fuzzy Hash: 409126B1E00249ABDB04DFD4DC92BFFBB71BF44300F10455AE611AB291DB796901CB99
                                                                            Function 004D1BE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 215COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                              • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                            • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D1D02
                                                                            • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D1D45
                                                                              • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                            Strings
                                                                            • CPlayList::ActivatePlayList (%s), xrefs: 004D1C12
                                                                            • Couldn't activate item., xrefs: 004D1E4F
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Concurrency::cancellation_token_source::~cancellation_token_sourceclock$AllocatorDebugHeap
                                                                            • String ID: CPlayList::ActivatePlayList (%s)$Couldn't activate item.
                                                                            • API String ID: 666216686-3135489573
                                                                            • Opcode ID: 86a6ea1d549f1e14cb2df91f30b70f8bdc6fa07100872fae78ce2dc3a5dbc7fd
                                                                            • Instruction ID: e5225bd3be3d0e3e30ba9f0653f38cf39164d32131126bfff1481db119ea4a1f
                                                                            • Opcode Fuzzy Hash: 86a6ea1d549f1e14cb2df91f30b70f8bdc6fa07100872fae78ce2dc3a5dbc7fd
                                                                            • Instruction Fuzzy Hash: 02A1E770D00208DFDB14DFA9C995BEDBBB1BF09318F20815EE4196B392DB786A45CB94
                                                                            Function 004C9500 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 211COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 004AD340: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004AD389
                                                                            • wcscpy.MSVCR80 ref: 004C9586
                                                                            • wcscpy.MSVCR80 ref: 004C960C
                                                                            • _Smanip.LIBCPMTD ref: 004C9650
                                                                            • _Smanip.LIBCPMTD ref: 004C969B
                                                                            • fabs.MSVCR80 ref: 004C9759
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Smanipwcscpy$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_fabs
                                                                            • String ID: ManyCam Options$ManyCam Video Driver
                                                                            • API String ID: 3043553602-2679671152
                                                                            • Opcode ID: d8f914545a6770cd3ec1de607a9825b7542528df8afbb8bee092f4a7228edef5
                                                                            • Instruction ID: 1960ef59aa6a2aae985edd86a644215036cafca125c540dc4a2acd471f05383e
                                                                            • Opcode Fuzzy Hash: d8f914545a6770cd3ec1de607a9825b7542528df8afbb8bee092f4a7228edef5
                                                                            • Instruction Fuzzy Hash: 65A14275900118DBCB54EF94DD99BEEB7B4BB48304F1081EEE00A67291DB391E98CF68
                                                                            Function 004B2740 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 210memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CoTaskMemFree.OLE32(00000000,00000000), ref: 004B2816
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004B280A
                                                                              • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004B284D
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004B287B
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004B2926
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004B2938
                                                                            Strings
                                                                            • - PIN Id=%s Name=%s Dir=%s ConnectedTo=%s (%s), xrefs: 004B29AF
                                                                            • ConnectionMediaType:, xrefs: 004B29CD
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$FreeTask
                                                                            • String ID: - PIN Id=%s Name=%s Dir=%s ConnectedTo=%s (%s)$ConnectionMediaType:
                                                                            • API String ID: 2977454536-3767152877
                                                                            • Opcode ID: 7365bd653b06ff7014c07b105e705209bc8ea7cbefe77dba3365ebff6c9963ec
                                                                            • Instruction ID: 9de56078743278097fdae2ef512013b449c6826a7b1472736913757348bad0bc
                                                                            • Opcode Fuzzy Hash: 7365bd653b06ff7014c07b105e705209bc8ea7cbefe77dba3365ebff6c9963ec
                                                                            • Instruction Fuzzy Hash: 77A114719041189FCB29EB65CD84BDEB7B4AF49304F5081DAE00AA7291DB746F88CFA4
                                                                            Function 00B91C60 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 177COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • memset.MSVCR80 ref: 00B91D14
                                                                            • AVIFileCreateStreamA.AVIFIL32(?,?,vids), ref: 00B91DCD
                                                                            • AVISaveOptions.AVIFIL32(00000000,00000000,00000001,?,?,?,?,vids), ref: 00B91E52
                                                                            • AVIMakeCompressedStream.AVIFIL32(?,?,?,00000000,?,?,vids), ref: 00B91E69
                                                                            • AVIStreamSetFormat.AVIFIL32(?,00000000,?,00000428,?,?,?,00000000,?,?,vids), ref: 00B91E94
                                                                            • cvCreateImage.CXCORE099(?,?,00000008,?,?,00000000,?,00000428,?,?,?,00000000,?,?,vids), ref: 00B91EC7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Stream$Create$CompressedFileFormatImageMakeOptionsSavememset
                                                                            • String ID: vids$vids
                                                                            • API String ID: 1290796960-2916420342
                                                                            • Opcode ID: d5f6c89e975ee4b00564c70d84b236ad3d660cd0d6369b48b1fe2e5231c050e0
                                                                            • Instruction ID: 3860ceb6bf900c4281d0e11fdb49952893a9101950fc0f2265eadd65ac601711
                                                                            • Opcode Fuzzy Hash: d5f6c89e975ee4b00564c70d84b236ad3d660cd0d6369b48b1fe2e5231c050e0
                                                                            • Instruction Fuzzy Hash: AD717CB0508745DFD720CF29D880AABBBE8FF88355F104E6EF98883251E7349944CB52
                                                                            Function 00BB8CB0 Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 156COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            • Application is running with png.c from libpng-%.20s, xrefs: 00BB8DD4
                                                                            • Incompatible libpng version in application and library, xrefs: 00BB8DE6
                                                                            • Application was compiled with png.h from libpng-%.20s, xrefs: 00BB8DB7
                                                                            • 1.2.8, xrefs: 00BB8D57, 00BB8D84, 00BB8DCC
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: _setjmp3
                                                                            • String ID: 1.2.8$Application is running with png.c from libpng-%.20s$Application was compiled with png.h from libpng-%.20s$Incompatible libpng version in application and library
                                                                            • API String ID: 3837033383-821774253
                                                                            • Opcode ID: 5b45db52063ac99a70f7d432f4396e2b6d90a5c7765a45e6c922285ad1a5b184
                                                                            • Instruction ID: 8a7631986fd9a5fabe5ca7184dea145fbbc9d828b31f07e82eb0ad5218736cde
                                                                            • Opcode Fuzzy Hash: 5b45db52063ac99a70f7d432f4396e2b6d90a5c7765a45e6c922285ad1a5b184
                                                                            • Instruction Fuzzy Hash: D141FF71A416086FE720AB649C42FFBB7E9DF55300F14419AF98857282EBF0AD01C7A5
                                                                            Function 004B91B0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 152memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                              • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004B91FE
                                                                              • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                            • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004B921B
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004B9286
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004B9292
                                                                            • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004B9346
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004B937C
                                                                              • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_clock
                                                                            • String ID: CManyCamGraphMgr::AddFileInput$FILE%d
                                                                            • API String ID: 2060279746-2550898069
                                                                            • Opcode ID: 554f504c3c04030db831f41dac86bb6fd15d60918f1d20abac47e38e3ad480d2
                                                                            • Instruction ID: f87271521a58759e14b5fc00be8376ac9ef0cf63084c1a11c79c4c9345c79b8d
                                                                            • Opcode Fuzzy Hash: 554f504c3c04030db831f41dac86bb6fd15d60918f1d20abac47e38e3ad480d2
                                                                            • Instruction Fuzzy Hash: 97616D70901248EFCB04EF95C995BDEBBB4BF14308F10856EF4166B2D2DB786A09CB95
                                                                            Function 00BCC9B0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 64windowmemoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Local$AllocFocusFreeMessagesprintfvsprintf
                                                                            • String ID: %s Warning$LIBTIFF
                                                                            • API String ID: 663082726-3418978845
                                                                            • Opcode ID: 97607ac2adaa171715d2c212955dcffbbc84ab6c4b8ccff55f4d5a9a999637a0
                                                                            • Instruction ID: c5142d17dd7cd3777b6c0844ed9d92967ff0aef7dc6887874e0ac8de46ffab2f
                                                                            • Opcode Fuzzy Hash: 97607ac2adaa171715d2c212955dcffbbc84ab6c4b8ccff55f4d5a9a999637a0
                                                                            • Instruction Fuzzy Hash: 5311253620251027C20447798C48E7B7F9CEF95372B25031EF6A6D36D2DFA2DC024264
                                                                            Function 00BCCA50 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 64windowmemoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Local$AllocFocusFreeMessagesprintfvsprintf
                                                                            • String ID: %s Error$LIBTIFF
                                                                            • API String ID: 663082726-2650228428
                                                                            • Opcode ID: 511c68ad8120dea29c1ec87bebec517043de971329bad517e062adcb1ad399c2
                                                                            • Instruction ID: b5f1e84877aa68ae9ea403130dcc6b39f748a65e4c2ba8cb2a495802e144f16a
                                                                            • Opcode Fuzzy Hash: 511c68ad8120dea29c1ec87bebec517043de971329bad517e062adcb1ad399c2
                                                                            • Instruction Fuzzy Hash: 8511253610251467C20847798C58E7BBFDCEF99372F24031EF666D36D2DF619D0242A0
                                                                            Function 00BC0940 Relevance: 13.7, APIs: 1, Strings: 8, Instructions: 185COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • zero length keyword, xrefs: 00BC0AFB
                                                                            • extra interior spaces removed from keyword, xrefs: 00BC0A96
                                                                            • keyword length must be 1 - 79 characters, xrefs: 00BC0AD0
                                                                            • trailing spaces removed from keyword, xrefs: 00BC0A0F
                                                                            • invalid keyword character 0x%02X, xrefs: 00BC09D0
                                                                            • Zero length keyword, xrefs: 00BC0AB1
                                                                            • Out of memory while procesing keyword, xrefs: 00BC0990
                                                                            • leading spaces removed from keyword, xrefs: 00BC0A36
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Out of memory while procesing keyword$Zero length keyword$extra interior spaces removed from keyword$invalid keyword character 0x%02X$keyword length must be 1 - 79 characters$leading spaces removed from keyword$trailing spaces removed from keyword$zero length keyword
                                                                            • API String ID: 0-1527206911
                                                                            • Opcode ID: bedc28cd9c24573c2c705e60748bbc5797dbd2953d16a1875ad0c1ebca8dfdfe
                                                                            • Instruction ID: 4c1b2359457d57408804ede81d956ce794698a72aebb5622e8b719b94c451ec5
                                                                            • Opcode Fuzzy Hash: bedc28cd9c24573c2c705e60748bbc5797dbd2953d16a1875ad0c1ebca8dfdfe
                                                                            • Instruction Fuzzy Hash: D4515C265583888FD720AE289881FBA7BE5DF67304F4405DDF8C457343D7E6984787A2
                                                                            Function 004055D0 Relevance: 13.6, APIs: 9, Instructions: 127COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,FFFFFFFE,?,?,?,00405837,?), ref: 004055E2
                                                                            • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,FFFFFFFE,?,?,?,00405837,?), ref: 004055F4
                                                                              • Part of subcall function 00405430: cvSet.CXCORE099(?,?,?,?,?,?,?,00000000,?,?,00405609,00000000,?,?,?,?), ref: 00405455
                                                                              • Part of subcall function 00405430: _CIcos.MSVCR80 ref: 004054AB
                                                                              • Part of subcall function 00405430: _CIsin.MSVCR80 ref: 004054C0
                                                                              • Part of subcall function 00405430: _CIcos.MSVCR80 ref: 00405513
                                                                              • Part of subcall function 00405430: _CIsin.MSVCR80 ref: 00405528
                                                                            • cvGEMM.CXCORE099(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFE), ref: 00405639
                                                                            • cvSet.CXCORE099(?), ref: 00405662
                                                                            • _CIcos.MSVCR80 ref: 004056A5
                                                                            • _CIsin.MSVCR80 ref: 004056BA
                                                                            • cvGEMM.CXCORE099(?,?), ref: 00405714
                                                                            • cvReleaseMat.CXCORE099(?), ref: 00405721
                                                                            • cvReleaseMat.CXCORE099(?), ref: 0040572E
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: IcosIsin$CreateRelease
                                                                            • String ID:
                                                                            • API String ID: 2556766011-0
                                                                            • Opcode ID: 19b278f26bd2affd4bf5088c6fcf34e39657aa1821ccb0a828da2a4a6fc568fd
                                                                            • Instruction ID: f31050a243995d0c5443df83b4ae895e9b552899debfb7c8d2f859130b8e0e61
                                                                            • Opcode Fuzzy Hash: 19b278f26bd2affd4bf5088c6fcf34e39657aa1821ccb0a828da2a4a6fc568fd
                                                                            • Instruction Fuzzy Hash: 8F416AB0A05701DBD310EF24E98AA1ABBB0FF84704F814D98F5D557296DB31E839CB96
                                                                            Function 004A7F40 Relevance: 13.6, APIs: 9, Instructions: 127COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Delete
                                                                            • String ID:
                                                                            • API String ID: 1035893169-0
                                                                            • Opcode ID: 027381e0a8d9cc06f36ac8957b2692d02a27fb112fce139c5847b74b9e663b06
                                                                            • Instruction ID: 84041e226b1c2fd87843b1158a64503d8b67fa0500779cb20a2bc36cc8881071
                                                                            • Opcode Fuzzy Hash: 027381e0a8d9cc06f36ac8957b2692d02a27fb112fce139c5847b74b9e663b06
                                                                            • Instruction Fuzzy Hash: 8D512FB0914209ABEB04EFA4CD56FEEBB74AF14314F20412AF511772D1DB786E44CB69
                                                                            Function 00403140 Relevance: 13.6, APIs: 9, Instructions: 124COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00402BB0: cvCreateImage.CXCORE099(?,?,00000008,00000001,?,?,00403181,?,?), ref: 00402BC0
                                                                              • Part of subcall function 00402BB0: cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,00000000,?,0040120F), ref: 00402BD4
                                                                              • Part of subcall function 00402BB0: cvCreateImage.CXCORE099(?,?,00000020,00000003,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BE9
                                                                              • Part of subcall function 00402BB0: cvReleaseImage.CXCORE099(?,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BFE
                                                                              • Part of subcall function 00402BB0: cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C10
                                                                              • Part of subcall function 00402BB0: cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C22
                                                                            • cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,0040120F), ref: 00403198
                                                                            • cvCreateImage.CXCORE099(?,?,80000010,00000001,?,00000000,?,0040120F), ref: 004031AF
                                                                            • cvCreateImage.CXCORE099(?,?,80000010,00000001,?,?,?,?,?,00000000,?,0040120F), ref: 004031C7
                                                                            • cvReleaseImage.CXCORE099(00000000,?,00000000,?,0040120F), ref: 0040321A
                                                                            • cvReleaseImage.CXCORE099(00000004,?,00000000,?,0040120F), ref: 0040322C
                                                                            • cvReleaseImage.CXCORE099(-00000008,?,00000000,?,0040120F), ref: 0040323D
                                                                            • cvReleaseImage.CXCORE099(?,?,00000000,?,0040120F), ref: 00403253
                                                                            • cvReleaseImage.CXCORE099(00000000,?,00000000,?,0040120F), ref: 00403265
                                                                            • cvReleaseImage.CXCORE099(?,?,00000000,?,0040120F), ref: 00403276
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Image$Release$Create
                                                                            • String ID:
                                                                            • API String ID: 810653722-0
                                                                            • Opcode ID: 1d98beb3a53aab4c12813adeeefc3e19331db0e6fab2847f039cf9fe8a11b982
                                                                            • Instruction ID: 1a79d18011980f8bb9dda7d5d5bd7389d244d0d6aefedc31b6f3b3b2419f781a
                                                                            • Opcode Fuzzy Hash: 1d98beb3a53aab4c12813adeeefc3e19331db0e6fab2847f039cf9fe8a11b982
                                                                            • Instruction Fuzzy Hash: 0031FAB5901202ABEB109E24DC45B57BB9CFF55302F08447AE904A33C1F379FA59C6A6
                                                                            Function 004887A0 Relevance: 13.6, APIs: 9, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z.MSVCP80(00000000,A7504B2B,A7504B2B,?,?,00488794,A7504B2B,0049A100,0049A100), ref: 004887D9
                                                                            • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(A7504B2B,?,?,00488794,A7504B2B,0049A100,0049A100), ref: 004887E7
                                                                            • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,00488794,A7504B2B,0049A100,0049A100), ref: 004887F5
                                                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(?,00488794,A7504B2B,0049A100,0049A100), ref: 00488800
                                                                            • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,?,00488794,A7504B2B,0049A100,0049A100), ref: 00488819
                                                                            • ?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z.MSVCP80(?,00000000,?,?,00488794,A7504B2B,0049A100,0049A100), ref: 0048882E
                                                                            • ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z.MSVCP80(?,?,?,00488794,A7504B2B,0049A100,0049A100), ref: 0048884B
                                                                            • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP80(?,?,00488794,A7504B2B,0049A100,0049A100), ref: 0048885B
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$Myptr@?$basic_string@_$V12@$??1?$basic_string@_??4?$basic_string@_?erase@?$basic_string@_?size@?$basic_string@?substr@?$basic_string@_D@2@@std@@D@std@@U?$char_traits@V01@V01@@V?$allocator@
                                                                            • String ID:
                                                                            • API String ID: 731949045-0
                                                                            • Opcode ID: 2f69720e727eced4ed2275371a078fe7476b196afe62a487cd70bae6314d5383
                                                                            • Instruction ID: 4406f9edcf3e418624fedf0353d0674b6ffa21746b1b988d8d39eeb2d4d24482
                                                                            • Opcode Fuzzy Hash: 2f69720e727eced4ed2275371a078fe7476b196afe62a487cd70bae6314d5383
                                                                            • Instruction Fuzzy Hash: 5C314D31900108EFDB04EF59E898A9DBBB6FB98350F40C52AF91A973A0DB30A944DF54
                                                                            Function 00B91670 Relevance: 13.6, APIs: 9, Instructions: 68windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • IsWindow.USER32(?), ref: 00B91694
                                                                            • SendMessageA.USER32(?,00000405,00000000,00000000), ref: 00B916AB
                                                                            • IsWindow.USER32(?), ref: 00B916B1
                                                                            • SendMessageA.USER32(?,0000040B,00000000,00000000), ref: 00B916C2
                                                                            • DestroyWindow.USER32(?), ref: 00B916C8
                                                                            • cvReleaseImage.CXCORE099(?), ref: 00B916D2
                                                                            • ICSendMessage.MSVFW32(?,0000400E,00000000,00000000), ref: 00B916E9
                                                                            • ICClose.MSVFW32(?,?,0000400E,00000000,00000000), ref: 00B916F2
                                                                            • memset.MSVCR80 ref: 00B9170C
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSendWindow$CloseDestroyImageReleasememset
                                                                            • String ID:
                                                                            • API String ID: 1564840505-0
                                                                            • Opcode ID: 2a5ef0d4c19fa3de5306b8dbbf3865baaf24de368cd65d88d14ca28acda11bac
                                                                            • Instruction ID: 1909fc058303757930d00f4c8e5f4a0d9d7ff2b49f8fbd10a706caf1849c0ebd
                                                                            • Opcode Fuzzy Hash: 2a5ef0d4c19fa3de5306b8dbbf3865baaf24de368cd65d88d14ca28acda11bac
                                                                            • Instruction Fuzzy Hash: 3E11A7B2510709ABC660AFAADE80D27F7ECFF453447865C5DF28697A40D775F8008B64
                                                                            Function 004B14B0 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 372COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                              • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                            • _Smanip.LIBCPMTD ref: 004B152C
                                                                              • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: clock$AllocatorDebugHeapSmanip
                                                                            • String ID: CGraphMgr::AdjustCameraResolution (size=%dx%d)$vids
                                                                            • API String ID: 3240802707-243107872
                                                                            • Opcode ID: 0b9f26486d5ca748ff65b87eaf69692d820365cf5d3d260ad1582382175653d3
                                                                            • Instruction ID: a989dfa4e85d0b56287cfe2e867778c486b3f31bfd173d30f9afd811cc483807
                                                                            • Opcode Fuzzy Hash: 0b9f26486d5ca748ff65b87eaf69692d820365cf5d3d260ad1582382175653d3
                                                                            • Instruction Fuzzy Hash: D7021671900218DFCB14DF69C991BEEBBB0BF48304F50819EE519A7291DB34AE85CFA5
                                                                            Function 00BD3E90 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 213COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00BCC870: GlobalAlloc.KERNEL32(00000000,00000000,00BCFB2A,00BD084E,?,?,?,00BD084E,?,?,00000000,?), ref: 00BCC877
                                                                            • _ftol.MSVCR80 ref: 00BD3F28
                                                                            Strings
                                                                            • No space to write array, xrefs: 00BD3EDA
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocGlobal_ftol
                                                                            • String ID: No space to write array
                                                                            • API String ID: 2648542381-3993372183
                                                                            • Opcode ID: 02e20b7db01dde699250921756fb672ec61aee7716ee1c8a6df549f7c031d632
                                                                            • Instruction ID: 1adef382cae1a469826a7e186b702409b0c54b09c59a922bd615c14c886bfeb2
                                                                            • Opcode Fuzzy Hash: 02e20b7db01dde699250921756fb672ec61aee7716ee1c8a6df549f7c031d632
                                                                            • Instruction Fuzzy Hash: D56188B690420A9BC710DF14D8819ABFBE8EF84744B1049AAF9558B302E731DE19C7A2
                                                                            Function 004C9210 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 169COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                              • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                            • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,A7504B2B), ref: 004C928B
                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,A7504B2B), ref: 004C93D8
                                                                            • cvReleaseImage.CXCORE099(00000000,?,?,?,?,A7504B2B), ref: 004C93E8
                                                                            Strings
                                                                            • CManyCamModel::GetPosterFrame, xrefs: 004C923F
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorCloseCreateDebugEventHandleHeapImageReleaseclock
                                                                            • String ID: CManyCamModel::GetPosterFrame
                                                                            • API String ID: 3295495820-604892226
                                                                            • Opcode ID: 0fb0d1f75a3f7064816a10a7a659a458f82e48bfb0f7d40fede8694d07b98b13
                                                                            • Instruction ID: b7f4d3075c697768d86108b177f770b28cc6e89c2576a85e707f138266713341
                                                                            • Opcode Fuzzy Hash: 0fb0d1f75a3f7064816a10a7a659a458f82e48bfb0f7d40fede8694d07b98b13
                                                                            • Instruction Fuzzy Hash: 81717C70D01208DFDB04EFE4C895BEEBBB4BF58304F20815DE505AB291DB786A45CBA5
                                                                            Function 00BC0470 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 129COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            • white_x=%ld, white_y=%ld, xrefs: 00BC0603
                                                                            • Invalid cHRM fixed red point specified, xrefs: 00BC05D5
                                                                            • Invalid fixed cHRM white point specified, xrefs: 00BC05ED
                                                                            • Invalid fixed cHRM green point specified, xrefs: 00BC05BD
                                                                            • cHRM, xrefs: 00BC058D
                                                                            • Invalid fixed cHRM blue point specified, xrefs: 00BC05A5
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: fprintf
                                                                            • String ID: Invalid cHRM fixed red point specified$Invalid fixed cHRM blue point specified$Invalid fixed cHRM green point specified$Invalid fixed cHRM white point specified$cHRM$white_x=%ld, white_y=%ld
                                                                            • API String ID: 383729395-227365660
                                                                            • Opcode ID: 0ed41b6e6431507a4e27ebf79107804d8d955561da7f346b226353e069c8ea1c
                                                                            • Instruction ID: 0045818ceeb1c00dd3489e2e4fd9636036bb792fc20d7f29a7ae39a9a6eff320
                                                                            • Opcode Fuzzy Hash: 0ed41b6e6431507a4e27ebf79107804d8d955561da7f346b226353e069c8ea1c
                                                                            • Instruction Fuzzy Hash: F3419276500311AFD218E769CCC5CFF73E8EFD4714B84489DF55853211E7A4EA8987A2
                                                                            Function 0050E6A0 Relevance: 12.4, APIs: 8, Instructions: 361memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeapmemset
                                                                            • String ID:
                                                                            • API String ID: 622753528-0
                                                                            • Opcode ID: 2c09cb3bd4d98cd5ac2316cddb9aa19e67c7f66a0578b6bf1a6e020fd8d26f0b
                                                                            • Instruction ID: 15c03739bf2cff661cf5d104c6130bcee5a7d3e6e4c58e74d1621743953f5b5e
                                                                            • Opcode Fuzzy Hash: 2c09cb3bd4d98cd5ac2316cddb9aa19e67c7f66a0578b6bf1a6e020fd8d26f0b
                                                                            • Instruction Fuzzy Hash: 81F17A719022199BDB28EB10CD9ABEEBBB4BF54304F1085E9E40A671D1DB745F88CF91
                                                                            Function 004CB0F0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 97memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                              • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA07
                                                                              • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA16
                                                                              • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA37
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap
                                                                            • String ID: |LV$ZP
                                                                            • API String ID: 571936431-1538846667
                                                                            • Opcode ID: 8217c67bd42f6a567db927a5321e70c2cba3473b1a658e23f040ac260a6cc460
                                                                            • Instruction ID: 978cc442b74b90625ce9c3af39009df7ee77075ce9d9cefa9296828956acecd6
                                                                            • Opcode Fuzzy Hash: 8217c67bd42f6a567db927a5321e70c2cba3473b1a658e23f040ac260a6cc460
                                                                            • Instruction Fuzzy Hash: 27410AB1D05248EFCB04DFA8D991BDEBBF5BB48304F10815EF815A7281D778AA04CBA5
                                                                            Function 00B9ABC0 Relevance: 12.3, APIs: 8, Instructions: 333COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ??2@$_setjmp3
                                                                            • String ID:
                                                                            • API String ID: 4193736177-0
                                                                            • Opcode ID: 662877c835ea13579dd87d4aa4e53fef54bb3453f1de8e9738431b40fb1c83e2
                                                                            • Instruction ID: ec14f28ca0e53537a96649e5057697d7110628552f5b4c70965d252dbe46c01f
                                                                            • Opcode Fuzzy Hash: 662877c835ea13579dd87d4aa4e53fef54bb3453f1de8e9738431b40fb1c83e2
                                                                            • Instruction Fuzzy Hash: 98D16CB19006489FDF34DF24CC95BEA77E9EB44304F2485A9F86AC7252E731E944CB92
                                                                            Function 004825C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75librarywindowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • LoadCursorW.USER32(00000000,00007F89), ref: 00482602
                                                                            • GetWindowsDirectoryW.KERNEL32(00000000,00000104,00000104,?,0049A100,A7504B2B,?), ref: 00482644
                                                                            • LoadLibraryW.KERNEL32(00000000,\winhlp32.exe,000000FF,?,0049A100,A7504B2B,?), ref: 0048266A
                                                                            • LoadCursorW.USER32(00000000,0000006A), ref: 0048267F
                                                                            • CopyIcon.USER32(?), ref: 00482692
                                                                            • FreeLibrary.KERNEL32(00000000), ref: 004826A5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Load$CursorLibrary$CopyDirectoryFreeIconWindows
                                                                            • String ID: \winhlp32.exe
                                                                            • API String ID: 501009500-695620452
                                                                            • Opcode ID: 72d25b9e93f0e45ffb332d077584a673b3d5e48780a8d95c32651a89c6593934
                                                                            • Instruction ID: ec6d5bdbcb5f979a409084d156352cb5eef125df936233655878cf5ad0338882
                                                                            • Opcode Fuzzy Hash: 72d25b9e93f0e45ffb332d077584a673b3d5e48780a8d95c32651a89c6593934
                                                                            • Instruction Fuzzy Hash: 0D313A71D00208AFDB04EFA4E959BEDBBB5FB18314F50462AF916A72D0DB786948CB14
                                                                            Function 00BBB610 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • fprintf.MSVCR80 ref: 00BBB663
                                                                            • fprintf.MSVCR80 ref: 00BBB67F
                                                                            • fprintf.MSVCR80 ref: 00BBB699
                                                                            • longjmp.MSVCR80(?,00000001,?,?,?,?,?,?,?,?,?,?,Out of Memory!,?), ref: 00BBB6A9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: fprintf$longjmp
                                                                            • String ID: libpng error no. %s: %s$libpng error: %s$libpng error: %s, offset=%d
                                                                            • API String ID: 1832846611-3377054135
                                                                            • Opcode ID: 2ae5dd0ecbcd9f625efd407bae6acdcb4fb456af72f1dfed077c9679a44e4f43
                                                                            • Instruction ID: 3ceed0b60085dbd90365fa9dd589c8feee5bbf97364b525c6c46c34fcefa1faf
                                                                            • Opcode Fuzzy Hash: 2ae5dd0ecbcd9f625efd407bae6acdcb4fb456af72f1dfed077c9679a44e4f43
                                                                            • Instruction Fuzzy Hash: AA11E9715042416BD3105B28DC69EFAFFE9DB82304F14458AF4C7E72A2EBA5DC45C751
                                                                            Function 00BAF220 Relevance: 12.3, APIs: 8, Instructions: 298COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: _ftol
                                                                            • String ID:
                                                                            • API String ID: 2545261903-0
                                                                            • Opcode ID: afb9fd2aacef2182512d4a46a1022e743f076861730f62f5dcfdfff6946049f5
                                                                            • Instruction ID: 45835c6ee1bf213e8ac0e5e0b579ca5887898eda4bbb95f4fa53e1b71c89dd4c
                                                                            • Opcode Fuzzy Hash: afb9fd2aacef2182512d4a46a1022e743f076861730f62f5dcfdfff6946049f5
                                                                            • Instruction Fuzzy Hash: F3D13872909342DFD3029F21D48925ABFB0FFD5344FA64A99E0D56626AE330C578CF86
                                                                            Function 004042F0 Relevance: 12.1, APIs: 8, Instructions: 101COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvCopy.CXCORE099(?,?,00000000,?,?,?,FFFFFFFE,?,?,?,?,00401620), ref: 00404309
                                                                            • cvInvert.CXCORE099(?,?,00000000,?,?,FFFFFFFE,?,?,?,?,00401620), ref: 00404321
                                                                            • cvGEMM.CXCORE099(?,?,?,?,?,00000000,?,?,?,?,?,FFFFFFFE), ref: 0040436B
                                                                              • Part of subcall function 00403550: cvResetImageROI.CXCORE099(?,?,FFFFFFFE), ref: 004035F7
                                                                              • Part of subcall function 00403550: cvResetImageROI.CXCORE099(?,FFFFFFFE), ref: 00403603
                                                                              • Part of subcall function 00403550: cvResetImageROI.CXCORE099(?,?,FFFFFFFE), ref: 0040360F
                                                                              • Part of subcall function 00403550: cvSet.CXCORE099(?), ref: 00403636
                                                                              • Part of subcall function 00403550: cvSet.CXCORE099(?), ref: 0040365D
                                                                            • cvSetImageROI.CXCORE099(?), ref: 004043B7
                                                                            • cvSetImageROI.CXCORE099(?), ref: 004043D9
                                                                            • cvCopy.CXCORE099(?,?,00000000), ref: 004043E5
                                                                            • cvResetImageROI.CXCORE099(?), ref: 004043EE
                                                                            • cvResetImageROI.CXCORE099(?), ref: 004043F7
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Image$Reset$Copy$Invert
                                                                            • String ID:
                                                                            • API String ID: 2642547888-0
                                                                            • Opcode ID: e93eb0512fcc8a041c5aa665e6f27bd66d5727e802e950380074bd07c4e28349
                                                                            • Instruction ID: 4832167a604e7eee410914a1b349f3b52c2c1ab0660e6587da0ebae9eec7833f
                                                                            • Opcode Fuzzy Hash: e93eb0512fcc8a041c5aa665e6f27bd66d5727e802e950380074bd07c4e28349
                                                                            • Instruction Fuzzy Hash: 5B3153F4A007009FC314EF14D886F57BBE4AF89710F04896DE98A57381D635E9158BA6
                                                                            Function 004012F0 Relevance: 12.1, APIs: 8, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000118,?), ref: 00402ED9
                                                                              • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000114), ref: 00402EEB
                                                                              • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(0000011C), ref: 00402EFD
                                                                              • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000120), ref: 00402F0F
                                                                              • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000124), ref: 00402F21
                                                                              • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000128), ref: 00402F33
                                                                              • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(0000012C), ref: 00402F45
                                                                              • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000130), ref: 00402F57
                                                                              • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000134), ref: 00402F69
                                                                              • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000100), ref: 00402F77
                                                                              • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000104), ref: 00402F89
                                                                              • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000110), ref: 00402F9B
                                                                              • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000108), ref: 00402FAD
                                                                              • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(0000010C), ref: 00402FBF
                                                                              • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000138), ref: 00402FD1
                                                                              • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(0000013C), ref: 00402FE3
                                                                            • cvReleaseImage.CXCORE099(?,?,?,004012A0,?), ref: 00401313
                                                                            • cvReleaseImage.CXCORE099(00000000,?,?,004012A0,?), ref: 00401325
                                                                            • cvReleaseImage.CXCORE099(00000000,?,?,004012A0,?), ref: 00401337
                                                                            • cvReleaseImage.CXCORE099(-000000A8,?,?,004012A0,?), ref: 00401347
                                                                            • cvReleaseImage.CXCORE099(?,-000000A8,?,?,004012A0,?), ref: 00401355
                                                                            • cvReleaseMat.CXCORE099(00000000,004012A0,?), ref: 0040136E
                                                                            • cvReleaseImage.CXCORE099(?,004012A0,?), ref: 0040137C
                                                                            • ??3@YAXPAX@Z.MSVCR80(?,004012A0,?), ref: 00401387
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Release$Image$??3@
                                                                            • String ID:
                                                                            • API String ID: 4199280203-0
                                                                            • Opcode ID: ce4da6eb0e3a7f94bb66be05ad3657c3e2c6a0438bd0ebaefe0091d5ba8a80e6
                                                                            • Instruction ID: 9a6bf2f685f8ffb5b2492dd8c0792c90c05741bbbc79e9eb21885bcc9159b9e2
                                                                            • Opcode Fuzzy Hash: ce4da6eb0e3a7f94bb66be05ad3657c3e2c6a0438bd0ebaefe0091d5ba8a80e6
                                                                            • Instruction Fuzzy Hash: 8F11E9F580021297FB20AB14E84AB5BB7A8EF41700F58443AE845636D0F73DF9A5C797
                                                                            Function 004C27C0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 336COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,A7504B2B,?,?,00000000,00534159,000000FF,?,004C2664,?,00000001,00000000,004BCB55,00000001,00000000,00000000), ref: 004C2804
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 004C2818
                                                                            • _CxxThrowException.MSVCR80(d&L,0057CBF8), ref: 004C2826
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(d&L,0057CBF8,?,?,?,00000000,00534159,000000FF,?,004C2664,?,00000001,00000000,004BCB55,00000001,00000000), ref: 004C2835
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: d&L$map/set<T> too long
                                                                            • API String ID: 3248949544-2396053701
                                                                            • Opcode ID: 9e2109b489b36a333a9366bcbadb2707d019cd34c0dca1b399f2e05f1bc863c7
                                                                            • Instruction ID: 0421590c6fc88a653ea049570befb3043dc480636a3316981a528d684021d55e
                                                                            • Opcode Fuzzy Hash: 9e2109b489b36a333a9366bcbadb2707d019cd34c0dca1b399f2e05f1bc863c7
                                                                            • Instruction Fuzzy Hash: 8DD11B74A002459FCB04FFA9C991EAF7776AF89304B20456EF4159B356CB78AC05CBB8
                                                                            Function 004D4D80 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 336COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,A7504B2B,?,?,00000000,00535759,000000FF,?,004D4C24,?,00000001,00000000,?,00000001,00000000,00000000), ref: 004D4DC4
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 004D4DD8
                                                                            • _CxxThrowException.MSVCR80($LM,0057CBF8), ref: 004D4DE6
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80($LM,0057CBF8,?,?,?,00000000,00535759,000000FF,?,004D4C24,?,00000001,00000000,?,00000001,00000000), ref: 004D4DF5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: $LM$map/set<T> too long
                                                                            • API String ID: 3248949544-3238143215
                                                                            • Opcode ID: b3a5ef0cd3d0604de93e7cfc4f998ecbca4839092f53841d330d18dc272e40e7
                                                                            • Instruction ID: a07927191520cae1e6be455f76438f534ad6819f987c116f95f500b89d554bea
                                                                            • Opcode Fuzzy Hash: b3a5ef0cd3d0604de93e7cfc4f998ecbca4839092f53841d330d18dc272e40e7
                                                                            • Instruction Fuzzy Hash: A9D10B71A142159FCB04EFE5E8A1E6F7776AFC9304B50455FF0129B359DA38AC02CBA8
                                                                            Function 004AAB20 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 256COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                              • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                            • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 004AAC1D
                                                                            • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 004AAC4F
                                                                              • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                            Strings
                                                                            • Inserting effect %s to stack at position %d., xrefs: 004AACE1
                                                                            • CVideoProcessor::InsertEffectToStack, xrefs: 004AAB4B
                                                                            • Inserting effect %s\%s\%s to stack at position %d., xrefs: 004AAC73
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: clock$AllocatorBase::Concurrency::details::Concurrency::task_options::get_schedulerDebugHeapPolicyScheduler
                                                                            • String ID: CVideoProcessor::InsertEffectToStack$Inserting effect %s to stack at position %d.$Inserting effect %s\%s\%s to stack at position %d.
                                                                            • API String ID: 1896687067-3121683814
                                                                            • Opcode ID: 2f379fbdc71ef8fe106dd6932f9e4df42c7bfac42d585d9b32fea62b007a0ea8
                                                                            • Instruction ID: 105fcc333d0e6ff14583993c1dd746094cb4f3fab98b4d368d8a839d86cc259d
                                                                            • Opcode Fuzzy Hash: 2f379fbdc71ef8fe106dd6932f9e4df42c7bfac42d585d9b32fea62b007a0ea8
                                                                            • Instruction Fuzzy Hash: 56B12B70900208EFCB14DFA8C891BDEBBB5BF59314F10825EE419AB391DB74AE45CB95
                                                                            Function 00B9B0A0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 201COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: sprintf$??2@
                                                                            • String ID: %4d$P%c%d %d255
                                                                            • API String ID: 4280736075-1612107885
                                                                            • Opcode ID: 717b4f879f489a06cce3eedcd6c5f624da0432e249c714acf67fedf5a8425281
                                                                            • Instruction ID: 52aafc5a6815b4ee309980448047afe73af146c58305f0352dd99719570430ee
                                                                            • Opcode Fuzzy Hash: 717b4f879f489a06cce3eedcd6c5f624da0432e249c714acf67fedf5a8425281
                                                                            • Instruction Fuzzy Hash: E061F7725083554BCB00DF28E990A6BBBD1FFD5308F1946ADE895AB302D735EE05C792
                                                                            Function 004F6860 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 180memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004F68AB
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004F68DB
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004F6903
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004F692B
                                                                              • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                              • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                              • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                              • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                              • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                            • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,000000FF,?,?,?,?,?,?,?,?,?,00000000,?,00000001,A7504B2B), ref: 004F696D
                                                                              • Part of subcall function 004CB5F0: SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004CB626
                                                                              • Part of subcall function 004CB5F0: _wmkdir.MSVCR80 ref: 004CB633
                                                                              • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                              • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                              • Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                            Strings
                                                                            • \ManyCam\BackgroundEffect, xrefs: 004F69A8
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$FileFindFirstFolderImage@@PathSpecial_wmkdir
                                                                            • String ID: \ManyCam\BackgroundEffect
                                                                            • API String ID: 711174743-980167294
                                                                            • Opcode ID: be2178804a92c928cd2aed66c8cbe30649dd095b03b0f11a4b1ac172dfbbafa9
                                                                            • Instruction ID: 1d1004133df218b0561d43129003d36592f772ef424460559cb02d2d1cb950c8
                                                                            • Opcode Fuzzy Hash: be2178804a92c928cd2aed66c8cbe30649dd095b03b0f11a4b1ac172dfbbafa9
                                                                            • Instruction Fuzzy Hash: 5E8189B0901258DEDB14EF64DC41BDEBBB6AB94308F0081DEE449A3281DB795B98CF95
                                                                            Function 00B9A491 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 145fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _setjmp3.MSVCR80 ref: 00B9A4F0
                                                                            • fopen.MSVCR80 ref: 00B9A50C
                                                                            • ??2@YAPAXI@Z.MSVCR80(00000000,?,?,?,?,?,?,?,00000008,00000000,00000000,00000000,00000000), ref: 00B9A59B
                                                                            • fclose.MSVCR80 ref: 00B9A5FB
                                                                            • ??3@YAXPAX@Z.MSVCR80(00000000), ref: 00B9A605
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ??2@??3@_setjmp3fclosefopen
                                                                            • String ID: 1.2.8
                                                                            • API String ID: 1448151454-509886058
                                                                            • Opcode ID: 58655c9e129085ec41108ee9c6a20397193b7464521d98872fe8addf944e97ac
                                                                            • Instruction ID: 5e8c62ec32e2cbc2179d1d4e82f67f57668a9c073fa53d55ef0db67275c8cae7
                                                                            • Opcode Fuzzy Hash: 58655c9e129085ec41108ee9c6a20397193b7464521d98872fe8addf944e97ac
                                                                            • Instruction Fuzzy Hash: 7B4151B5E002487BCF10ABA58C86DEFBBBCEB95310F1444A9F905A7301EA75DA50C7A1
                                                                            Function 00B9A4A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 143fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _setjmp3.MSVCR80 ref: 00B9A4F0
                                                                            • fopen.MSVCR80 ref: 00B9A50C
                                                                            • ??2@YAPAXI@Z.MSVCR80(00000000,?,?,?,?,?,?,?,00000008,00000000,00000000,00000000,00000000), ref: 00B9A59B
                                                                            • fclose.MSVCR80 ref: 00B9A5FB
                                                                            • ??3@YAXPAX@Z.MSVCR80(00000000), ref: 00B9A605
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ??2@??3@_setjmp3fclosefopen
                                                                            • String ID: 1.2.8
                                                                            • API String ID: 1448151454-509886058
                                                                            • Opcode ID: a54194875eba67d9e458d1066f34c32be45fd3867720cafb0e9453c1875fb9f9
                                                                            • Instruction ID: 8ac282a5aacb311b734be9b421d1c3a63f229bce3a11cc1f981abae15370a703
                                                                            • Opcode Fuzzy Hash: a54194875eba67d9e458d1066f34c32be45fd3867720cafb0e9453c1875fb9f9
                                                                            • Instruction Fuzzy Hash: 204162B5E002497BCF149BA58C86DFFBBB8EB95300F1444A9F905E3301EA75DA40C7A1
                                                                            Function 00513CB0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 140COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00513D55
                                                                            • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00513D92
                                                                            • cvCreateImage.CXCORE099(?,?,00000008,00000004), ref: 00513E4E
                                                                            • cvResize.CV099(00000000,00000000,00000001), ref: 00513E63
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Base::Concurrency::details::Concurrency::task_options::get_schedulerCreateImagePolicyResizeScheduler
                                                                            • String ID: Avatars$Objects
                                                                            • API String ID: 2992923878-1969768225
                                                                            • Opcode ID: 88d80d9e5b1925a2c6919934a6c20aa7d629ba449a3cc0373393a8c87a9d5497
                                                                            • Instruction ID: 11ef104c15373c8e9f941a2410d1520fa6931b44404b7003273920e72e9da790
                                                                            • Opcode Fuzzy Hash: 88d80d9e5b1925a2c6919934a6c20aa7d629ba449a3cc0373393a8c87a9d5497
                                                                            • Instruction Fuzzy Hash: 385189B1D00209DBDF04DFA5E8A66EEBFB5FF48300F10816AE455BB294DB355A58CB81
                                                                            Function 00405430 Relevance: 10.6, APIs: 7, Instructions: 129COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: IcosIsin
                                                                            • String ID:
                                                                            • API String ID: 14690888-0
                                                                            • Opcode ID: 276f5b0b340e471206aa856c43127869a290fb93fcdf002dd0d7d5e66133fcaa
                                                                            • Instruction ID: f55afc7f36c79dbe8a91edad75af3db0966c0985aa664003f4d56b1ff0a10eb2
                                                                            • Opcode Fuzzy Hash: 276f5b0b340e471206aa856c43127869a290fb93fcdf002dd0d7d5e66133fcaa
                                                                            • Instruction Fuzzy Hash: A351AF34609602DFC324DF14E68982ABBB0FF84700B918D88E4E5676A9D731E879CA56
                                                                            Function 004A93F0 Relevance: 10.6, APIs: 7, Instructions: 118memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004A945B
                                                                              • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                              • Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                            • wcscmp.MSVCR80 ref: 004A948B
                                                                            • wcscmp.MSVCR80 ref: 004A94A4
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004A94F6
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004A9508
                                                                            • wcslen.MSVCR80 ref: 004A9514
                                                                            • wcslen.MSVCR80 ref: 004A957A
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$wcscmpwcslen$FileFindFirst
                                                                            • String ID:
                                                                            • API String ID: 1577558999-0
                                                                            • Opcode ID: 0cb7d27af655883c31428af5e0bb9fad3cc48976a5dbef61661fdd01497b3954
                                                                            • Instruction ID: f16ea4ad88e480f90c3d3a557b52af9eaab9dd6428fdd0c1f69d551c8bda1375
                                                                            • Opcode Fuzzy Hash: 0cb7d27af655883c31428af5e0bb9fad3cc48976a5dbef61661fdd01497b3954
                                                                            • Instruction Fuzzy Hash: 5E5120B19041189BCB24EB65DD91BEDB774BF14308F0085EE960A62281EF34AF88CF5C
                                                                            Function 00B94AD0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 100registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegOpenKeyExA.ADVAPI32(80000001,?,00000000,00000001,?,100B0000), ref: 00B94B50
                                                                            • RegQueryValueExA.ADVAPI32(?,?,?,?,?,Left,00000000,?,?,?), ref: 00B94B8C
                                                                            • RegQueryValueExA.ADVAPI32(?,Top,00000000,?,?,?,?,?,?,?,?,Left,00000000,?,?,?), ref: 00B94BA9
                                                                            • RegCloseKey.ADVAPI32(?,?,?,?,?,?,Left,00000000,?,?,?), ref: 00B94BEF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: QueryValue$CloseOpen
                                                                            • String ID: Left$Top
                                                                            • API String ID: 1586453840-3873733008
                                                                            • Opcode ID: 3b26b932dab8921c743f2ad06d4754258250316ca5855a7a964d0617cbbdc234
                                                                            • Instruction ID: dc8cb443beed96370610917b6757ff24bee588cae2ed5a6b46e61a73a7a92cfe
                                                                            • Opcode Fuzzy Hash: 3b26b932dab8921c743f2ad06d4754258250316ca5855a7a964d0617cbbdc234
                                                                            • Instruction Fuzzy Hash: 52318071108301ABD714CF28D9A1B9BBBE9EBC8704F108A6EF585C7290D770D949CB92
                                                                            Function 00BB10C0 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 76COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            • Application is running with png.c from libpng-%.20s, xrefs: 00BB1120
                                                                            • The png struct allocated by the application for reading is too small., xrefs: 00BB1148
                                                                            • Application was compiled with png.h from libpng-%.20s, xrefs: 00BB10FD
                                                                            • 1.2.8, xrefs: 00BB1117
                                                                            • The info struct allocated by application for reading is too small., xrefs: 00BB1174
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: sprintf
                                                                            • String ID: 1.2.8$Application is running with png.c from libpng-%.20s$Application was compiled with png.h from libpng-%.20s$The info struct allocated by application for reading is too small.$The png struct allocated by the application for reading is too small.
                                                                            • API String ID: 590974362-206690659
                                                                            • Opcode ID: 9a5021fbd38b1344e13a01aebb51c2536a0cf90b6cce9addcbdf851f5119147f
                                                                            • Instruction ID: 1e15c76ac68aa7b9891b97c3ea374e3ba842014aaad657a198c5e21c5d47ac29
                                                                            • Opcode Fuzzy Hash: 9a5021fbd38b1344e13a01aebb51c2536a0cf90b6cce9addcbdf851f5119147f
                                                                            • Instruction Fuzzy Hash: 4B21ACB29483005BD200EB59DC91CBBF7E9FFD4704F400989F68057362EAB2E845CBA2
                                                                            Function 00BB8E70 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 76COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            • Application is running with png.c from libpng-%.20s, xrefs: 00BB8ED0
                                                                            • Application was compiled with png.h from libpng-%.20s, xrefs: 00BB8EAD
                                                                            • The info struct allocated by the application for writing is too small., xrefs: 00BB8F24
                                                                            • 1.2.8, xrefs: 00BB8EC7
                                                                            • The png struct allocated by the application for writing is too small., xrefs: 00BB8EF8
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: sprintf
                                                                            • String ID: 1.2.8$Application is running with png.c from libpng-%.20s$Application was compiled with png.h from libpng-%.20s$The info struct allocated by the application for writing is too small.$The png struct allocated by the application for writing is too small.
                                                                            • API String ID: 590974362-2898919677
                                                                            • Opcode ID: e19127e34bf6f9d1a6e545a52261fe2387f5eb3ea9e6651e3e4e9296bebf1af4
                                                                            • Instruction ID: 5b5c4d46d9bd47317aa0d1fd66d6bd948a4b9fc6eb3d0d5d4002f2cfc16a9369
                                                                            • Opcode Fuzzy Hash: e19127e34bf6f9d1a6e545a52261fe2387f5eb3ea9e6651e3e4e9296bebf1af4
                                                                            • Instruction Fuzzy Hash: 2E218CB29443049BD610EB59DC81CBBF7EDBFE8704F000999F54457362EAB5E845CBA2
                                                                            Function 00BCD410 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 57COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: fprintf
                                                                            • String ID: %s: $FALSE$TRUE$field[%2d] %5lu, %2d, %2d, %d, %2d, %5s, %5s, %s
                                                                            • API String ID: 383729395-878487725
                                                                            • Opcode ID: dc60fba129f866763bb32e2792318939ec962e69feea231afe1184dc0b62955a
                                                                            • Instruction ID: ac5eb207fe338860870bf9b4cf519eafb3fcc3ff39cd2c49f64dd14b4ea06737
                                                                            • Opcode Fuzzy Hash: dc60fba129f866763bb32e2792318939ec962e69feea231afe1184dc0b62955a
                                                                            • Instruction Fuzzy Hash: 221161762002516BC308CF56EC98E77FBE9EF89711B15C1A9FA499B322D730E815C7A0
                                                                            Function 00B954B0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 41COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvError.CXCORE099(000000E5,cvMoveWindow,NULL name,.\window_w32.cpp,000002D0), ref: 00B954D2
                                                                            • GetWindowRect.USER32(?,?), ref: 00B954F3
                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00B9551B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ErrorMoveRect
                                                                            • String ID: .\window_w32.cpp$NULL name$cvMoveWindow
                                                                            • API String ID: 3407777569-1568378838
                                                                            • Opcode ID: 740b9336a07af99edbbca72eeaf4f8f02fdfe36256ac5dba6640bbdb01d8c30d
                                                                            • Instruction ID: 59b8f1d3e25cd672b5000b9386e42bfd3d5efba7d4f554678bf85c74ca06a3a8
                                                                            • Opcode Fuzzy Hash: 740b9336a07af99edbbca72eeaf4f8f02fdfe36256ac5dba6640bbdb01d8c30d
                                                                            • Instruction Fuzzy Hash: B0F0D6715447116FCA20EF1CCC81D6BB3E8EB84B10F444A88F889A3255E630EC0487E2
                                                                            Function 004B5F10 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,A7504B2B,?,?,?,?,?,?,?,00000000,005337E9,000000FF,?,004B5503,004B1AE0), ref: 004B5F3D
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 004B5F51
                                                                            • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004B5F5F
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,005337E9,000000FF,?,004B5503,004B1AE0), ref: 004B5F6E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: CKK$vector<T> too long
                                                                            • API String ID: 3248949544-3216571628
                                                                            • Opcode ID: 3718fa35949eba5a82b900746a9376809f8905b55e5b69c6eb2af84f65c3591d
                                                                            • Instruction ID: c8d92b487c042dcc06c93ea087005db71d51a26c7136d47a4fad7ddcb25ee778
                                                                            • Opcode Fuzzy Hash: 3718fa35949eba5a82b900746a9376809f8905b55e5b69c6eb2af84f65c3591d
                                                                            • Instruction Fuzzy Hash: 47F0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0DB756A08CB54
                                                                            Function 00B94E60 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 33windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvError.CXCORE099(000000E5,cvDestroyWindow,NULL name string,.\window_w32.cpp,000001E4), ref: 00B94E7F
                                                                            • SendMessageA.USER32(?,00000010,00000000,00000000), ref: 00B94EA6
                                                                            • SendMessageA.USER32(?,00000010,00000000,00000000), ref: 00B94EAF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Error
                                                                            • String ID: .\window_w32.cpp$NULL name string$cvDestroyWindow
                                                                            • API String ID: 3527474480-1091922320
                                                                            • Opcode ID: 8bcf77553336b4f1facc1e8a90aef005a5fc13de9f349d68717f9a459b4dc0f9
                                                                            • Instruction ID: 75d87f5743071485838c0d113dd078c9337e154e321a2777237cd424d64c5256
                                                                            • Opcode Fuzzy Hash: 8bcf77553336b4f1facc1e8a90aef005a5fc13de9f349d68717f9a459b4dc0f9
                                                                            • Instruction Fuzzy Hash: CEE0657278432037DD207615BC02F9A57D89B84F10F1605E5F7407B2E2E6E0F84145A8
                                                                            Function 00B9B8E0 Relevance: 9.5, APIs: 6, Instructions: 462COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??2@YAPAXI@Z.MSVCR80(?), ref: 00B9B997
                                                                            • ??2@YAPAXI@Z.MSVCR80(?), ref: 00B9B9B1
                                                                            • _setjmp3.MSVCR80 ref: 00B9B9F8
                                                                            • memset.MSVCR80 ref: 00B9BB4F
                                                                            • ??3@YAXPAX@Z.MSVCR80(?), ref: 00B9BF0D
                                                                            • ??3@YAXPAX@Z.MSVCR80(?), ref: 00B9BF23
                                                                              • Part of subcall function 00B96CF0: memcpy.MSVCR80(?,?,?), ref: 00B96D3A
                                                                              • Part of subcall function 00B94200: memset.MSVCR80 ref: 00B94235
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ??2@??3@memset$_setjmp3memcpy
                                                                            • String ID:
                                                                            • API String ID: 2276023410-0
                                                                            • Opcode ID: c557f193fbb21fcb5aaf8077c8a2a024fb6f18c66aea99d5e41ee36c283db011
                                                                            • Instruction ID: 13d60f7c79c473cae942b4d1eee44d832442c59515560091cff7a666dd6b5ab3
                                                                            • Opcode Fuzzy Hash: c557f193fbb21fcb5aaf8077c8a2a024fb6f18c66aea99d5e41ee36c283db011
                                                                            • Instruction Fuzzy Hash: FB0239B1900609AFDF24DFA8E985FEEB7F9FF44304F148569E419A7241EB30A945CB60
                                                                            Function 00BD23F0 Relevance: 9.1, APIs: 6, Instructions: 138COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: _ftol
                                                                            • String ID:
                                                                            • API String ID: 2545261903-0
                                                                            • Opcode ID: baff1a2664fef83156a08e0b8aa338a55d51b8227e9f3c7981c76264f0bd77b5
                                                                            • Instruction ID: dbfaa8d66ab37705066815d8ce1021a4ed1dbd1f0eb798329183c6efa2d85629
                                                                            • Opcode Fuzzy Hash: baff1a2664fef83156a08e0b8aa338a55d51b8227e9f3c7981c76264f0bd77b5
                                                                            • Instruction Fuzzy Hash: 38515830600702CFC3159F21E66816AFBF4FF94794F52499EE1D792A68E730A8A5CF01
                                                                            Function 004E2290 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,A7504B2B,?,?,00000000,00536A39,000000FF,?,004E1A94,?,00000001,00000000,004E0575,00000001,00000000,00000000), ref: 004E22D4
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 004E22E8
                                                                            • _CxxThrowException.MSVCR80(004E1A94,0057CBF8), ref: 004E22F6
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004E1A94,0057CBF8,?,?,?,00000000,00536A39,000000FF,?,004E1A94,?,00000001,00000000,004E0575,00000001,00000000), ref: 004E2305
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: map/set<T> too long
                                                                            • API String ID: 3248949544-1285458680
                                                                            • Opcode ID: 037b1c6f34042e82ce7b50c5ae10a42ae7eaf65c3770f3036ce6bbe0d0c371b4
                                                                            • Instruction ID: eb3dced5db3925a888724237d041c26940005993663a78e11fc02054abcc7e87
                                                                            • Opcode Fuzzy Hash: 037b1c6f34042e82ce7b50c5ae10a42ae7eaf65c3770f3036ce6bbe0d0c371b4
                                                                            • Instruction Fuzzy Hash: E7D10F70A002C99FCB04EFAAC991D6F777ABF89345B10455EF4119F366CA78AC01DBA4
                                                                            Function 0048C8C0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,A7504B2B,?,?,?,00530F19,000000FF,?,0048A224,?,00000001,?,?,00000001,00000000,00000000), ref: 0048C904
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 0048C918
                                                                            • _CxxThrowException.MSVCR80(0048A224,0057CBF8), ref: 0048C926
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(0048A224,0057CBF8,?,?,?,00530F19,000000FF,?,0048A224,?,00000001,?,?,00000001,00000000,00000000), ref: 0048C935
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: map/set<T> too long
                                                                            • API String ID: 3248949544-1285458680
                                                                            • Opcode ID: 5d9bd5cfefa7126eaa9cce7f59cf12a6ec2056fb24f196b19c599b19faf1435e
                                                                            • Instruction ID: 781e3e5cdacf5d297dd74e0af013611e08a9c6e7430d9740113c692fd0013158
                                                                            • Opcode Fuzzy Hash: 5d9bd5cfefa7126eaa9cce7f59cf12a6ec2056fb24f196b19c599b19faf1435e
                                                                            • Instruction Fuzzy Hash: B0D1ED70A002499FCB04FFA5C891D6F7775EF8A708F20496EF6159B255CB38AD05CBA8
                                                                            Function 00474C80 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,A7504B2B,?,?,00000000,0052F989,000000FF,?,00474884,?,00000001,00000000,004A9763,00000001,00000000,00000000), ref: 00474CC4
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 00474CD8
                                                                            • _CxxThrowException.MSVCR80(00474884,0057CBF8), ref: 00474CE6
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(00474884,0057CBF8,?,?,?,00000000,0052F989,000000FF,?,00474884,?,00000001,00000000,004A9763,00000001,00000000), ref: 00474CF5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: map/set<T> too long
                                                                            • API String ID: 3248949544-1285458680
                                                                            • Opcode ID: fb5a5b0bfe5d7466eb37912541b6a1e1978402ae83b6b00b3775f69bc8b7d628
                                                                            • Instruction ID: 902e9eb1271cb93d2a72db74486b01d1d5c84e1b516abcfe74867b495f5f0d12
                                                                            • Opcode Fuzzy Hash: fb5a5b0bfe5d7466eb37912541b6a1e1978402ae83b6b00b3775f69bc8b7d628
                                                                            • Instruction Fuzzy Hash: 1ED1FB70A002099FCB04EFA5D891EEF7776AF89318B20855EF4159F295CB38AC51CBA5
                                                                            Function 0048CF10 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,A7504B2B,?,?,?,00530F49,000000FF,?,0048A514,?,00000001,?,?,00000001,00000000,00000000), ref: 0048CF54
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 0048CF68
                                                                            • _CxxThrowException.MSVCR80(0048A514,0057CBF8), ref: 0048CF76
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(0048A514,0057CBF8,?,?,?,00530F49,000000FF,?,0048A514,?,00000001,?,?,00000001,00000000,00000000), ref: 0048CF85
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: map/set<T> too long
                                                                            • API String ID: 3248949544-1285458680
                                                                            • Opcode ID: 6ffb65bce278b8fe47ce7c833305a1f3afc7f0cb37ed8eddf46bce9baa873d41
                                                                            • Instruction ID: 50f8718e498666fa4da98437a76d4638b1e2a723603710fac9882f3192207998
                                                                            • Opcode Fuzzy Hash: 6ffb65bce278b8fe47ce7c833305a1f3afc7f0cb37ed8eddf46bce9baa873d41
                                                                            • Instruction Fuzzy Hash: 1BD1AA70A002459FCB04FFA5D8D1EAF77B6BF89304B10495EF511AB396CA39A901CBE5
                                                                            Function 00411300 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,A7504B2B,?,?,00000000,00528E39,000000FF,?,004112C4,?,00000001,00000000,0040F3C5,00000001,00000000,00000000), ref: 00411344
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 00411358
                                                                            • _CxxThrowException.MSVCR80(004112C4,0057CBF8), ref: 00411366
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004112C4,0057CBF8,?,?,?,00000000,00528E39,000000FF,?,004112C4,?,00000001,00000000,0040F3C5,00000001,00000000), ref: 00411375
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: map/set<T> too long
                                                                            • API String ID: 3248949544-1285458680
                                                                            • Opcode ID: 42cbf8a29792d702c98aabde1d8b08b81332d8e2c8f3267b75d2f7efa1133912
                                                                            • Instruction ID: fc6447a121a983bb72d300740fc035bcb7914751d3a952c33331dda71f3fca67
                                                                            • Opcode Fuzzy Hash: 42cbf8a29792d702c98aabde1d8b08b81332d8e2c8f3267b75d2f7efa1133912
                                                                            • Instruction Fuzzy Hash: 4DD12D70A002099FCB04EFE5C991EEFB775AF89304B10455EF512AB365CA7CAD51CBA8
                                                                            Function 004C14E0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,A7504B2B,?,?,00000000,005340C9,000000FF,?,004C1384,?,00000001,00000000,004BAFA3,00000001,00000000,00000000), ref: 004C1524
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 004C1538
                                                                            • _CxxThrowException.MSVCR80(004C1384,0057CBF8), ref: 004C1546
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004C1384,0057CBF8,?,?,?,00000000,005340C9,000000FF,?,004C1384,?,00000001,00000000,004BAFA3,00000001,00000000), ref: 004C1555
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: map/set<T> too long
                                                                            • API String ID: 3248949544-1285458680
                                                                            • Opcode ID: 373c4984a0380365a134575c025ccd3d03ef30724ed9c15aa6ec8d22811ce55d
                                                                            • Instruction ID: 5f54f1dc26024d97c3e5589f28a2b26444c27508ce2d65950266073b7809569a
                                                                            • Opcode Fuzzy Hash: 373c4984a0380365a134575c025ccd3d03ef30724ed9c15aa6ec8d22811ce55d
                                                                            • Instruction Fuzzy Hash: D1D10F75E042459FCB04EFA5C891EAF7775AF8A304F1045AEF502AB355DA38AD01CBB8
                                                                            Function 0048D7D0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,A7504B2B,?,?,?,00530F79,000000FF,?,0048AEF4,?,00000001,?,?,00000001,00000000,00000000), ref: 0048D814
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 0048D828
                                                                            • _CxxThrowException.MSVCR80(0048AEF4,0057CBF8), ref: 0048D836
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(0048AEF4,0057CBF8,?,?,?,00530F79,000000FF,?,0048AEF4,?,00000001,?,?,00000001,00000000,00000000), ref: 0048D845
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: map/set<T> too long
                                                                            • API String ID: 3248949544-1285458680
                                                                            • Opcode ID: 30f3dba2d2509044dd435c0e4a58e2e90cb7d7e200ab4d5d41f53f078059e0ff
                                                                            • Instruction ID: f924f05d9c195ac9d2efefafaa7b998481315dfbc5b04f0f3db32ea2b030e7a3
                                                                            • Opcode Fuzzy Hash: 30f3dba2d2509044dd435c0e4a58e2e90cb7d7e200ab4d5d41f53f078059e0ff
                                                                            • Instruction Fuzzy Hash: 1ED1DB74E102459FCB04FFA5C891E6F7B75AF89304F10896EF4159B295CA38AD01CFA8
                                                                            Function 004C7A20 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 86COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                              • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                              • Part of subcall function 00407140: RegOpenKeyExW.ADVAPI32(?,80000002,00000000,00000000,00000000,80000002,SOFTWARE\ManyCam), ref: 00407162
                                                                            • memset.MSVCR80 ref: 004C7ABE
                                                                              • Part of subcall function 00407190: RegQueryValueExW.ADVAPI32(00000040,?,00000000,00000040,?,?,004C7AEB,AppVersion,?,00000040,80000002,SOFTWARE\ManyCam,00020019), ref: 004071CC
                                                                              • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                              • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeapclock$OpenQueryValuememset
                                                                            • String ID: @$AppVersion$CManyCamModel::GetManyCamVersion$SOFTWARE\ManyCam$ob@
                                                                            • API String ID: 1430646295-175800182
                                                                            • Opcode ID: 99caf996730d2821cc7d9e1b6342d5801e04e7129e3737ca7ce9bef82be1f397
                                                                            • Instruction ID: 07a999de59d8292b32f2331ae8109d5d18864066084ba78fe0f4ff90b5b286a5
                                                                            • Opcode Fuzzy Hash: 99caf996730d2821cc7d9e1b6342d5801e04e7129e3737ca7ce9bef82be1f397
                                                                            • Instruction Fuzzy Hash: 31315B70A04218DEDB10DB54D952BEEBBB4AB05304F0041AEE5457B2C1DBB86E48CBA6
                                                                            Function 004C1CC0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,A7504B2B,?,?,00000000,005340F9,000000FF,?,004C1B64,?,00000001,00000000,004BB8D3,00000001,00000000,00000000), ref: 004C1D04
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 004C1D18
                                                                            • _CxxThrowException.MSVCR80(004C1B64,0057CBF8), ref: 004C1D26
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004C1B64,0057CBF8,?,?,?,00000000,005340F9,000000FF,?,004C1B64,?,00000001,00000000,004BB8D3,00000001,00000000), ref: 004C1D35
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: map/set<T> too long
                                                                            • API String ID: 3248949544-1285458680
                                                                            • Opcode ID: 244b48426afd2b3cb84e5586bde9a12e9605ad4a338fae707614c6ae995eb5f3
                                                                            • Instruction ID: 76fe67f2c80d83fee2b03a8fd12379f2c1e3e221b52a71524e2575de1d4bc0e2
                                                                            • Opcode Fuzzy Hash: 244b48426afd2b3cb84e5586bde9a12e9605ad4a338fae707614c6ae995eb5f3
                                                                            • Instruction Fuzzy Hash: 1DD1E974A00205AFCB14EFE6C891EEF7775AFC9308B104D5EF4129B256DA39A801CBB5
                                                                            Function 004059C0 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvCreateMat.CXCORE099(00000004,00000001,00000005,?,?,004015E6,?), ref: 004059C9
                                                                            • cvCreateMat.CXCORE099(00000004,00000001,00000005,?,?,?,?,?,004015E6,?), ref: 00405A0C
                                                                            • cvCreateMat.CXCORE099(00000004,00000001,00000005,?,?,?,?,?,?,?,?,004015E6,?), ref: 00405A4F
                                                                              • Part of subcall function 004057D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,00000000), ref: 004057DA
                                                                              • Part of subcall function 004057D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,00000000), ref: 004057EC
                                                                              • Part of subcall function 004057D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,00000000), ref: 004057FE
                                                                              • Part of subcall function 004057D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405810
                                                                              • Part of subcall function 004057D0: cvGEMM.CXCORE099(?,?), ref: 0040586A
                                                                              • Part of subcall function 004057D0: cvGEMM.CXCORE099(?,?), ref: 00405895
                                                                              • Part of subcall function 004057D0: cvReleaseMat.CXCORE099(?), ref: 004058A2
                                                                              • Part of subcall function 004057D0: cvReleaseMat.CXCORE099(?), ref: 004058AF
                                                                              • Part of subcall function 004057D0: cvReleaseMat.CXCORE099(?), ref: 004058BC
                                                                              • Part of subcall function 004057D0: cvReleaseMat.CXCORE099(?), ref: 004058C9
                                                                            • cvReleaseMat.CXCORE099(?,?,?,?,00000000), ref: 00405A9A
                                                                            • cvReleaseMat.CXCORE099(?), ref: 00405AA7
                                                                            • cvReleaseMat.CXCORE099(?), ref: 00405AB4
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: CreateRelease
                                                                            • String ID:
                                                                            • API String ID: 557197377-0
                                                                            • Opcode ID: ba2c734ec160b10dc2be184458e091322f75ff8d3104fcbc22788eb87a98d7e3
                                                                            • Instruction ID: 043076e51676209564484e982c9936a884ec24064fff71ead1165430e30ebd4e
                                                                            • Opcode Fuzzy Hash: ba2c734ec160b10dc2be184458e091322f75ff8d3104fcbc22788eb87a98d7e3
                                                                            • Instruction Fuzzy Hash: C6311574605201DFD304DF10D499E26BBA1BFC8704F5289CCE2941B2E6DB71D936CB82
                                                                            Function 00BCC890 Relevance: 9.1, APIs: 6, Instructions: 63memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GlobalAlloc.KERNEL32(00BD318D,?,?,00BCD370,8BFFFEFC,50242444), ref: 00BCC89F
                                                                            • GlobalSize.KERNEL32(00BD318D), ref: 00BCC8AB
                                                                            • GlobalAlloc.KERNEL32(00000000,00000008), ref: 00BCC8BE
                                                                            • GlobalFree.KERNEL32(00BD318D), ref: 00BCC8DF
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Global$Alloc$FreeSize
                                                                            • String ID:
                                                                            • API String ID: 716937079-0
                                                                            • Opcode ID: 54969a0e1d14d3d333b47b246dd439038ee2aba5196c820f848c5c8995732aee
                                                                            • Instruction ID: 508985e4daf172367521c093ef46e01339b591d933759279ab7a956d5ac67ad6
                                                                            • Opcode Fuzzy Hash: 54969a0e1d14d3d333b47b246dd439038ee2aba5196c820f848c5c8995732aee
                                                                            • Instruction Fuzzy Hash: 8001B1727052196F5B246B69BCA9A7BFBDEFB98661744402EF94AC3310DEA19D00C390
                                                                            Function 00402BB0 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvCreateImage.CXCORE099(?,?,00000008,00000001,?,?,00403181,?,?), ref: 00402BC0
                                                                            • cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,00000000,?,0040120F), ref: 00402BD4
                                                                            • cvCreateImage.CXCORE099(?,?,00000020,00000003,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BE9
                                                                            • cvReleaseImage.CXCORE099(?,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BFE
                                                                            • cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C10
                                                                            • cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C22
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Image$CreateRelease
                                                                            • String ID:
                                                                            • API String ID: 3874174198-0
                                                                            • Opcode ID: 90bf2cca833fb2c28ec0a48af1516d2f96f179e9554cc466a05b48644bb4997a
                                                                            • Instruction ID: 6a9ac0958563a1589a8d938dd82cbe29a94ad790e47f913414e9d99cb75ce162
                                                                            • Opcode Fuzzy Hash: 90bf2cca833fb2c28ec0a48af1516d2f96f179e9554cc466a05b48644bb4997a
                                                                            • Instruction Fuzzy Hash: F901F9F590130176F630AB259D4EF4B76DCFF91701F04483AF55AA12C1F6B4E184C221
                                                                            Function 004032A0 Relevance: 9.1, APIs: 6, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvReleaseImage.CXCORE099(004012A4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032CA
                                                                            • cvReleaseImage.CXCORE099(004012A8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032DC
                                                                            • cvReleaseImage.CXCORE099(004012AC,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032EA
                                                                            • cvReleaseImage.CXCORE099(004012C0,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403302
                                                                            • cvReleaseImage.CXCORE099(004012C4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403314
                                                                            • cvReleaseImage.CXCORE099(004012C8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403326
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ImageRelease
                                                                            • String ID:
                                                                            • API String ID: 535124018-0
                                                                            • Opcode ID: d5d590391344c0c731e22e2c0c0412fa703b525e44fcf2c6df5cf6810ee77da8
                                                                            • Instruction ID: f6f80441a689a6daaa6ac2ab205e4bd6027bf7437223482053866a57996ed6f5
                                                                            • Opcode Fuzzy Hash: d5d590391344c0c731e22e2c0c0412fa703b525e44fcf2c6df5cf6810ee77da8
                                                                            • Instruction Fuzzy Hash: A91198F6801201E7EB309E11D889B4BBBACBF50302F44443AD84552285E778B78DCAAB
                                                                            Function 00BB9810 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 159COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • Unknown filter heuristic method, xrefs: 00BB981D
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Unknown filter heuristic method
                                                                            • API String ID: 0-3224722364
                                                                            • Opcode ID: 9f082e904c75eed330b1fd2711d1ca66a41d596ac3e5d2f7b057867ed122ec3f
                                                                            • Instruction ID: cbec6d1b4f738989f28ac096f9cef2459f5065c9a46e195794b04367f0213dbe
                                                                            • Opcode Fuzzy Hash: 9f082e904c75eed330b1fd2711d1ca66a41d596ac3e5d2f7b057867ed122ec3f
                                                                            • Instruction Fuzzy Hash: CD51B430600B0687D720AF65DD89BE7B7E4FF56344F1049ADE5E98B222EBB1E845C742
                                                                            Function 00434B70 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 152COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00447FF0: SendMessageW.USER32(?,0000110A,00000000,00000000), ref: 00448006
                                                                            • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00434C17
                                                                              • Part of subcall function 004DB530: _DebugHeapAllocator.LIBCPMTD ref: 004DB54A
                                                                            • memset.MSVCR80 ref: 00434C2B
                                                                              • Part of subcall function 00447E60: SendMessageW.USER32(?,00001132,00000000,yLC), ref: 00447E78
                                                                            • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00434CEC
                                                                              • Part of subcall function 004DAF40: _DebugHeapAllocator.LIBCPMTD ref: 004DAF57
                                                                            • memset.MSVCR80 ref: 00434D1D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeapMessageSendmemset$Base::Concurrency::details::Concurrency::task_options::get_schedulerPolicyScheduler
                                                                            • String ID: pzC
                                                                            • API String ID: 1527497025-2444570644
                                                                            • Opcode ID: e3d9d7585f77d899c6d2de3521e35a6c3d02375cb3cf3d8ffcf042e74bc981e3
                                                                            • Instruction ID: ed1ee3073941a6660e753338659c4a22794240fa1e9d27d03445b3c6d8f704d4
                                                                            • Opcode Fuzzy Hash: e3d9d7585f77d899c6d2de3521e35a6c3d02375cb3cf3d8ffcf042e74bc981e3
                                                                            • Instruction Fuzzy Hash: 9C610CB1D01118DBDB14DFA5D891BEEBBB5FF48304F2041AEE10A67281DB386A45CF99
                                                                            Function 00B92880 Relevance: 8.9, APIs: 7, Instructions: 125COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??2@YAPAXI@Z.MSVCR80(00000010,BB40E64E,?,?,?,?,00BDC6CD,000000FF), ref: 00B928A7
                                                                            • ??2@YAPAXI@Z.MSVCR80(00000010,?,?,?,?,?,?,?,000000FF), ref: 00B928D5
                                                                            • ??2@YAPAXI@Z.MSVCR80(00000010,00000000,?,?,?,?,?,?,?,?,000000FF), ref: 00B92906
                                                                            • ??2@YAPAXI@Z.MSVCR80(00000010,00000000,?,?,?,?,?,?,?,?,?,000000FF), ref: 00B92937
                                                                            • ??2@YAPAXI@Z.MSVCR80(00000010,00000000,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 00B92968
                                                                            • ??2@YAPAXI@Z.MSVCR80(00000010,00000000,?,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 00B92999
                                                                            • ??2@YAPAXI@Z.MSVCR80(00000010,00000000,?,?,?,?,?,?,?,?,?,?,?,?,000000FF), ref: 00B929CA
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ??2@
                                                                            • String ID:
                                                                            • API String ID: 1033339047-0
                                                                            • Opcode ID: 9b057b9e533050bb77c67dab2cfc4816063fa117c6fa73d2160d4f68546c6d73
                                                                            • Instruction ID: 7e25b8255ef59f6a2e2261fa52ca77cd6930c1a7a29112e5add75e85c8eb061e
                                                                            • Opcode Fuzzy Hash: 9b057b9e533050bb77c67dab2cfc4816063fa117c6fa73d2160d4f68546c6d73
                                                                            • Instruction Fuzzy Hash: DA415EB1A48301AFDB51EF79889672BBAD4AF84300F144CBEE499C7381EB74D4448F92
                                                                            Function 00408360 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 116stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • lstrlenW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004083C6
                                                                            • CompareStringW.KERNEL32(00000400,00000001,?,00000003,<A>,00000003), ref: 00408424
                                                                            • CompareStringW.KERNEL32(00000400,00000001,?,00000004,</A>,00000004), ref: 00408474
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: CompareString$lstrlen
                                                                            • String ID: </A>$<A>
                                                                            • API String ID: 1657112622-2122467442
                                                                            • Opcode ID: 71153d6a453ea1603edaace69c389d9b4173073ffd4576bfc9ed4d047b5a66fa
                                                                            • Instruction ID: 8d4014fe370238e856f28d0c67f96b0aed6e5c53389ece421d0f182d8b12796b
                                                                            • Opcode Fuzzy Hash: 71153d6a453ea1603edaace69c389d9b4173073ffd4576bfc9ed4d047b5a66fa
                                                                            • Instruction Fuzzy Hash: CB5121B4A0421ADFDB04CF88C990BAEB7B2FF84304F108159E915AB3D0DB75A946CF95
                                                                            Function 00BA11D0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 99COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: getenvmallocsscanf
                                                                            • String ID: %ld%c$JPEGMEM$x
                                                                            • API String ID: 677315340-3402169052
                                                                            • Opcode ID: 495c451a687e2d49d351bc00779b056c9d085188ce9cacd4a5c773e25dfe07ee
                                                                            • Instruction ID: 61a1f59de2976d145acded7f64d4f60de8106f02b6ca44f724eb2250f1f57a0a
                                                                            • Opcode Fuzzy Hash: 495c451a687e2d49d351bc00779b056c9d085188ce9cacd4a5c773e25dfe07ee
                                                                            • Instruction Fuzzy Hash: 094153B54087019FD720CF1DC884956FBF4FF82348B108AAEE09A8B661E771E919CF91
                                                                            Function 004098C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 00409943
                                                                              • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                              • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                              • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 00409981
                                                                            • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,?,?,0053CC2C,data\images\addEffectDlg\,?,?,?,A7504B2B), ref: 004099A1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$Image@@Load@
                                                                            • String ID: .png$data\images\addEffectDlg\
                                                                            • API String ID: 1315443971-2820274302
                                                                            • Opcode ID: b1f5f912a3a6442a3cc382653bc540b1293c177797d8700b4929a6cfcbca8e46
                                                                            • Instruction ID: 99387fa8a9a4026cbf0ab0abdc8698a1dc38235ed2b893dafecf0ce6710d2d8a
                                                                            • Opcode Fuzzy Hash: b1f5f912a3a6442a3cc382653bc540b1293c177797d8700b4929a6cfcbca8e46
                                                                            • Instruction Fuzzy Hash: 363117B1D1520CABCB04EFA9D945BDDBFB4FB08304F10852EE42577281D7745909CB98
                                                                            Function 0041C830 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0041C8AC
                                                                              • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                              • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                              • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0041C8EA
                                                                            • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,0041C80E,00000049,0053F620,data\images\maindlg\,00000049,?,00000000,A7504B2B,?,0041C80E,0000000C,00000049), ref: 0041C90D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$Image@@Load@
                                                                            • String ID: .png$data\images\maindlg\
                                                                            • API String ID: 1315443971-2402009575
                                                                            • Opcode ID: 1ae46db1c05b4e9d5e20b3199a0bbc276ac8498851860a350528a00f3f14c102
                                                                            • Instruction ID: 95f2c906bb04f7db6848c29b7cfe536fa7cadaced1f5336b0e2a281727f52370
                                                                            • Opcode Fuzzy Hash: 1ae46db1c05b4e9d5e20b3199a0bbc276ac8498851860a350528a00f3f14c102
                                                                            • Instruction Fuzzy Hash: AD312DB1D05248EBCB04EFA5D986BDDBBB4FF18714F10452EE01577291D7746A08CBA8
                                                                            Function 0041DB20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                              • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0041DB9C
                                                                              • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                              • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                              • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0041DBDA
                                                                            • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,?,?,005405C4,data\images\maindlg\,?,?,?,A7504B2B,Zoom in,CameraDlg\btn_zoomIn,00000000,?), ref: 0041DBFD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$Image@@Load@
                                                                            • String ID: .png$data\images\maindlg\
                                                                            • API String ID: 1315443971-2402009575
                                                                            • Opcode ID: 339cf44c9e6672a47bb4ab3fad3452b9ff9abffd4164bb4841253d5f49bda66a
                                                                            • Instruction ID: d4b00160755fc9498c9e644aa4a373da1a989c0672b95b20752ea7274bdd65c2
                                                                            • Opcode Fuzzy Hash: 339cf44c9e6672a47bb4ab3fad3452b9ff9abffd4164bb4841253d5f49bda66a
                                                                            • Instruction Fuzzy Hash: 03313AB1D052089BCB04EF94D945BDEBBB4FB48318F20852EE516772C1D7746A48CBA8
                                                                            Function 00BBB6B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 58COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: fprintf
                                                                            • String ID: libpng warning no. %s: %s$libpng warning: %s
                                                                            • API String ID: 383729395-566911401
                                                                            • Opcode ID: 65b62045444eb78d5d87a65db8437c79585de537338a750968a56d3bcfbde8c8
                                                                            • Instruction ID: e0ab4292319692668b67a7dd27caced310a29b2d6add869bdde559447d9a2613
                                                                            • Opcode Fuzzy Hash: 65b62045444eb78d5d87a65db8437c79585de537338a750968a56d3bcfbde8c8
                                                                            • Instruction Fuzzy Hash: 55016F7150018117D3105B2CDC699BABFE5DFC1308F8844C9E4C6A77A3E6B59859C251
                                                                            Function 00B95E90 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageA.USER32(?,00000405,00000001,?), ref: 00B95ED7
                                                                            • cvError.CXCORE099(000000E5,cvSetTrackbarPos,NULL trackbar or window name,.\window_w32.cpp,00000598), ref: 00B95EFF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMessageSend
                                                                            • String ID: .\window_w32.cpp$NULL trackbar or window name$cvSetTrackbarPos
                                                                            • API String ID: 1924224178-4125994439
                                                                            • Opcode ID: cc48e50baa1b15bb6e6a0d656f6a5977fe27b3b1f24b502850425103ba423133
                                                                            • Instruction ID: 01105c9005d03b47ba9b790a42b0265292d4408bafe1803f4d551e62902e925e
                                                                            • Opcode Fuzzy Hash: cc48e50baa1b15bb6e6a0d656f6a5977fe27b3b1f24b502850425103ba423133
                                                                            • Instruction Fuzzy Hash: AEF0F933680F10178E32AA29AC02E6BA2D59BD0F30B0B05F9F558E7291FB21EC0147A1
                                                                            Function 004AE0D0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,A7504B2B,?,?,?,?,?,?,?,00000000,00533079,000000FF,?,004CA363,004C9539), ref: 004AE0FD
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 004AE111
                                                                            • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004AE11F
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00533079,000000FF,?,004CA363,004C9539), ref: 004AE12E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: vector<T> too long
                                                                            • API String ID: 3248949544-3788999226
                                                                            • Opcode ID: ae87a26418053443f0edf2846f8f275329f855a056418cc1095f19f45bc3fa38
                                                                            • Instruction ID: 992c7d1c538af7c9c0ce4edad66a1111de3b001cb72a08a5d5271ad12714ae45
                                                                            • Opcode Fuzzy Hash: ae87a26418053443f0edf2846f8f275329f855a056418cc1095f19f45bc3fa38
                                                                            • Instruction Fuzzy Hash: CCF04FB1944648EBCB14DF94ED45FDDBB78FB14720F50426AF812A32D0DB756A08CB54
                                                                            Function 004307E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,A7504B2B,?,?,?,?,?,?,?,00000000,0052A649,000000FF,?,004304C6,?,A7504B2B), ref: 0043080D
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 00430821
                                                                            • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0043082F
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,0052A649,000000FF,?,004304C6,?), ref: 0043083E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: vector<T> too long
                                                                            • API String ID: 3248949544-3788999226
                                                                            • Opcode ID: e084c971732a66b90e1072e7244ee56ba224c388b66ba4f93c615bfa38d58c9c
                                                                            • Instruction ID: 84ce0209dc11d6b23fc1989ca18a4f5fc0ac43ec5a2d3810fda43137453e27bd
                                                                            • Opcode Fuzzy Hash: e084c971732a66b90e1072e7244ee56ba224c388b66ba4f93c615bfa38d58c9c
                                                                            • Instruction Fuzzy Hash: FCF0A9B1944248EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54
                                                                            Function 004E27F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,A7504B2B,?,?,?,?,?,?,?,?,00000000,00536A69,000000FF,?,004E144B,A7504B2B), ref: 004E281D
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 004E2831
                                                                            • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004E283F
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,?,00000000,00536A69,000000FF,?,004E144B), ref: 004E284E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: vector<T> too long
                                                                            • API String ID: 3248949544-3788999226
                                                                            • Opcode ID: dc35638380dab2938959a34dbcce56baedfc7c7e4cd6927fef2e7d6d97a3b54c
                                                                            • Instruction ID: 0a4d440cb5536f40db0fd076e9c7fc5d2a12fc606929b1cb6c9b0b09eff913f8
                                                                            • Opcode Fuzzy Hash: dc35638380dab2938959a34dbcce56baedfc7c7e4cd6927fef2e7d6d97a3b54c
                                                                            • Instruction Fuzzy Hash: B4F03CB1944648EBCB14DF94ED45B9DBB78FB14720F50426AA812A32D0DB756A08CB54
                                                                            Function 00412890 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,A7504B2B,?,?,?,?,?,?,?,00000000,00528FB9,000000FF,?,00411C76,?,A7504B2B), ref: 004128BD
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 004128D1
                                                                            • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004128DF
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00528FB9,000000FF,?,00411C76,?), ref: 004128EE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: vector<T> too long
                                                                            • API String ID: 3248949544-3788999226
                                                                            • Opcode ID: c780cc5cd66b70a61fb923b6734da329fed68386e0d1462283d30a24de8a1d3f
                                                                            • Instruction ID: 4f722f1132bf029aa43680a0f31b4d6b59234f2f3b0eea29470ee80f38ab1d71
                                                                            • Opcode Fuzzy Hash: c780cc5cd66b70a61fb923b6734da329fed68386e0d1462283d30a24de8a1d3f
                                                                            • Instruction Fuzzy Hash: B3F08CB1904248EBCB14DF90ED41B9DBB78FB04720F40022AB812A32C0EB756A08CB54
                                                                            Function 004D4940 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,A7504B2B,?,?,?,?,?,?,?,00000000,00535729,000000FF,?,004D3CB6,00000000,A7504B2B), ref: 004D496D
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 004D4981
                                                                            • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004D498F
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00535729,000000FF,?,004D3CB6,00000000), ref: 004D499E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: vector<T> too long
                                                                            • API String ID: 3248949544-3788999226
                                                                            • Opcode ID: f5e9ddf57e258ff8f81d687b94cbb6babb7938dca145e5172867018050d52fb0
                                                                            • Instruction ID: 2198fcef12488e2d17d3691da39b82749544227340ee56d3737a145847e009f6
                                                                            • Opcode Fuzzy Hash: f5e9ddf57e258ff8f81d687b94cbb6babb7938dca145e5172867018050d52fb0
                                                                            • Instruction Fuzzy Hash: 21F0A9B1904648EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54
                                                                            Function 0048EBA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,A7504B2B,?,?,?,?,?,?,?,00000000,00531039,000000FF,?,0048BAC3,?), ref: 0048EBCD
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 0048EBE1
                                                                            • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048EBEF
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531039,000000FF,?,0048BAC3,?), ref: 0048EBFE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: vector<T> too long
                                                                            • API String ID: 3248949544-3788999226
                                                                            • Opcode ID: 1ea01a54b671203e94099090e90c6f810493855dc45a6ce695e3d5e9399e45a7
                                                                            • Instruction ID: 92daabea73afc4e90302cbcf7baf13e44f6b9f868eface51cfc7e975ed78bb7a
                                                                            • Opcode Fuzzy Hash: 1ea01a54b671203e94099090e90c6f810493855dc45a6ce695e3d5e9399e45a7
                                                                            • Instruction Fuzzy Hash: 95F03CB1944648EBCB14DFA4ED45B9DBB78FB14720F50426AE812A32D0DB756A08CB54
                                                                            Function 0044ED50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,A7504B2B,?,?,?,?,?,?,?,00000000,0052CF99,000000FF,?,0044CB83,00000000), ref: 0044ED7D
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 0044ED91
                                                                            • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0044ED9F
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,0052CF99,000000FF,?,0044CB83,00000000), ref: 0044EDAE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: vector<T> too long
                                                                            • API String ID: 3248949544-3788999226
                                                                            • Opcode ID: 5b8e1bbaaa4858481c8b052d95aae316f4802631e30b8cefb630b981b18aab31
                                                                            • Instruction ID: f5a7866f547bb55f07dc25e2db114e65ea79899798aec203e725cd6f1ff4eb0e
                                                                            • Opcode Fuzzy Hash: 5b8e1bbaaa4858481c8b052d95aae316f4802631e30b8cefb630b981b18aab31
                                                                            • Instruction Fuzzy Hash: E2F0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0EB756A08CB54
                                                                            Function 00430D10 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,A7504B2B,?,?,?,?,?,?,?,00000000,0052A699,000000FF,?,004301A3,00000000), ref: 00430D3D
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 00430D51
                                                                            • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 00430D5F
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,0052A699,000000FF,?,004301A3,00000000), ref: 00430D6E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: vector<T> too long
                                                                            • API String ID: 3248949544-3788999226
                                                                            • Opcode ID: 4e7c7e61b8e4b61418f89952c155b68a96c666f8f64ae422fdef5ea6b294711e
                                                                            • Instruction ID: 2c432eddfbe67746ec497c333af96acf5ab7e20aac0011f52034aeffc7690669
                                                                            • Opcode Fuzzy Hash: 4e7c7e61b8e4b61418f89952c155b68a96c666f8f64ae422fdef5ea6b294711e
                                                                            • Instruction Fuzzy Hash: 43F0A9B1904248EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32D0EB756A08CB54
                                                                            Function 0049EEA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,A7504B2B,?,?,?,?,?,?,?,00000000,00531FD9,000000FF,?,0049E8F3,?), ref: 0049EECD
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 0049EEE1
                                                                            • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0049EEEF
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531FD9,000000FF,?,0049E8F3,?), ref: 0049EEFE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: vector<T> too long
                                                                            • API String ID: 3248949544-3788999226
                                                                            • Opcode ID: 164d6ffe732d9fa8baa0de175643794e8cd3c3d995353351aea268910f753e13
                                                                            • Instruction ID: 9df2125c4ef5457798524062e3a11b60d2f3a7f222f2b8b9a439bf1f8e3d57c1
                                                                            • Opcode Fuzzy Hash: 164d6ffe732d9fa8baa0de175643794e8cd3c3d995353351aea268910f753e13
                                                                            • Instruction Fuzzy Hash: 0DF03CB1944648EBCB14DFA4ED45B9DBB78FB14720F50426AB812A32D0DB756A08CB54
                                                                            Function 0048F010 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,A7504B2B,?,?,?,?,?,?,?,00000000,00531089,000000FF,?,0048BDE3,?), ref: 0048F03D
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 0048F051
                                                                            • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048F05F
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531089,000000FF,?,0048BDE3,?), ref: 0048F06E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: vector<T> too long
                                                                            • API String ID: 3248949544-3788999226
                                                                            • Opcode ID: 71dadd736df40f3aec662dc85990cd5a9acc2abe6039822e8930e788f3d2d61d
                                                                            • Instruction ID: 682a0ac2237076830f2f8a4780188971040c04754dbc9da0d02d05fab003b1b6
                                                                            • Opcode Fuzzy Hash: 71dadd736df40f3aec662dc85990cd5a9acc2abe6039822e8930e788f3d2d61d
                                                                            • Instruction Fuzzy Hash: EAF04FB1944648EBCB14DFA4ED45FDDBB78FB14720F50426AF812A32D0DB756A08CB54
                                                                            Function 005154A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,A7504B2B,?,?,?,?,?,?,?,00000000,00539FA9,000000FF,?,00514D33,00000000), ref: 005154CD
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 005154E1
                                                                            • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 005154EF
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00539FA9,000000FF,?,00514D33,00000000), ref: 005154FE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: vector<T> too long
                                                                            • API String ID: 3248949544-3788999226
                                                                            • Opcode ID: 21906fa773c1a88a46cbeca3caa33a554fe8bf6e2e2ae55b577b5ad68c6107b2
                                                                            • Instruction ID: 3b973596a2f941747c7d90d8fc74631754525317a6dec37d5ee4e5a0a6c799d4
                                                                            • Opcode Fuzzy Hash: 21906fa773c1a88a46cbeca3caa33a554fe8bf6e2e2ae55b577b5ad68c6107b2
                                                                            • Instruction Fuzzy Hash: 5EF0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0DB756A08CB54
                                                                            Function 0048F5A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,A7504B2B,?,?,?,?,?,?,?,00000000,005310F9,000000FF,?,0048C0E3,?), ref: 0048F5CD
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 0048F5E1
                                                                            • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048F5EF
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,005310F9,000000FF,?,0048C0E3,?), ref: 0048F5FE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: vector<T> too long
                                                                            • API String ID: 3248949544-3788999226
                                                                            • Opcode ID: 2e5544c3049f0ddd4019a116dffb44736a158589b34b35f21578acc8ae9f3b44
                                                                            • Instruction ID: 08e9fbeb3975674469a3edd29ebdb77383574d31636ade62e638ab3924d92cf8
                                                                            • Opcode Fuzzy Hash: 2e5544c3049f0ddd4019a116dffb44736a158589b34b35f21578acc8ae9f3b44
                                                                            • Instruction Fuzzy Hash: 3DF0AFB1944648EBCB14DFA4ED45FDDBB78FB04720F40022AF812A32C0DB756A08CB54
                                                                            Function 005158F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,A7504B2B,?,?,?,?,?,?,?,00000000,00539FF9,000000FF,?,00515013,00000000), ref: 0051591D
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 00515931
                                                                            • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0051593F
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00539FF9,000000FF,?,00515013,00000000), ref: 0051594E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: vector<T> too long
                                                                            • API String ID: 3248949544-3788999226
                                                                            • Opcode ID: c03e804887ee8c35b5c9129f015bd810eaabdc85a554e80187cf2ad872c0fd71
                                                                            • Instruction ID: 51a0fa11ac444c003223335a96b02d8df365eee37e9292b937eae9cfb1e93a6e
                                                                            • Opcode Fuzzy Hash: c03e804887ee8c35b5c9129f015bd810eaabdc85a554e80187cf2ad872c0fd71
                                                                            • Instruction Fuzzy Hash: ABF0A9B1944248EBCB14DFA4ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54
                                                                            Function 004B5A70 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,A7504B2B,?,?,?,?,?,?,?,00000000,00533789,000000FF,?,004B5203,?), ref: 004B5A9D
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 004B5AB1
                                                                            • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004B5ABF
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00533789,000000FF,?,004B5203,?), ref: 004B5ACE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: vector<T> too long
                                                                            • API String ID: 3248949544-3788999226
                                                                            • Opcode ID: 7d4be2965033fb03e547b7350437180e22248366361f058fced24ed85baafd60
                                                                            • Instruction ID: fc41df5464ddba924a0dc626ab5e99040adcc0584381bc92148727cb0a18adb2
                                                                            • Opcode Fuzzy Hash: 7d4be2965033fb03e547b7350437180e22248366361f058fced24ed85baafd60
                                                                            • Instruction Fuzzy Hash: C9F0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0DB756A08CB54
                                                                            Function 0048FA20 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,A7504B2B,?,?,?,?,?,?,?,00000000,00531159,000000FF,?,0048C3E3,?), ref: 0048FA4D
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 0048FA61
                                                                            • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048FA6F
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531159,000000FF,?,0048C3E3,?), ref: 0048FA7E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: vector<T> too long
                                                                            • API String ID: 3248949544-3788999226
                                                                            • Opcode ID: e43f4da5e34bbdf5da09b38449cb6b4d10e80e7ee71886185af6db6e9ad99d86
                                                                            • Instruction ID: c8a4cafde9e9d18d89a6ec27ab975a93f5cc337054f01616f8720c420af3b1d3
                                                                            • Opcode Fuzzy Hash: e43f4da5e34bbdf5da09b38449cb6b4d10e80e7ee71886185af6db6e9ad99d86
                                                                            • Instruction Fuzzy Hash: 9BF087B1904648EBCB14DFA0ED41BDDBB78FB04720F40022AE822A32C0EB756A08CB54
                                                                            Function 00411B80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,A7504B2B,?,?,?,?,?,?,?,00000000,00528E99,000000FF,?,00410AF3,00000000), ref: 00411BAD
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 00411BC1
                                                                            • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 00411BCF
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00528E99,000000FF,?,00410AF3,00000000), ref: 00411BDE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: vector<T> too long
                                                                            • API String ID: 3248949544-3788999226
                                                                            • Opcode ID: 91c4acec3fcf390d7650ee22321e3af3fea277019d6c7fd99ac7c15ae0389148
                                                                            • Instruction ID: ab577654a64f9acfc70fc64036853a5e06cda14a9969e1db11fea8e1d234e52f
                                                                            • Opcode Fuzzy Hash: 91c4acec3fcf390d7650ee22321e3af3fea277019d6c7fd99ac7c15ae0389148
                                                                            • Instruction Fuzzy Hash: 4EF08CB1904248EBCB14DF90ED41B9DBB78FB14720F40022AA822A32C0DB756A08CB54
                                                                            Function 00413D60 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,A7504B2B,?,?,?,?,?,?,?,?,00000000,00529039,000000FF,?,0041396B,A7504B2B), ref: 00413D8D
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 00413DA1
                                                                            • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 00413DAF
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,?,00000000,00529039,000000FF,?,0041396B), ref: 00413DBE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: vector<T> too long
                                                                            • API String ID: 3248949544-3788999226
                                                                            • Opcode ID: 448ea5f94cb60192865ba4fbef2add8389144e365060ecc549b7188aeb5b01d7
                                                                            • Instruction ID: 9c1b3f4287bc4e1579ca5606d1e83d7bd75289f32f9710707e675685a1b0ed81
                                                                            • Opcode Fuzzy Hash: 448ea5f94cb60192865ba4fbef2add8389144e365060ecc549b7188aeb5b01d7
                                                                            • Instruction Fuzzy Hash: 35F08CB1904248EBCB14DF90ED45B9DBB78FB04720F40022AA822A32C0DB756A08CB54
                                                                            Function 0048FE80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,A7504B2B,?,?,?,?,?,?,?,00000000,005311A9,000000FF,?,0048C6C3,?), ref: 0048FEAD
                                                                            • std::bad_exception::bad_exception.LIBCMTD ref: 0048FEC1
                                                                            • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048FECF
                                                                            • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,005311A9,000000FF,?,0048C6C3,?), ref: 0048FEDE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                            • String ID: vector<T> too long
                                                                            • API String ID: 3248949544-3788999226
                                                                            • Opcode ID: 27461d1cee31f37f4b12f43d61b2addfb9a3f208f85983c24dba573d14a14082
                                                                            • Instruction ID: 5f6de052f28c2a1b459ecf3d81b30dea1840ef8b00bbd3f5c657bc7d8005cdfb
                                                                            • Opcode Fuzzy Hash: 27461d1cee31f37f4b12f43d61b2addfb9a3f208f85983c24dba573d14a14082
                                                                            • Instruction Fuzzy Hash: 0AF0A9B1904648EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54
                                                                            Function 00B99E10 Relevance: 7.7, APIs: 5, Instructions: 166fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ??2@??3@_setjmp3fclosefopen
                                                                            • String ID:
                                                                            • API String ID: 1448151454-0
                                                                            • Opcode ID: 291fe1d9f172636f3e291bf8b6812345e5dcda22a56255e5b6fa00555a86c8bc
                                                                            • Instruction ID: d06e7f98f4fce1b563f259670deb6dac49d5ca5a697b9d842b0c1adfd2f27970
                                                                            • Opcode Fuzzy Hash: 291fe1d9f172636f3e291bf8b6812345e5dcda22a56255e5b6fa00555a86c8bc
                                                                            • Instruction Fuzzy Hash: AE5139B1D002689BDF34DF24CC81BDEB7B8AB14704F1445EAE919A7241EA719AC4CF91
                                                                            Function 0050D790 Relevance: 7.7, APIs: 6, Instructions: 164COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: wcscatwcscpy
                                                                            • String ID:
                                                                            • API String ID: 1670345547-0
                                                                            • Opcode ID: e2b6f5d47b797e7b3fc719e1e1982e1acc003f1d96efd1ad022790a38e43f0aa
                                                                            • Instruction ID: 3389ee2cf22810ea72753d2d0cc2d0bc4eb9618de903a8545642f9e6fbc98239
                                                                            • Opcode Fuzzy Hash: e2b6f5d47b797e7b3fc719e1e1982e1acc003f1d96efd1ad022790a38e43f0aa
                                                                            • Instruction Fuzzy Hash: BF714EB5A0010ADFCB14CF54D984AAEBBB5FF85310F148998E90AAB381D770EE44CF65
                                                                            Function 00503DF0 Relevance: 7.7, APIs: 5, Instructions: 164COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ?good@ios_base@std@@QBE_NXZ.MSVCP80(A7504B2B,?,?,?,A7504B2B,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,A7504B2B), ref: 00503E2C
                                                                            • ?flags@ios_base@std@@QBEHXZ.MSVCP80(?,?,?,A7504B2B,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,A7504B2B), ref: 00503E81
                                                                            • ?getloc@ios_base@std@@QBE?AVlocale@2@XZ.MSVCP80(0050260E,?,?,?,A7504B2B,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,A7504B2B), ref: 00503E9F
                                                                            • ??1locale@std@@QAE@XZ.MSVCP80(?,A7504B2B,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,A7504B2B), ref: 00503ECE
                                                                            • ?good@ios_base@std@@QBE_NXZ.MSVCP80(?,?,?,A7504B2B,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,A7504B2B), ref: 00503FD0
                                                                              • Part of subcall function 00503AA0: ?fail@ios_base@std@@QBE_NXZ.MSVCP80 ref: 00503ABD
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ?good@ios_base@std@@$??1locale@std@@?fail@ios_base@std@@?flags@ios_base@std@@?getloc@ios_base@std@@Vlocale@2@
                                                                            • String ID:
                                                                            • API String ID: 1501252752-0
                                                                            • Opcode ID: ddfaf7a637f4d78839835dee01d19acffd7136be91526d35f5f5c0920258139d
                                                                            • Instruction ID: 6ba259f0433efdbda44c084f56a44e9fe0f1a453adb065355b40409e40917acf
                                                                            • Opcode Fuzzy Hash: ddfaf7a637f4d78839835dee01d19acffd7136be91526d35f5f5c0920258139d
                                                                            • Instruction Fuzzy Hash: 9961F874E002099FCB04DFA4D995AEEBBF5FF89300F248159E502A7392DB36AE05DB50
                                                                            Function 00B95020 Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001,00000000,00000000,00000000), ref: 00B95149
                                                                              • Part of subcall function 00B94F90: GdiFlush.GDI32(00B95056,?,?,00000000,00000000,00000000), ref: 00B94F93
                                                                              • Part of subcall function 00B94F90: GetCurrentObject.GDI32(?,00000007), ref: 00B94FA3
                                                                              • Part of subcall function 00B94F00: GetClientRect.USER32(?,00000000), ref: 00B94F0F
                                                                              • Part of subcall function 00B94F00: GetWindowRect.USER32(?,?), ref: 00B94F22
                                                                              • Part of subcall function 00B94F00: SubtractRect.USER32(?,?,?), ref: 00B94F41
                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,00000000), ref: 00B950B0
                                                                            • GetClientRect.USER32(?,?), ref: 00B950BB
                                                                            • GetWindowRect.USER32(?,?), ref: 00B950CA
                                                                            • MoveWindow.USER32(?,?,?,00000001,00000001,00000001,?,?,?,?,00000000,00000000), ref: 00B95106
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: RectWindow$Move$Client$CurrentFlushObjectSubtract
                                                                            • String ID:
                                                                            • API String ID: 1830049877-0
                                                                            • Opcode ID: 47e49916515b5b45f3a5eed3e55e8203f3d94b25e291275b671f28226cd7c067
                                                                            • Instruction ID: c7e261da9445f927d84646201548ba3b1631921ca65e40c5186dfadc23442445
                                                                            • Opcode Fuzzy Hash: 47e49916515b5b45f3a5eed3e55e8203f3d94b25e291275b671f28226cd7c067
                                                                            • Instruction Fuzzy Hash: 50416C71614201AFCB04DF68DD85EABBBE9FFC8314F048A6DF989A3214D634E945CB91
                                                                            Function 00506EF0 Relevance: 7.6, APIs: 5, Instructions: 104memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 00506F28
                                                                              • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                            • ??2@YAPAXI@Z.MSVCR80(00000004,00565168,A7504B2B,?,?,?,?,?,?,?,?,?,?,00539108,000000FF), ref: 00506F2F
                                                                            • codecvt.LIBCPMTD ref: 00506F9F
                                                                            • wcstol.MSVCR80 ref: 00506FEE
                                                                            • codecvt.LIBCPMTD ref: 00507011
                                                                              • Part of subcall function 00415BF0: ??3@YAXPAX@Z.MSVCR80(?,?,?,00415B3D,00000000,?,00415660,?,00000000,?,00415162,?,?,004141EC,00000000,?), ref: 00415C0B
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeapcodecvt$??2@??3@wcstol
                                                                            • String ID:
                                                                            • API String ID: 74129304-0
                                                                            • Opcode ID: f820b669af4b91f01ff1afac2cb9a1d8ae762e6116985bebba3912421fffcbed
                                                                            • Instruction ID: 6d66b3f1b8e0294eece4e25a7ed8cbe839a85e6d975fee0ec5976f71f30e8fe7
                                                                            • Opcode Fuzzy Hash: f820b669af4b91f01ff1afac2cb9a1d8ae762e6116985bebba3912421fffcbed
                                                                            • Instruction Fuzzy Hash: 7E4103B0D05209EFDB14DF94D895BEEBBB0BB48314F20852AE416AB2C0DB756A45CF94
                                                                            Function 00B980A0 Relevance: 7.6, APIs: 6, Instructions: 104stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: strchr$tolower
                                                                            • String ID:
                                                                            • API String ID: 1960513771-0
                                                                            • Opcode ID: 78d6ed3ac16ddc681d6d304668006f0464c0f222f9c586bfa0624076d78cdd1e
                                                                            • Instruction ID: 4bca845c4c878a1a561266e20a3a86b4ae2f956c531e1195ae80e54aa7a9dc9a
                                                                            • Opcode Fuzzy Hash: 78d6ed3ac16ddc681d6d304668006f0464c0f222f9c586bfa0624076d78cdd1e
                                                                            • Instruction Fuzzy Hash: E3313A7254431657CF20DFA4AC8076AB7D5EF9A311F08047AEE44E7211FE72D94A87A1
                                                                            Function 0046C100 Relevance: 7.6, APIs: 5, Instructions: 96stringCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • lstrlenW.KERNEL32(00000000,00569E8C), ref: 0046C121
                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080), ref: 0046C16B
                                                                            • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080), ref: 0046C17D
                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080), ref: 0046C19E
                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080,?,00000000,00000000,00000000), ref: 0046C1DC
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                            • String ID:
                                                                            • API String ID: 3322701435-0
                                                                            • Opcode ID: cbcd1fa559f8ae4230e768bd00e513c0907913d8661ee28b925d20b683ff2109
                                                                            • Instruction ID: c9f41260a9b7f310c3a2772d0b559dbbeee8ca943a5465fee336bfd2e85e9abf
                                                                            • Opcode Fuzzy Hash: cbcd1fa559f8ae4230e768bd00e513c0907913d8661ee28b925d20b683ff2109
                                                                            • Instruction Fuzzy Hash: E3310DB5A40208BFEB04DF94CC96FAF77B9FB48704F108549F615EB280D675A940DB94
                                                                            Function 00405E10 Relevance: 7.6, APIs: 5, Instructions: 82COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00405E22
                                                                            • cvCreateMat.CXCORE099(00000004,00000004,00000005,00000004,00000004,00000005), ref: 00405E2F
                                                                              • Part of subcall function 004052F0: cvSet.CXCORE099(?,?,?,?,?,?,00000000,?,00401783), ref: 0040530E
                                                                            • cvGEMM.CXCORE099(00000000,?), ref: 00405E67
                                                                            • cvCopy.CXCORE099(00000000,00000000,00000000,00000000,?), ref: 00405E70
                                                                            • cvScaleAdd.CXCORE099(00000000), ref: 00405EC9
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Create$CopyScale
                                                                            • String ID:
                                                                            • API String ID: 461463502-0
                                                                            • Opcode ID: 9b155aa8d9b7d350014ff22c71609d5e50d78062370eef75407f380a65ed93fa
                                                                            • Instruction ID: 243994d87a2382b29a994a3e478baa9f1873f37bc1af83bd278c7c66fdfcfe6b
                                                                            • Opcode Fuzzy Hash: 9b155aa8d9b7d350014ff22c71609d5e50d78062370eef75407f380a65ed93fa
                                                                            • Instruction Fuzzy Hash: 322129B2E0061076D7103B65DC4BB577B68DF40754F410869FE84AB2E2F97289208BD6
                                                                            Function 00520C30 Relevance: 7.5, APIs: 5, Instructions: 30synchronizationCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EnterCriticalSection.KERNEL32(?,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C38
                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C45
                                                                            • SetEvent.KERNEL32(0000000A,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C60
                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?), ref: 00520C6C
                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C76
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalSection$Leave$EnterEventObjectSingleWait
                                                                            • String ID:
                                                                            • API String ID: 2480823239-0
                                                                            • Opcode ID: 69de553fff6750679b5045ee798069faca8b5646966b91e150a6d47a83d5acfd
                                                                            • Instruction ID: 20fc61db396638aa89e1fa09a044bcff496ff3b65396fda0f4d22a802af35d76
                                                                            • Opcode Fuzzy Hash: 69de553fff6750679b5045ee798069faca8b5646966b91e150a6d47a83d5acfd
                                                                            • Instruction Fuzzy Hash: 12F05E761002109BD320DB19EC4899BF7B8EFE5731B008A1EF66693760C774A84ADB50
                                                                            Function 0048B460 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(00000000,00000000,?,0047AE1E), ref: 0048B46C
                                                                            • ?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z.MSVCP80(?,?,0047AE1E), ref: 0048B47E
                                                                            • ?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ.MSVCP80(?,0047AE1E), ref: 0048B487
                                                                            • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,0047AE1E), ref: 0048B497
                                                                            • ?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z.MSVCP80(00000000,?,0047AE1E), ref: 0048B4A7
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$?at@?$basic_string@_?empty@?$basic_string@_?resize@?$basic_string@_?size@?$basic_string@D@2@@std@@D@std@@Myptr@?$basic_string@_U?$char_traits@V?$allocator@
                                                                            • String ID:
                                                                            • API String ID: 4057328569-0
                                                                            • Opcode ID: c7ba979821146be9279d2770a084e86471b0649c4ca3e01649a5b532db9d5204
                                                                            • Instruction ID: d80ad3f19352604951a50fa2e2320d740545fe158bc114347127201c31090748
                                                                            • Opcode Fuzzy Hash: c7ba979821146be9279d2770a084e86471b0649c4ca3e01649a5b532db9d5204
                                                                            • Instruction Fuzzy Hash: 20F05434901208EFDF04DF94E9969ACBBB5FF54301F1040A9E906A7362CB306F54EB94
                                                                            Function 0042C9B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0042C9E5
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0042C9F7
                                                                              • Part of subcall function 0042F960: _invalid_parameter_noinfo.MSVCR80(-0000003E,?,004AB3E0,00000000,0000000A,00000001,A7504B2B,000000FF,?,004AB79D), ref: 0042F974
                                                                              • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E198
                                                                              • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E1D1
                                                                              • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E203
                                                                              • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E23C
                                                                              • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E258
                                                                              • Part of subcall function 0042E150: GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000400), ref: 0042E295
                                                                              • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E2A5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$DateFormat_invalid_parameter_noinfo
                                                                            • String ID: www.manycam.com$www.manycam.com
                                                                            • API String ID: 553431348-1145362033
                                                                            • Opcode ID: 907b669c7419f88507c8a825532ba4f2d68d0285e46d80b14031e18f66ef58df
                                                                            • Instruction ID: 55a663fd7b0127f2866d6ce172646f00f7e0cf50757378cb7dafc49b07509b25
                                                                            • Opcode Fuzzy Hash: 907b669c7419f88507c8a825532ba4f2d68d0285e46d80b14031e18f66ef58df
                                                                            • Instruction Fuzzy Hash: 47414271A001199BCB08DB99E891BEEB7B5FF48318F54412EE212B7391DB385944CBA9
                                                                            Function 004AD340 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 117COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                              • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                            • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004AD389
                                                                              • Part of subcall function 004AC570: Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004AC59F
                                                                              • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_clock$AllocatorDebugHeap
                                                                            • String ID: CFileMapping::GetClientInfo$Client %s connected at resolution %dx%d.$d
                                                                            • API String ID: 3697921549-1386559697
                                                                            • Opcode ID: 7fe720bde0584b662ff5a6456fcc0a7a9370bb05cd906dda38ab630ce944b94b
                                                                            • Instruction ID: 7d5e3eb7a6a05b16b4464e10eb127672eeae9fc856bbeaa4b7ff7cd70146af52
                                                                            • Opcode Fuzzy Hash: 7fe720bde0584b662ff5a6456fcc0a7a9370bb05cd906dda38ab630ce944b94b
                                                                            • Instruction Fuzzy Hash: 5E515971D00109DFCB08DB94D892BEEBBB1FB65314F10822EE4126B6D2DB786A05CB95
                                                                            Function 00473410 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                              • Part of subcall function 00474150: _DebugHeapAllocator.LIBCPMTD ref: 00474184
                                                                            • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004734D8
                                                                            • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004734ED
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorBase::Concurrency::details::ContextDebugHeapIdentityQueueWork
                                                                            • String ID: Success.$Unspecified error.
                                                                            • API String ID: 1131629171-706436185
                                                                            • Opcode ID: b3f4d17c8da6cdcfc0b6d0ff55324c749d524ae8afab65f8b4ff8dddb847087a
                                                                            • Instruction ID: bc827c14786d1c61271ce0a8054c91633283c620aa6f54ee5145cccaa2d137c5
                                                                            • Opcode Fuzzy Hash: b3f4d17c8da6cdcfc0b6d0ff55324c749d524ae8afab65f8b4ff8dddb847087a
                                                                            • Instruction Fuzzy Hash: BA417071801148EECB04EBD5D956BEEBBB4EF14308F10815EE416771D1EB782B08CBA6
                                                                            Function 004B1320 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 109COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                              • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                            • _Smanip.LIBCPMTD ref: 004B1372
                                                                              • Part of subcall function 00520530: memset.MSVCR80 ref: 00520538
                                                                            • _Smanip.LIBCPMTD ref: 004B1421
                                                                              • Part of subcall function 005204F0: CoTaskMemFree.OLE32(?,?,004B1A46,000000FF,000000FF,?,?,?,?,A7504B2B), ref: 005204FD
                                                                              • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Smanipclock$AllocatorDebugFreeHeapTaskmemset
                                                                            • String ID: CGraphMgr::GetCameraResolution$vids
                                                                            • API String ID: 3774843521-3834299117
                                                                            • Opcode ID: 57f87322dc0667cbc6c92d53d1968dbb6fd63cc6e5eefb218d5141586365d371
                                                                            • Instruction ID: e56a76c056f848615ba6731e9865e0c3898b4e488a6d99c30ba1f2ebbdeffdb9
                                                                            • Opcode Fuzzy Hash: 57f87322dc0667cbc6c92d53d1968dbb6fd63cc6e5eefb218d5141586365d371
                                                                            • Instruction Fuzzy Hash: 45411A70900209DFCB14DF95D991BDEBBB4BF48304F50819EE509AB392DB34AA45CFA4
                                                                            Function 00418180 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,?,0000004E,00000000), ref: 004181E3
                                                                            • SendMessageW.USER32(00000000,?,00000111), ref: 00418234
                                                                              • Part of subcall function 004182A0: GetDlgCtrlID.USER32(?), ref: 004182AD
                                                                              • Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CtrlParent
                                                                            • String ID: open
                                                                            • API String ID: 1383977212-2758837156
                                                                            • Opcode ID: 01cc08d3ab3f4a93a3031a1c368f21ad3e1f66622c4ad21caec5fa85ffc382d2
                                                                            • Instruction ID: c0f4561a2c49f87f87505e6ad243b5dafbf5b9024aec12e38c733bc4d86155cd
                                                                            • Opcode Fuzzy Hash: 01cc08d3ab3f4a93a3031a1c368f21ad3e1f66622c4ad21caec5fa85ffc382d2
                                                                            • Instruction Fuzzy Hash: FD313E70A042599FEF08DBA5DC51BFEBBB5BF48304F14415DE506B73C2CA38A9418B69
                                                                            Function 0040D710 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 89memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00406640: GetDlgItem.USER32(?,00000000), ref: 00406651
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0040D74B
                                                                              • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                              • Part of subcall function 0040E970: GetWindowRect.USER32(?,?), ref: 0040E981
                                                                            • MoveWindow.USER32(00000064,00000000,00000000,?,?,00000000,?,0053D874,00000000,?,00000499), ref: 0040D7C2
                                                                              • Part of subcall function 0040E950: SendMessageW.USER32(00000000,00000445,?,0040D7DD), ref: 0040E963
                                                                              • Part of subcall function 0040EFF0: SendMessageW.USER32(?,000000C5,00000000,00000000), ref: 0040F008
                                                                              • Part of subcall function 0040E990: SetFocus.USER32(?,?,?,00434E57,?,00000000,?), ref: 0040E99D
                                                                              • Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD
                                                                              • Part of subcall function 00406670: GetParent.USER32 ref: 0040669A
                                                                              • Part of subcall function 00406670: GetWindowRect.USER32(?,?), ref: 004066C0
                                                                              • Part of subcall function 00406670: GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
                                                                              • Part of subcall function 00406670: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Window$AllocatorDebugHeapMessageParentRectSend$FocusInfoItemLongMoveParametersSystem
                                                                            • String ID: d$d
                                                                            • API String ID: 3921613472-195624457
                                                                            • Opcode ID: be6d5f90de31245e1e353859d4c1b30396a498e5700c83b75fcdaf14fb3ee6aa
                                                                            • Instruction ID: 3ca6db3b2f9967b65cd4f0e061b2cad756e61815fc9b19dab2999dc164d22b62
                                                                            • Opcode Fuzzy Hash: be6d5f90de31245e1e353859d4c1b30396a498e5700c83b75fcdaf14fb3ee6aa
                                                                            • Instruction Fuzzy Hash: F3312D71A01109AFDB04DFEDD995FAEB7B6AF48308F14455CF202B72C1CA74AA10CB68
                                                                            Function 00B95540 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • memcpy.MSVCR80(?,?,?,76933EB0,?,?,00B95D3F,?), ref: 00B955D3
                                                                            • sprintf.MSVCR80 ref: 00B955FD
                                                                            • SetWindowTextA.USER32(?,?), ref: 00B9560F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: TextWindowmemcpysprintf
                                                                            • String ID: %s: %d
                                                                            • API String ID: 457325812-423524997
                                                                            • Opcode ID: 1dc2849f7f1626032afb6999546c4c1ab861cf61429b70623d9d30a6caf0e3ef
                                                                            • Instruction ID: 5d2d9598dacc4338e5b5b2b8b6803877c57b341679dd6eaa7ad1a8cbba9f3822
                                                                            • Opcode Fuzzy Hash: 1dc2849f7f1626032afb6999546c4c1ab861cf61429b70623d9d30a6caf0e3ef
                                                                            • Instruction Fuzzy Hash: 33219175108740AFC721CF25D88196BBBF9EF98704B04C9ADE8C987312E735E945DB52
                                                                            Function 00BCC690 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateFileA.KERNEL32(?,-80000000,00000001,00000000,00000002,00000001,00000000), ref: 00BCC707
                                                                            • CloseHandle.KERNEL32(00000000), ref: 00BCC73F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: CloseCreateFileHandle
                                                                            • String ID: %s: Cannot open$TIFFOpen
                                                                            • API String ID: 3498533004-4026200435
                                                                            • Opcode ID: 9fa7475f1f8c408cb180f9576db3e9d2d0aa7ccdc6de5f5b94b2e46478c5df03
                                                                            • Instruction ID: 75ce6e9b07683cdfbba1876e67e6f17c8176b9183a54916414889030f92f0e68
                                                                            • Opcode Fuzzy Hash: 9fa7475f1f8c408cb180f9576db3e9d2d0aa7ccdc6de5f5b94b2e46478c5df03
                                                                            • Instruction Fuzzy Hash: 0F1125B67801002BE7242138AD9AF7B0ACAC3E1322F2455BFFA1AD72D2E6688C455161
                                                                            Function 0041D690 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            • Error, xrefs: 0041D74C
                                                                            • Error opening properties for this camera., xrefs: 0041D751
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Error$Error opening properties for this camera.
                                                                            • API String ID: 0-2118436274
                                                                            • Opcode ID: 19554b0057f9a520c76bc3dad455c1dc10b7e99a60b9304a2b7680d00d384350
                                                                            • Instruction ID: 147417b0d663a9565f7becfaf8392b6f7256af2672039c8dcafe371fef67c71d
                                                                            • Opcode Fuzzy Hash: 19554b0057f9a520c76bc3dad455c1dc10b7e99a60b9304a2b7680d00d384350
                                                                            • Instruction Fuzzy Hash: 1B212CB0D00208EFDB04EFA5DD92BEEBBB4EB04718F10052EE416A72D1DB786945DB95
                                                                            Function 00438A10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
                                                                              • Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852
                                                                            • clock.MSVCR80 ref: 00438AA7
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeapclockfflushfwprintf
                                                                            • String ID: >>> Entering: %s$ob@
                                                                            • API String ID: 1338021872-1849792878
                                                                            • Opcode ID: 096be4365fe6ecaff6f57c3d342fa79fd521a6c5a1afd4c32245b02c1f24962e
                                                                            • Instruction ID: e5c4b020fe9bb3bd421ac8dd4bd2dede87d7f0cb66a8b34f549f2a89e30843bb
                                                                            • Opcode Fuzzy Hash: 096be4365fe6ecaff6f57c3d342fa79fd521a6c5a1afd4c32245b02c1f24962e
                                                                            • Instruction Fuzzy Hash: 9D216075900209AFDB04EF94C942AEEBB74FF44718F10852DF816A73C1DB746A04CBA5
                                                                            Function 00B95E30 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvError.CXCORE099(000000E5,cvGetTrackbarPos,NULL trackbar or window name,.\window_w32.cpp,0000057F), ref: 00B95E77
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Error
                                                                            • String ID: .\window_w32.cpp$NULL trackbar or window name$cvGetTrackbarPos
                                                                            • API String ID: 2619118453-2331188912
                                                                            • Opcode ID: 72b58fcac94dba6a742596d0f2b648c30bb499d182e0f4529f793c5707c65d08
                                                                            • Instruction ID: ac55a2b866f9bc443379176e952838765a4a33b21ee8f5653bd29c69528a4ae3
                                                                            • Opcode Fuzzy Hash: 72b58fcac94dba6a742596d0f2b648c30bb499d182e0f4529f793c5707c65d08
                                                                            • Instruction Fuzzy Hash: 79E02B72785E20175D32791D5C4295BA3C8CEC0BB1F1902F6BD28A72E2E311DD0143A5
                                                                            Function 00B95DE0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 22COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvError.CXCORE099(000000E5,cvSetMouseCallback,NULL window name,.\window_w32.cpp,00000566), ref: 00B95DFF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Error
                                                                            • String ID: .\window_w32.cpp$NULL window name$cvSetMouseCallback
                                                                            • API String ID: 2619118453-1583835266
                                                                            • Opcode ID: d048767335b26e22f9f0dcfe9a753bf023ebdc686729dd30eb544e674a04c860
                                                                            • Instruction ID: d38c94edc509e5fe4b630db5f150642e254ab441e946c1d9015146509b7754c8
                                                                            • Opcode Fuzzy Hash: d048767335b26e22f9f0dcfe9a753bf023ebdc686729dd30eb544e674a04c860
                                                                            • Instruction Fuzzy Hash: 1AE086B1A8C7316F8F209F15BC41E5773D09B84760F0646EAF859673E5E270DD408AE9
                                                                            Function 00BB4890 Relevance: 6.3, APIs: 1, Strings: 3, Instructions: 341COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            • NULL row buffer for row %ld, pass %d, xrefs: 00BB48B6
                                                                            • png_do_dither returned rowbytes=0, xrefs: 00BB4B11
                                                                            • png_do_rgb_to_gray found nongray pixel, xrefs: 00BB49A7, 00BB49BE
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: sprintf
                                                                            • String ID: NULL row buffer for row %ld, pass %d$png_do_dither returned rowbytes=0$png_do_rgb_to_gray found nongray pixel
                                                                            • API String ID: 590974362-2735929073
                                                                            • Opcode ID: fc4858867437b85e1b3b4d14673a4cc97ed7bf3532f4049da0ba6a59cb1c2a6e
                                                                            • Instruction ID: c155a1adaf940811f3365b0854e8fe5714f6b3876c794b8f12b962f42b3aaeee
                                                                            • Opcode Fuzzy Hash: fc4858867437b85e1b3b4d14673a4cc97ed7bf3532f4049da0ba6a59cb1c2a6e
                                                                            • Instruction Fuzzy Hash: 3AD13B75500B409BE72ADA34C885BF7B7E8FF55308F04894CE9EB42252EBB1B946C760
                                                                            Function 00418380 Relevance: 6.3, APIs: 4, Instructions: 316windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetFocus.USER32 ref: 004186F4
                                                                              • Part of subcall function 00408360: lstrlenW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004083C6
                                                                              • Part of subcall function 00408360: CompareStringW.KERNEL32(00000400,00000001,?,00000003,<A>,00000003), ref: 00408424
                                                                              • Part of subcall function 00408360: CompareStringW.KERNEL32(00000400,00000001,?,00000004,</A>,00000004), ref: 00408474
                                                                              • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                              • Part of subcall function 00418A60: SetBkMode.GDI32(?,00000001), ref: 00418A71
                                                                              • Part of subcall function 00418A40: SelectObject.GDI32(?,?), ref: 00418A51
                                                                            • GetSysColor.USER32(00000011), ref: 004184AA
                                                                              • Part of subcall function 00418810: DeleteDC.GDI32(00000000), ref: 00418824
                                                                            • GetFocus.USER32 ref: 0041858A
                                                                              • Part of subcall function 00418AF0: DrawTextW.USER32(00000000,?,00000000,?,000000FF), ref: 00418B0D
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: CompareFocusString$ClientColorDeleteDrawModeObjectRectSelectTextlstrlen
                                                                            • String ID:
                                                                            • API String ID: 1926319676-0
                                                                            • Opcode ID: 26e55d2ddd3d839f70efe0ddea58adb9d72dd7b4482a26fa95ec74e06393aeaf
                                                                            • Instruction ID: 8fd3581a3690b51667abaed722c69e7692ca1fee28cda492897b23429118541a
                                                                            • Opcode Fuzzy Hash: 26e55d2ddd3d839f70efe0ddea58adb9d72dd7b4482a26fa95ec74e06393aeaf
                                                                            • Instruction Fuzzy Hash: DCD1FA719002089FDB08DF95C891AEEBBB5FF48344F14811EE5166B392DF39A985CF94
                                                                            Function 004731C0 Relevance: 6.2, APIs: 4, Instructions: 177memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0047326B
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004732C6
                                                                              • Part of subcall function 0040EDB0: _DebugHeapAllocator.LIBCPMTD ref: 0040EDE7
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 00473373
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004733BF
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap
                                                                            • String ID:
                                                                            • API String ID: 571936431-0
                                                                            • Opcode ID: 8d22956a6eca960c08d3dff8719a7386b74edfd0f08a11446174f923434c786a
                                                                            • Instruction ID: ba553dcd13a5858e603f1fb76aea40c35e3a739926aa5d8f94fbf40c4e6c359d
                                                                            • Opcode Fuzzy Hash: 8d22956a6eca960c08d3dff8719a7386b74edfd0f08a11446174f923434c786a
                                                                            • Instruction Fuzzy Hash: 38716C71D04248EFCB08EFA5C891BEEBBB1AF44304F10856EE416BB2D1DB385A05CB94
                                                                            Function 004377F0 Relevance: 6.1, APIs: 4, Instructions: 141COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00437873
                                                                              • Part of subcall function 004DB530: _DebugHeapAllocator.LIBCPMTD ref: 004DB54A
                                                                            • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00437893
                                                                            • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00437911
                                                                            • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00437931
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Base::Concurrency::details::Concurrency::task_options::get_schedulerPolicyScheduler$AllocatorDebugHeap
                                                                            • String ID:
                                                                            • API String ID: 3769596188-0
                                                                            • Opcode ID: ae50dedc5bff3189a4c5ee1f5f7d387c5ef5596cba0e4c588fdb73d77bb84b94
                                                                            • Instruction ID: e04cd424ada27803d4de57edeb00dc09ccd5da108a2e1a4cd45ff0b3344883ed
                                                                            • Opcode Fuzzy Hash: ae50dedc5bff3189a4c5ee1f5f7d387c5ef5596cba0e4c588fdb73d77bb84b94
                                                                            • Instruction Fuzzy Hash: 2551C9B1D052089BCB08EFD5D851AEEBBB5EF48304F10816EE415AB391DB386905CB95
                                                                            Function 00B92660 Relevance: 6.1, APIs: 4, Instructions: 131windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvGetImageROI.CXCORE099(?,?), ref: 00B926C7
                                                                            • SetStretchBltMode.GDI32(?,00000003), ref: 00B9275A
                                                                            • ?Bpp@CvvImage@@QAEHXZ.HIGHGUI099(?), ref: 00B92769
                                                                            • StretchDIBits.GDI32(?,?,?,?,?,?,?,?,?,00000000,?,00000000,00CC0020), ref: 00B927BA
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Stretch$BitsBpp@ImageImage@@Mode
                                                                            • String ID:
                                                                            • API String ID: 903276727-0
                                                                            • Opcode ID: eaed336cc03e6299236130fb3d09c1137e5752df490cb6fef800b920e2ec2e57
                                                                            • Instruction ID: d33e4b584b8a5fcd6e8124d373eaa555f33c95320f3ebaca0963d1eb6e5ccf4a
                                                                            • Opcode Fuzzy Hash: eaed336cc03e6299236130fb3d09c1137e5752df490cb6fef800b920e2ec2e57
                                                                            • Instruction Fuzzy Hash: ED41F1B5608200AFC714DF58C880D2BB7E9EB88714F158A6DF69997361D730ED05CBA6
                                                                            Function 005128B0 Relevance: 6.1, APIs: 4, Instructions: 129memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 005128FB
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0051292B
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 00512953
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0051297B
                                                                              • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                              • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                              • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                              • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                              • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                              • Part of subcall function 0050E580: wcscpy.MSVCR80 ref: 0050E5EC
                                                                              • Part of subcall function 0050E580: wcscpy.MSVCR80 ref: 0050E623
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$wcscpy
                                                                            • String ID:
                                                                            • API String ID: 147117728-0
                                                                            • Opcode ID: d0bbc9be73f287d5b3265cda2ea85270813d23556e8a0590b6fb4fd8d4f8cf1c
                                                                            • Instruction ID: 4db675f979ab1b4fcf933bf1fc0f7ec6c4e65dab18244cadebc46eb2865c177d
                                                                            • Opcode Fuzzy Hash: d0bbc9be73f287d5b3265cda2ea85270813d23556e8a0590b6fb4fd8d4f8cf1c
                                                                            • Instruction Fuzzy Hash: FF512AB0906259DFEB14DF58D899BAEBBB5BF48304F1042EDE409A7281C7385E44CF95
                                                                            Function 004DBFF0 Relevance: 6.1, APIs: 4, Instructions: 119memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004DC033
                                                                              • Part of subcall function 004DBE90: _DebugHeapAllocator.LIBCPMTD ref: 004DBEC9
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004DC086
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap
                                                                            • String ID:
                                                                            • API String ID: 571936431-0
                                                                            • Opcode ID: c59892185d700c258966fea98a3a67c139e76443b60bb6cbe48b80099f68f78a
                                                                            • Instruction ID: 57ad7a94b4f17953cceabe80b37dddf1255517824b701b9908fe33c64e9df595
                                                                            • Opcode Fuzzy Hash: c59892185d700c258966fea98a3a67c139e76443b60bb6cbe48b80099f68f78a
                                                                            • Instruction Fuzzy Hash: 855108B1D01209EFCB04DF98D991BEEBBB5EF48314F20821EE415A7381D7786A05CBA5
                                                                            Function 004DBE90 Relevance: 6.1, APIs: 4, Instructions: 106memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004DBEC9
                                                                              • Part of subcall function 004DBD20: Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 004DBD89
                                                                            • ??2@YAPAXI@Z.MSVCR80(00000020,00000000,?,A7504B2B,?,?,?,?,?,?,00000000,005360A4,000000FF,?,004DC043,?), ref: 004DBF07
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004DBF32
                                                                            • codecvt.LIBCPMTD ref: 004DBF91
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$??2@Base::Concurrency::details::PolicySchedulercodecvt
                                                                            • String ID:
                                                                            • API String ID: 2274784594-0
                                                                            • Opcode ID: b34eaf5f8b4bc995a75b7663f0490cbbca256718e0fc2991ba0d564274ad3819
                                                                            • Instruction ID: a5f5fe00beb6dc335f7db01107ea1e8339e23b863d8d973fd5a3badf8319c300
                                                                            • Opcode Fuzzy Hash: b34eaf5f8b4bc995a75b7663f0490cbbca256718e0fc2991ba0d564274ad3819
                                                                            • Instruction Fuzzy Hash: 4241C3B1D00209EFCB04DF99D855BEEBBB5FB48314F10822EE825A7380D7786A41CB95
                                                                            Function 004CB670 Relevance: 6.1, APIs: 4, Instructions: 105memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                              • Part of subcall function 004CDD10: _DebugHeapAllocator.LIBCPMTD ref: 004CDD47
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                              • Part of subcall function 0040EDB0: _DebugHeapAllocator.LIBCPMTD ref: 0040EDE7
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap
                                                                            • String ID:
                                                                            • API String ID: 571936431-0
                                                                            • Opcode ID: d8dd091d62933aa0e0d22cb533b24b345fb768a8967b578f071013b0fdbbec97
                                                                            • Instruction ID: 38e3a450d274fc90888437ce31c1c227629e1880207a410873065ac097306c4e
                                                                            • Opcode Fuzzy Hash: d8dd091d62933aa0e0d22cb533b24b345fb768a8967b578f071013b0fdbbec97
                                                                            • Instruction Fuzzy Hash: 9B411771D01109EFDB04EFA5C992BEEBBB4AF14304F10852EE512B72D1DB746A08CBA5
                                                                            Function 00B92160 Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvLoadImage.HIGHGUI099(?,?), ref: 00B9218D
                                                                            • cvSetImageROI.CXCORE099(00000000), ref: 00B9221E
                                                                            • cvReleaseImage.CXCORE099(?), ref: 00B92240
                                                                            • cvReleaseImage.CXCORE099(?), ref: 00B92259
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Image$Release$Load
                                                                            • String ID:
                                                                            • API String ID: 1413804649-0
                                                                            • Opcode ID: a4d4840bee8ad4b3121e05d0b855a454b0eeaed213024734cef0bc68e88dd3e0
                                                                            • Instruction ID: 07eba4bbf48a00cfa4cfb7fa23020f4433ee28f934a4894164a0a1a2a2c118fc
                                                                            • Opcode Fuzzy Hash: a4d4840bee8ad4b3121e05d0b855a454b0eeaed213024734cef0bc68e88dd3e0
                                                                            • Instruction Fuzzy Hash: 6531EF76A04311AB8B08EF18C98082BB3E6EFC8714F1585BDE80997301DB31ED0ECB91
                                                                            Function 004233E0 Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0040DB90: EnableWindow.USER32(?,004233F6), ref: 0040DBA1
                                                                            • memset.MSVCR80 ref: 00423401
                                                                              • Part of subcall function 00424C20: SendMessageW.USER32(?,00000418,00000000,?), ref: 00424C38
                                                                            • memset.MSVCR80 ref: 00423472
                                                                              • Part of subcall function 00424CB0: SendMessageW.USER32(?,00000432,00000000,004234AC), ref: 00424CC8
                                                                            • GetSysColor.USER32(0000000D), ref: 004234AE
                                                                              • Part of subcall function 00424C50: SendMessageW.USER32(?,00000413,00000000,00000000), ref: 00424C68
                                                                            • GetSysColor.USER32(0000000E), ref: 004234C2
                                                                              • Part of subcall function 00424C80: SendMessageW.USER32(?,00000414,00000000,00000000), ref: 00424C98
                                                                              • Part of subcall function 00424BF0: SendMessageW.USER32(?,0000041A,00000000,00000000), ref: 00424C08
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Colormemset$EnableWindow
                                                                            • String ID:
                                                                            • API String ID: 3254005938-0
                                                                            • Opcode ID: 9547226adb342bfd39b01646857f65c79a1ef8127a810dff08a050f6dd987676
                                                                            • Instruction ID: 106a6f500417accf57ea954c1e823afec406d325b5afcb2095aae49042dfd20f
                                                                            • Opcode Fuzzy Hash: 9547226adb342bfd39b01646857f65c79a1ef8127a810dff08a050f6dd987676
                                                                            • Instruction Fuzzy Hash: FF311270E441069BDB04DB99DCA2F7EB7B5AF88708F04811DF5157B3C2CA78A416CB69
                                                                            Function 00B912C0 Relevance: 6.1, APIs: 4, Instructions: 92COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00B91230: AVIFileInit.AVIFIL32(00B91F21), ref: 00B91239
                                                                            • AVIFileOpenA.AVIFIL32(?,?,00000000,00000000), ref: 00B912E1
                                                                            • AVIFileGetStream.AVIFIL32(?,?,73646976,00000000,?,?,00000000,00000000), ref: 00B912FC
                                                                            • AVIStreamInfoA.AVIFIL32(00000000,?,0000008C,?,?,73646976,00000000,?,?,00000000,00000000), ref: 00B91316
                                                                            • AVIStreamGetFrameOpen.AVIFIL32(?,?,00000000), ref: 00B913A5
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: FileStream$Open$FrameInfoInit
                                                                            • String ID:
                                                                            • API String ID: 3655022341-0
                                                                            • Opcode ID: 30141c959b5a1cb2d77192d91f08592d99ce14860183f2cedb1a24cc689c9298
                                                                            • Instruction ID: c9c15c4f9f2709c36d756f59401894132b5ba95cc6128a274423aa9e852ccf27
                                                                            • Opcode Fuzzy Hash: 30141c959b5a1cb2d77192d91f08592d99ce14860183f2cedb1a24cc689c9298
                                                                            • Instruction Fuzzy Hash: 04319175600201ABDF04EF68CD81BA677E5EF48710F4485B9ED48CF34AEB35D9049BA5
                                                                            Function 00406040 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Iatan$Isqrt
                                                                            • String ID:
                                                                            • API String ID: 1025909456-0
                                                                            • Opcode ID: 57f5941b643651e987862c1e0d1d6f7d17b30a8860795f25dd51119af805d3df
                                                                            • Instruction ID: 369849f07fd1038270b353e5a516803fc2d99b3ba7736fd5bc0cfa9b85f71fc3
                                                                            • Opcode Fuzzy Hash: 57f5941b643651e987862c1e0d1d6f7d17b30a8860795f25dd51119af805d3df
                                                                            • Instruction Fuzzy Hash: 8631E671609302EFC701AF44E64816ABFA4FFC1751FA18D88E4E922199D73198758F8B
                                                                            Function 00B99800 Relevance: 6.1, APIs: 4, Instructions: 81fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ??2@$_setjmp3fopen
                                                                            • String ID:
                                                                            • API String ID: 2836828308-0
                                                                            • Opcode ID: 83ad89e9acc0db619ab61287bb8d8b6e458a0f4023930257b46fb7cdadf3862e
                                                                            • Instruction ID: c0495488141cce935a3d74c3dcd7f25807248fb21dbc7bdf9e8c4d59f3c21e9b
                                                                            • Opcode Fuzzy Hash: 83ad89e9acc0db619ab61287bb8d8b6e458a0f4023930257b46fb7cdadf3862e
                                                                            • Instruction Fuzzy Hash: A421F871A41304AFD710EF698842BAEF7E8FF45700F0485EEE95897342D771AA118BE1
                                                                            Function 00403480 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvPyrDown.CV099(?,?,00000007,FFFFFFFE,?,?,?,0040176B,?,?), ref: 004034E8
                                                                            • cvPyrDown.CV099(?,?,00000007,?,?,00000007,FFFFFFFE,?,?,?,0040176B,?,?), ref: 004034F7
                                                                            • cvSobel.CV099(?,?,00000001,00000000,00000003,?,?,00000007,?,?,00000007,FFFFFFFE,?,?,?,0040176B), ref: 0040350A
                                                                            • cvSobel.CV099(?,?,00000000,00000001,00000003,?,?,00000001,00000000,00000003,?,?,00000007,?,?,00000007), ref: 0040351D
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: DownSobel
                                                                            • String ID:
                                                                            • API String ID: 2091289516-0
                                                                            • Opcode ID: 608739ef99aa2b8ac6037748a2c71a64cfb87480d08a35d0b3f2b324fed52bd1
                                                                            • Instruction ID: b26035920ab24ae20490de8e438dd73d2ed62edcb4c8bde505a6cb4d7121f0fe
                                                                            • Opcode Fuzzy Hash: 608739ef99aa2b8ac6037748a2c71a64cfb87480d08a35d0b3f2b324fed52bd1
                                                                            • Instruction Fuzzy Hash: 46215EB5700701ABD724DE28DD81F67B7E9BB88711F448929FA869B6D0C671F5018B10
                                                                            Function 0050DF50 Relevance: 6.1, APIs: 4, Instructions: 77memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0050DF91
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0050DFAD
                                                                              • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4E3
                                                                              • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4FF
                                                                            • ?Decode@CxImage@@QAE_NPAEKK@Z.CXIMAGECRT(?,?,00000000,?,?,?,?), ref: 0050DFFE
                                                                            • ??3@YAXPAX@Z.MSVCR80(000000FF,?,?,00000000,?,?,?,?), ref: 0050E00D
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap$??3@Decode@Image@@
                                                                            • String ID:
                                                                            • API String ID: 2750522454-0
                                                                            • Opcode ID: 769ab098ef2205272df9c02d6f4271a03703872ce89b94fc88ef9a4cb5e21456
                                                                            • Instruction ID: 3c37372c448fd1ff81ab42699f4e176843c1d29902be1aeb85d09944e11fd3e7
                                                                            • Opcode Fuzzy Hash: 769ab098ef2205272df9c02d6f4271a03703872ce89b94fc88ef9a4cb5e21456
                                                                            • Instruction Fuzzy Hash: 9B3118B1D05248EFCB04DFA8D985BDEBBB4FB48314F10861DF815A7281DB746A04CBA5
                                                                            Function 00BC0EB0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 74COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: sprintf
                                                                            • String ID: %12.12e$sCAL
                                                                            • API String ID: 590974362-3005958862
                                                                            • Opcode ID: c1fb173f87a4ff0b3b200c6d710552d2290fe47d9c5561a200db3cf18e243b88
                                                                            • Instruction ID: b81dc8953f4a8c41eba9f7d90a0a4a8a75d7bf1f6d9106cc4090cab603e297c2
                                                                            • Opcode Fuzzy Hash: c1fb173f87a4ff0b3b200c6d710552d2290fe47d9c5561a200db3cf18e243b88
                                                                            • Instruction Fuzzy Hash: 031151765147506B9204D668CC02CFFB7ECEEC5320F140A5EF5A2632D1EBE5EA0587AA
                                                                            Function 00B97AB0 Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: freadfseeklongjmpmemcpy
                                                                            • String ID:
                                                                            • API String ID: 2772266533-0
                                                                            • Opcode ID: 66a454410df139e916a1d3114de1c8daf3fa2f1f73607deae27b503cff068178
                                                                            • Instruction ID: c7ff533b0e36389eb8176a1c0fbb0bb87a78d5bd795f470beb7a575b3d0a8707
                                                                            • Opcode Fuzzy Hash: 66a454410df139e916a1d3114de1c8daf3fa2f1f73607deae27b503cff068178
                                                                            • Instruction Fuzzy Hash: 7D118E71B10B10AFDB38CB29DC54E6BB3F9EB88714B04492DF98683740EA75F8448B50
                                                                            Function 00446480 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetTopWindow.USER32(?), ref: 0044648F
                                                                            • GetWindow.USER32(00000000,00000002), ref: 004464A0
                                                                            • SendMessageW.USER32(00000000,?,?,?), ref: 004464BF
                                                                            • GetTopWindow.USER32(00000000), ref: 004464CF
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageSend
                                                                            • String ID:
                                                                            • API String ID: 1496643700-0
                                                                            • Opcode ID: 0fc2dd0073c28b6c66ec9f54719fca97d74c0b9b452a9e8b98ab4c061e3703d5
                                                                            • Instruction ID: 5599d8aec985cfa69e8589d1268fc08193e69a2bbc754be235a44f600a99598a
                                                                            • Opcode Fuzzy Hash: 0fc2dd0073c28b6c66ec9f54719fca97d74c0b9b452a9e8b98ab4c061e3703d5
                                                                            • Instruction Fuzzy Hash: 9411FA75A00208FFDB04DFE8D944EAE77B9AB88300F10855EFA0697390D734AE05DB69
                                                                            Function 00491B50 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _invalid_parameter_noinfo.MSVCR80(?,000000FF,?,0048E333,0048B283,00495099,?,0048B283,000000FF,000000FF,00495099,A7504B2B,00531700,000000FF,?,00495099), ref: 00491B68
                                                                            • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,000000FF,?,0048E333,0048B283,00495099,?,0048B283,000000FF,000000FF,00495099,A7504B2B,00531700,000000FF,?,00495099), ref: 00491B83
                                                                            • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,0048E333,0048B283,00495099,?,0048B283,000000FF,000000FF,00495099,A7504B2B,00531700,000000FF,?,00495099,?), ref: 00491BA9
                                                                            • _invalid_parameter_noinfo.MSVCR80(?,0048E333,0048B283,00495099,?,0048B283,000000FF,000000FF,00495099,A7504B2B,00531700,000000FF,?,00495099,?), ref: 00491BB3
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Myptr@?$basic_string@_U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@_invalid_parameter_noinfo
                                                                            • String ID:
                                                                            • API String ID: 2188846742-0
                                                                            • Opcode ID: cf415323ecff6b965b9dcc6927c72044f43967f3e5d630dff8fedc2412618fef
                                                                            • Instruction ID: 54e63703126b4be510269095b0d1381d719784210473edfb5369c30f1e79e64e
                                                                            • Opcode Fuzzy Hash: cf415323ecff6b965b9dcc6927c72044f43967f3e5d630dff8fedc2412618fef
                                                                            • Instruction Fuzzy Hash: 1C11C634A0000ADFCF14DF58C694CADBBB2EF99315B2182A9E9055B361EB34BF45DB84
                                                                            Function 00475460 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Delete$??3@Objectmemset
                                                                            • String ID:
                                                                            • API String ID: 2240089121-0
                                                                            • Opcode ID: f775acb041dbfe5c56a33f25cd465f9aa31629570cacb76639abf9799f9fa6fa
                                                                            • Instruction ID: 33d3a3a66d25ed9f4d03f09c9153b39c32194220fa2733effb8460e3d87a6c1a
                                                                            • Opcode Fuzzy Hash: f775acb041dbfe5c56a33f25cd465f9aa31629570cacb76639abf9799f9fa6fa
                                                                            • Instruction Fuzzy Hash: 55112AB4A00208EFDB44DF94D888B9EBBB1FF84315F548098D9052B391D779EA85CF80
                                                                            Function 00B93860 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvCreateImage.CXCORE099(?,?,?,?), ref: 00B93878
                                                                            • cvReleaseImage.CXCORE099 ref: 00B93895
                                                                            • ??3@YAXPAX@Z.MSVCR80(?), ref: 00B938A1
                                                                            • ??2@YAPAXI@Z.MSVCR80(00000004), ref: 00B938B1
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Image$??2@??3@CreateRelease
                                                                            • String ID:
                                                                            • API String ID: 387725118-0
                                                                            • Opcode ID: 33c0b4b4cfef9e54a189eedcd18104dc8b2f02f8c52caf8dacbe285785c2da59
                                                                            • Instruction ID: 0be49bc542f90994ee644d86914ce1eedcc1047e0ff562eaa9140680f065b820
                                                                            • Opcode Fuzzy Hash: 33c0b4b4cfef9e54a189eedcd18104dc8b2f02f8c52caf8dacbe285785c2da59
                                                                            • Instruction Fuzzy Hash: C8017CB25047019FE720DB28D941B17B7E9EF94B10F0589BAF49A83291EB70E845C761
                                                                            Function 004223E0 Relevance: 6.0, APIs: 4, Instructions: 43windowCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • memset.MSVCR80 ref: 00422406
                                                                              • Part of subcall function 004232A0: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004232B6
                                                                            • wcslen.MSVCR80 ref: 00422427
                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000000), ref: 00422448
                                                                            • SendMessageW.USER32(?,0000100F,?,00000000), ref: 00422460
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$memsetwcslen
                                                                            • String ID:
                                                                            • API String ID: 1629969563-0
                                                                            • Opcode ID: 27b4e246d41088bd54c352e73dc6f3ec4014a33d544db1ace6c82cc66d73829c
                                                                            • Instruction ID: fd28faf10420b3e9cf0d4e7cd47fee78e406ddaa3a8982db2d9a389e17546391
                                                                            • Opcode Fuzzy Hash: 27b4e246d41088bd54c352e73dc6f3ec4014a33d544db1ace6c82cc66d73829c
                                                                            • Instruction Fuzzy Hash: F901E9B1D00208EBEB14DFD0EC8ABDEBBB5BB58704F044118F601AB391DB75A9058B95
                                                                            Function 00403340 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • cvCreateMat.CXCORE099(00000004,00000004,00000005,00000000,00401253,?,?), ref: 00403347
                                                                            • cvCreateImage.CXCORE099(?,?,00000008,00000001,00401253,?,?), ref: 00403366
                                                                            • cvReleaseMat.CXCORE099(000000A4,00401253,?,?), ref: 0040337A
                                                                            • cvReleaseImage.CXCORE099(000000A0,00401253,?,?), ref: 00403388
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: CreateImageRelease
                                                                            • String ID:
                                                                            • API String ID: 3144300847-0
                                                                            • Opcode ID: ffbb64d3606a58d76dd273cbc426d93207a52b513e33f185116b626fbda38bd7
                                                                            • Instruction ID: 4452188ac5ececaf9476ffc26b46a09e5286b645042c6e493afe79c57806edd9
                                                                            • Opcode Fuzzy Hash: ffbb64d3606a58d76dd273cbc426d93207a52b513e33f185116b626fbda38bd7
                                                                            • Instruction Fuzzy Hash: 9DF0E0B5500312B6E7206F146C4AB9B7B94AF52301F040425FE44652C0FB749991C656
                                                                            Function 00B91250 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • AVIStreamGetFrameClose.AVIFIL32(?), ref: 00B91260
                                                                            • AVIStreamRelease.AVIFIL32(?), ref: 00B91270
                                                                            • AVIStreamRelease.AVIFIL32(?), ref: 00B91280
                                                                            • memset.MSVCR80 ref: 00B912AA
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Stream$Release$CloseFramememset
                                                                            • String ID:
                                                                            • API String ID: 1615332947-0
                                                                            • Opcode ID: 74f3bb1eb6318d52f922f36249a1ed8ee939f265a6e7ebd6d421ff97f4babc2f
                                                                            • Instruction ID: 762a8e4cc1b9c69aec5b08563090aa0d106c908424661a4f1329b589f4449029
                                                                            • Opcode Fuzzy Hash: 74f3bb1eb6318d52f922f36249a1ed8ee939f265a6e7ebd6d421ff97f4babc2f
                                                                            • Instruction Fuzzy Hash: 8AF017B1A00B009AC620AF2AD841E5BF7E9EFD1710F158E9FE5E9D7621E374A8408B51
                                                                            Function 005212D0 Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • EnterCriticalSection.KERNEL32(?,?,?,?,004BA301,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 005212D9
                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,004BA301,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 005212E6
                                                                            • CreateThread.KERNEL32(00000000,00000000,00521280,?,00000000,00000000), ref: 00521303
                                                                            • LeaveCriticalSection.KERNEL32(?,?,?,?,004BA301,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00521311
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalSection$Leave$CreateEnterThread
                                                                            • String ID:
                                                                            • API String ID: 2283434278-0
                                                                            • Opcode ID: 418f5b227edb57f9a6f757c2f81d22d4be826a1a10dd088fbaa45c80337aa0d5
                                                                            • Instruction ID: 8814811c4dcae3b6cb02d0e2ce8d72e62d21bf38926ec32fb9567c6bbb799682
                                                                            • Opcode Fuzzy Hash: 418f5b227edb57f9a6f757c2f81d22d4be826a1a10dd088fbaa45c80337aa0d5
                                                                            • Instruction Fuzzy Hash: 01F03E72201610AAE3705B55FC08BD77BB8EFD1B62F10051EF106D15D0D7A06445D765
                                                                            Function 0041E370 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetSystemMetrics.USER32(0000004E), ref: 0041E37B
                                                                            • GetSystemMetrics.USER32(0000004F), ref: 0041E386
                                                                            • GetSystemMetrics.USER32(0000004C), ref: 0041E391
                                                                            • GetSystemMetrics.USER32(0000004D), ref: 0041E3A2
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: MetricsSystem
                                                                            • String ID:
                                                                            • API String ID: 4116985748-0
                                                                            • Opcode ID: 22b1d73353d5bc3e7bbfce1216fdfc9bbe2c5f0851a8470d3ca0ef857e634515
                                                                            • Instruction ID: 0309d501508c84c491e30ef2097f10fb6b95fe06418acfa07dbdd42ca1e239de
                                                                            • Opcode Fuzzy Hash: 22b1d73353d5bc3e7bbfce1216fdfc9bbe2c5f0851a8470d3ca0ef857e634515
                                                                            • Instruction Fuzzy Hash: 69018078E00209AFE704DF94E8499ACBBB1FF58300F1482AAEE5997781DB702A54DB45
                                                                            Function 00488730 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,?,00488724,A7504B2B,0049A100,A7504B27,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?,?), ref: 00488737
                                                                            • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,00488724,A7504B2B,0049A100,A7504B27,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?,?,0049A100), ref: 00488742
                                                                            • ?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z.MSVCP80(00000000,?,?,00488724,A7504B2B,0049A100,A7504B27,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?), ref: 00488759
                                                                            • ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z.MSVCP80(?,?,?,00488724,A7504B2B,0049A100,A7504B27,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?), ref: 00488766
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$Myptr@?$basic_string@_$??4?$basic_string@_?erase@?$basic_string@_V01@V01@@V12@
                                                                            • String ID:
                                                                            • API String ID: 3537912873-0
                                                                            • Opcode ID: 5056e8f042ebb5b06e388abe9d7013084b117bbf253dc20301d42485009f9af0
                                                                            • Instruction ID: 68c4d93e9c4a580dced358607109a40fa72366f08dc93a0fa3c65411e4fd161c
                                                                            • Opcode Fuzzy Hash: 5056e8f042ebb5b06e388abe9d7013084b117bbf253dc20301d42485009f9af0
                                                                            • Instruction Fuzzy Hash: 6CE01235200108AFEB14EF54EC58D99777BFB98391F008125FA0A8B362DB30AD44DB94
                                                                            Function 00B985C0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 237COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: _setjmp3memset
                                                                            • String ID: $
                                                                            • API String ID: 847497011-3993045852
                                                                            • Opcode ID: 1a06700a312aa925aba508b1ab4504e69a8b554c5a861c46cf7b74cb6e60b044
                                                                            • Instruction ID: d96db83a22791587ae816de3f060dcbe1302dc0391860956656d7ad2f9fc3fa6
                                                                            • Opcode Fuzzy Hash: 1a06700a312aa925aba508b1ab4504e69a8b554c5a861c46cf7b74cb6e60b044
                                                                            • Instruction Fuzzy Hash: 6691B330A046048BDF349B78C8957BEB7E5EF92344F6448BED46AC7292DF789C448B52
                                                                            Function 00B9B4B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 188COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: _setjmp3memset
                                                                            • String ID: VUUU
                                                                            • API String ID: 847497011-2040033107
                                                                            • Opcode ID: e4441fe17ac87a9348d9567e74d779725232fa11da2fc543bcc51072b1b441e1
                                                                            • Instruction ID: 4ac568a0fc4f79bf454a0b7258f45c9fc1bcf5c7a1faa685159ed21c9cd0dc19
                                                                            • Opcode Fuzzy Hash: e4441fe17ac87a9348d9567e74d779725232fa11da2fc543bcc51072b1b441e1
                                                                            • Instruction Fuzzy Hash: 8461C571A04B048BDF24DB78E9A5BAEB7E1EF95301F1484BDE46A87242DB306844CF51
                                                                            Function 00435780 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 159COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 4NC$4NC
                                                                            • API String ID: 0-1717309502
                                                                            • Opcode ID: 636313644eab2cc9ed53f4b1fb6c7fe5ccbcacf0ac8ecf14d2ef5cb6642a3b42
                                                                            • Instruction ID: edff85f3833ba22acf9ab8710c3cb5385f553245e4d39bd84e7972ae7c9abc0b
                                                                            • Opcode Fuzzy Hash: 636313644eab2cc9ed53f4b1fb6c7fe5ccbcacf0ac8ecf14d2ef5cb6642a3b42
                                                                            • Instruction Fuzzy Hash: 93616D70900508DFDB08EFA6D896BEEBBB5BF44318F10452EE5166B2D1DB782945CB88
                                                                            Function 0050DC80 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 0050F800: _DebugHeapAllocator.LIBCPMTD ref: 0050F815
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 0050DCC9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeap
                                                                            • String ID: MCE-$_mAnnnYca@aM_
                                                                            • API String ID: 571936431-899104912
                                                                            • Opcode ID: f40b280ed1325e6bba48490bd75d2d284572e43d25bd79c82fdd87b9afc39f8c
                                                                            • Instruction ID: 1e720448ac6b5cb3d8f353a52fb492bd5fc10a5b1a629d097a1df7f28f5dd433
                                                                            • Opcode Fuzzy Hash: f40b280ed1325e6bba48490bd75d2d284572e43d25bd79c82fdd87b9afc39f8c
                                                                            • Instruction Fuzzy Hash: 03715A30905258CBEB24DB54CD64FADBBB6BF61304F1482D8D5096B2C2CB75AE84CF65
                                                                            Function 004B3190 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157comCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                              • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                            • OleCreatePropertyFrame.OLEAUT32(?,00000000,00000000,?,00000001,?,00000000,?,00000000,00000000,00000000), ref: 004B335F
                                                                            • CoTaskMemFree.OLE32(?,?,?,A7504B2B), ref: 004B337C
                                                                              • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                            Strings
                                                                            • CGraphMgr::ShowCameraProperties, xrefs: 004B31C1
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: clock$AllocatorCreateDebugFrameFreeHeapPropertyTask
                                                                            • String ID: CGraphMgr::ShowCameraProperties
                                                                            • API String ID: 2338886374-3071715877
                                                                            • Opcode ID: b892e083cea794b7bef9db6e71d19fafbfb14f69ee18f4ad05b9c8b3defac545
                                                                            • Instruction ID: 691d08390fa4834040d12ba73b1f3886b5f8bcf1a23ad6f21803c9f1b6b811bf
                                                                            • Opcode Fuzzy Hash: b892e083cea794b7bef9db6e71d19fafbfb14f69ee18f4ad05b9c8b3defac545
                                                                            • Instruction Fuzzy Hash: 7B611571904618DBDB14DF95CC95BEEB7B4BF48304F10419AE00AAB291DB786F84CFA4
                                                                            Function 00BD3CE0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 114COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00BCC870: GlobalAlloc.KERNEL32(00000000,00000000,00BCFB2A,00BD084E,?,?,?,00BD084E,?,?,00000000,?), ref: 00BCC877
                                                                            • _ftol.MSVCR80 ref: 00BD3DE5
                                                                            Strings
                                                                            • No space to write RATIONAL array, xrefs: 00BD3D0B
                                                                            • "%s": Information lost writing value (%g) as (unsigned) RATIONAL, xrefs: 00BD3D7E
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocGlobal_ftol
                                                                            • String ID: "%s": Information lost writing value (%g) as (unsigned) RATIONAL$No space to write RATIONAL array
                                                                            • API String ID: 2648542381-1820873451
                                                                            • Opcode ID: e9ca2ca5aeb3f6fd3a82fd4fcfcbae64d1234d622eedaa8121b6d74ccbe85267
                                                                            • Instruction ID: 510cada84a4520f2c8592f5428e91826e917f43d66dfb16b07491a7dbdaa7f02
                                                                            • Opcode Fuzzy Hash: e9ca2ca5aeb3f6fd3a82fd4fcfcbae64d1234d622eedaa8121b6d74ccbe85267
                                                                            • Instruction Fuzzy Hash: 6D31D5719003019BC710EF58E945A5BFBE5FB84750F0049AAFC9897392E770DA45CBA2
                                                                            Function 00B9A1A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 113fileCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: _setjmp3fopen
                                                                            • String ID: 1.2.8
                                                                            • API String ID: 3541577079-509886058
                                                                            • Opcode ID: adb9868799435315f0b00e3f04c826028b45790d1e71768f2576cac9f3d66289
                                                                            • Instruction ID: c1baca16db498710b24e39ce7469ebabd6686764df4fa5d66c8c72bc7c76c9ad
                                                                            • Opcode Fuzzy Hash: adb9868799435315f0b00e3f04c826028b45790d1e71768f2576cac9f3d66289
                                                                            • Instruction Fuzzy Hash: 4531A771A402045BDB14DFA98C82BFFF7F8EF89700F1444AEE959A7341D671A9018BE1
                                                                            Function 0050D9E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • CreateDirectoryW.KERNEL32(0050E57A,00000000,A7504B2B), ref: 0050DA14
                                                                            • wcscat.MSVCR80 ref: 0050DA27
                                                                              • Part of subcall function 00500B70: ?fail@ios_base@std@@QBE_NXZ.MSVCP80(0050DAA4,00000000,00000002,00000000,00000020,00000040,00000001), ref: 00500B86
                                                                              • Part of subcall function 00500BF0: ?fail@ios_base@std@@QBE_NXZ.MSVCP80(?,?,0050DAB6,?,00000000,00000002,00000000,00000020,00000040,00000001), ref: 00500C04
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ?fail@ios_base@std@@$CreateDirectorywcscat
                                                                            • String ID: zP
                                                                            • API String ID: 2898546159-257844785
                                                                            • Opcode ID: 4f0b56061c965f2f2cf825f5a83e1c041622dd382fe08cce812f0975218b0ce2
                                                                            • Instruction ID: fef8abd74728a25b5cf643a3bcb35e4a0f4abb1658a775f4a695eedb0014710f
                                                                            • Opcode Fuzzy Hash: 4f0b56061c965f2f2cf825f5a83e1c041622dd382fe08cce812f0975218b0ce2
                                                                            • Instruction Fuzzy Hash: 7F414970A012189FDB24DB54CD56FAEBBB4BF84310F008299E2096B2D1DB70AE84CF51
                                                                            Function 0041E140 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00406640: GetDlgItem.USER32(?,00000000), ref: 00406651
                                                                              • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A415
                                                                              • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A437
                                                                              • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A455
                                                                              • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A47D
                                                                              • Part of subcall function 0041A3B0: ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,?,00000000,?,0053E990,?,?,?,?,?,\class.xml,?,?,?,data\images\), ref: 0041A530
                                                                              • Part of subcall function 0041DE10: ??_V@YAXPAX@Z.MSVCR80(0000001F,A7504B2B,?,?,?,0000001F,00000001,CameraDlg\btn_properties,00000000,?,000003EB), ref: 0041DE55
                                                                              • Part of subcall function 0040DA40: MoveWindow.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,?,?,00408A2E,0000006D,0000002D,00000157,00000017,00000001,00000000,?), ref: 0040DA61
                                                                              • Part of subcall function 0041AA40: GetWindowLongW.USER32(?,A7504B2B), ref: 0041AA51
                                                                              • Part of subcall function 0041E880: SetWindowLongW.USER32(A7504B2B,00000001,A7504B2B), ref: 0041E895
                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,000000B2,00000002,000000EC,00000000,000000EC,0000000A,0000000A,0000002D,00000014,00000001,Apply the selection,button,00000000,A7504B2B), ref: 0041E1F1
                                                                              • Part of subcall function 0041E8B0: MoveWindow.USER32(?,?,00000000,?,00000000,00000001,-00000003,?,0041E25F,?,00000001,?,?), ref: 0041E8E7
                                                                              • Part of subcall function 0041E370: GetSystemMetrics.USER32(0000004E), ref: 0041E37B
                                                                              • Part of subcall function 0041E370: GetSystemMetrics.USER32(0000004F), ref: 0041E386
                                                                              • Part of subcall function 0041E370: GetSystemMetrics.USER32(0000004C), ref: 0041E391
                                                                              • Part of subcall function 0041E370: GetSystemMetrics.USER32(0000004D), ref: 0041E3A2
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Window$AllocatorDebugHeapMetricsSystem$LongMove$AttributesImage@@ItemLayeredLoad@
                                                                            • String ID: Apply the selection$button
                                                                            • API String ID: 70508497-2603280126
                                                                            • Opcode ID: 325f42cf690be37cc5bd74bc9656fe42c8c439b5651ae68e07e9d9de847688b4
                                                                            • Instruction ID: 04a5c8e6f4919bc5989b0440a3589c8b02fa676512b2dbfed97fa3f5bca5e94e
                                                                            • Opcode Fuzzy Hash: 325f42cf690be37cc5bd74bc9656fe42c8c439b5651ae68e07e9d9de847688b4
                                                                            • Instruction Fuzzy Hash: 6D310B70A40208ABDB08EBA5DD92FADB775AF44718F10011EF502A72D2DB797941CB59
                                                                            Function 0041EED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetSystemMetrics.USER32(00000004), ref: 0041EEDD
                                                                              • Part of subcall function 0040DA70: SetWindowPos.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,0040880B,?,?,0040880B,00000000,00000000,00000000,000001E2,-0000012B), ref: 0040DA95
                                                                              • Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD
                                                                              • Part of subcall function 00406670: GetParent.USER32 ref: 0040669A
                                                                              • Part of subcall function 00406670: GetWindowRect.USER32(?,?), ref: 004066C0
                                                                              • Part of subcall function 00406670: GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
                                                                              • Part of subcall function 00406670: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D
                                                                              • Part of subcall function 00406640: GetDlgItem.USER32(?,00000000), ref: 00406651
                                                                              • Part of subcall function 00408120: ??_V@YAXPAX@Z.MSVCR80(?,A7504B2B,?,?,?,?,00000000,00000000,00000000,00000000,0040641C,00000000), ref: 0040815C
                                                                              • Part of subcall function 00408120: lstrlenW.KERNEL32(0040641C,?,?,00000000,00000000,00000000,00000000,0040641C,00000000), ref: 00408172
                                                                              • Part of subcall function 0040DA40: MoveWindow.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,?,?,00408A2E,0000006D,0000002D,00000157,00000017,00000001,00000000,?), ref: 0040DA61
                                                                            • MoveWindow.USER32(00000000,00000000,00000001,000000E7,0000005F,00000048,00000017,00000001,00000113,00000034,000000C6,00000017,00000001,http://www.manycam.com/codec,00000000,00000211), ref: 0041EF99
                                                                            Strings
                                                                            • http://www.manycam.com/codec, xrefs: 0041EF48
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: Window$MoveParentSystem$InfoItemLongMetricsParametersRectlstrlen
                                                                            • String ID: http://www.manycam.com/codec
                                                                            • API String ID: 3918154117-1165702928
                                                                            • Opcode ID: 3c772632c4e0218f7060b3e77bd1fd24f4dad1a2c19bf84bf2807e60cca908d2
                                                                            • Instruction ID: 149f93423e983da9d283a3b54f422c1b69b7f72d1b3e7c1b80e5497dd6e0fc8b
                                                                            • Opcode Fuzzy Hash: 3c772632c4e0218f7060b3e77bd1fd24f4dad1a2c19bf84bf2807e60cca908d2
                                                                            • Instruction Fuzzy Hash: 5C110D70B802096BFB18E7A5CC67FBE7225AF44708F00042DB717BA2C2DAB96520865D
                                                                            Function 004C4AC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _invalid_parameter_noinfo.MSVCR80(00000000,00533F58,?,?,?,?,?,?,004BCB55,?,00533F58,000000FF,00533F58,004B85D2,00000000,00000000), ref: 004C4AD1
                                                                            • _invalid_parameter_noinfo.MSVCR80(?,00000000,00533F58,?,?,?,?,?,?,004BCB55,?,00533F58,000000FF,00533F58,004B85D2,00000000), ref: 004C4AEE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: _invalid_parameter_noinfo
                                                                            • String ID: X?S
                                                                            • API String ID: 3215553584-928156776
                                                                            • Opcode ID: 300afce18172fda367b1e5a93a3139029df3230341556c5fc4a0edfbb8e029cc
                                                                            • Instruction ID: 6e252d52473bf057cc5c9ab3544af976a75f27afc912d5b1b1ccf3972680467b
                                                                            • Opcode Fuzzy Hash: 300afce18172fda367b1e5a93a3139029df3230341556c5fc4a0edfbb8e029cc
                                                                            • Instruction Fuzzy Hash: 7B214178E00204EFCB44EFA5C6A0E6FBB75AF89315B14819EE4055B311D738EE41CBA8
                                                                            Function 00490E90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _invalid_parameter_noinfo.MSVCR80(?,0049315F,?,00000000,?,?,0048D60B,000000FF,?,?,00499CB6,?,?,?,00531AE6,000000FF), ref: 00490EA1
                                                                            • _invalid_parameter_noinfo.MSVCR80(00000003,?,0049315F,?,00000000,?,?,0048D60B,000000FF,?,?,00499CB6,?,?,?,00531AE6), ref: 00490EBE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: _invalid_parameter_noinfo
                                                                            • String ID: _1I
                                                                            • API String ID: 3215553584-1375489561
                                                                            • Opcode ID: f8a0f0cd8858169583a3bfb7bac23ac9426c047314b7327a1f008bdd9c0947f0
                                                                            • Instruction ID: 39ed61a2cd6add22cacd6874f090497504692926125bc87bb284fc13d1f3f6b2
                                                                            • Opcode Fuzzy Hash: f8a0f0cd8858169583a3bfb7bac23ac9426c047314b7327a1f008bdd9c0947f0
                                                                            • Instruction Fuzzy Hash: 12213E74A00204EFCF04EFA5C58086EBF76AF89315B1489AEE4459B305CB38EA41CBA4
                                                                            Function 00407190 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67registryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • RegQueryValueExW.ADVAPI32(00000040,?,00000000,00000040,?,?,004C7AEB,AppVersion,?,00000040,80000002,SOFTWARE\ManyCam,00020019), ref: 004071CC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: QueryValue
                                                                            • String ID: zL$zL
                                                                            • API String ID: 3660427363-3006479296
                                                                            • Opcode ID: 9f65d8b26e372b6834f41cd3cc3a1fe9bf163b5c16fb74d4df2668fbdcee74fa
                                                                            • Instruction ID: fe241e5347fe9cda23539dab786d815e97edc30d153e6fd0c4fb1542d65cb657
                                                                            • Opcode Fuzzy Hash: 9f65d8b26e372b6834f41cd3cc3a1fe9bf163b5c16fb74d4df2668fbdcee74fa
                                                                            • Instruction Fuzzy Hash: 90211074A04209EBDB18CF99C454BAFB7B1FF84300F1085AEE911AB3D0D778A941CB96
                                                                            Function 004535B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
                                                                              • Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852
                                                                            • clock.MSVCR80 ref: 00453606
                                                                            • _DebugHeapAllocator.LIBCPMTD ref: 00453624
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocatorDebugHeapclockfflushfwprintf
                                                                            • String ID: Entering: %s
                                                                            • API String ID: 1338021872-1508582857
                                                                            • Opcode ID: 0a03b20c66a4bdf864266057b93037efe44b4c8f81b8abca9714b6f92b0e190a
                                                                            • Instruction ID: 630723a52c49dda7b07cbf3efddf69ebd1aec7d1a56bd84d85dfb89b8348d68f
                                                                            • Opcode Fuzzy Hash: 0a03b20c66a4bdf864266057b93037efe44b4c8f81b8abca9714b6f92b0e190a
                                                                            • Instruction Fuzzy Hash: CE1130B5904209EFDB04DF98D841AAEB7B4FF48714F00865DF82597381D7746904CBA5
                                                                            Function 00BBA180 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: _ftol
                                                                            • String ID: Limiting gamma to 21474.83$Setting gamma=0
                                                                            • API String ID: 2545261903-3311646275
                                                                            • Opcode ID: 89ce5e07ace49c861ee515791233976caefc075f465c4e2cf9080b59b486ad6e
                                                                            • Instruction ID: 37371b3f0de86d166cb12df89032bb9bc4556c36e314253a322d46b8821d6196
                                                                            • Opcode Fuzzy Hash: 89ce5e07ace49c861ee515791233976caefc075f465c4e2cf9080b59b486ad6e
                                                                            • Instruction Fuzzy Hash: 1FF04470800B4697C3506F09FE016AAB7E4FF83F40F0108CAE4D832269EFB19855AA93
                                                                            Function 004AE2E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _invalid_parameter_noinfo.MSVCR80(?,?,004AE1A3,CJ,00000000,?,004AE043,?,?,00000000,000000FF,004AD900,00000000,?,?,000000FF), ref: 004AE2EF
                                                                            • _invalid_parameter_noinfo.MSVCR80(?,?,004AE1A3,CJ,00000000,?,004AE043,?,?,00000000,000000FF,004AD900,00000000,?,?,000000FF), ref: 004AE32B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: _invalid_parameter_noinfo
                                                                            • String ID: CJ
                                                                            • API String ID: 3215553584-1577928124
                                                                            • Opcode ID: 70cad1bad6b93677a8aa04d1a4551bdbb9f1c5421a9a58d61efe08efc66d9194
                                                                            • Instruction ID: 1e5a07180b79b9d77b03a7b872fd22e8548e40f80d8fa90e55785185c90aae0e
                                                                            • Opcode Fuzzy Hash: 70cad1bad6b93677a8aa04d1a4551bdbb9f1c5421a9a58d61efe08efc66d9194
                                                                            • Instruction Fuzzy Hash: A401D731600008DFCB08DF59D694A6EFBB6EF66301F258199E9069B355C734AE50DB88
                                                                            Function 004E29E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _invalid_parameter_noinfo.MSVCR80(?,?,004E1883,CN,000000FF,?,004E0A43,?,?,000000FF,?), ref: 004E29EF
                                                                            • _invalid_parameter_noinfo.MSVCR80(?,?,004E1883,CN,000000FF,?,004E0A43,?,?,000000FF,?), ref: 004E2A25
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: _invalid_parameter_noinfo
                                                                            • String ID: CN
                                                                            • API String ID: 3215553584-3860229782
                                                                            • Opcode ID: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
                                                                            • Instruction ID: 055c263bba3631ac84532d8d275a506bca3ff744e03e32cc4505f628b268f32f
                                                                            • Opcode Fuzzy Hash: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
                                                                            • Instruction Fuzzy Hash: 6D110234A00049EFCB14DF45C280DADB7B6FB99305B25C299E8068B315DB31AF46DB84
                                                                            Function 00412C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _invalid_parameter_noinfo.MSVCR80(?,?,004129C3,C A,00000000,?,00412043,?,?,00000000,-0000012B,0040F9E0,00000000,?,?,-0000012B), ref: 00412C2F
                                                                            • _invalid_parameter_noinfo.MSVCR80(?,?,004129C3,C A,00000000,?,00412043,?,?,00000000,-0000012B,0040F9E0,00000000,?,?,-0000012B), ref: 00412C65
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: _invalid_parameter_noinfo
                                                                            • String ID: C A
                                                                            • API String ID: 3215553584-432193327
                                                                            • Opcode ID: dd3759dd0edff71de197c755aad0b75e312425a4acb4d65829b04bcd21f34736
                                                                            • Instruction ID: d50c8c72ee7c7c5e73367f5c550ec2d48e9c8be17f747839894a4a99daa275eb
                                                                            • Opcode Fuzzy Hash: dd3759dd0edff71de197c755aad0b75e312425a4acb4d65829b04bcd21f34736
                                                                            • Instruction Fuzzy Hash: 0E01E931600008DFCB08CF48D7D49ADFBB6EF69345B668199E5069B315D730EE90DB98
                                                                            Function 00413CB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • _invalid_parameter_noinfo.MSVCR80(?,?,004138F3,c7A,00000000,?,00413763,?,?,00000000,?,004136D0,?,?,?,45A), ref: 00413CBF
                                                                            • _invalid_parameter_noinfo.MSVCR80(?,?,004138F3,c7A,00000000,?,00413763,?,?,00000000,?,004136D0,?,?,?,45A), ref: 00413CF5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: _invalid_parameter_noinfo
                                                                            • String ID: c7A
                                                                            • API String ID: 3215553584-604798297
                                                                            • Opcode ID: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
                                                                            • Instruction ID: 4f8a117557595d7ace3a85e6c39e7ac69620622392f626f59c62cc3483bdb0bb
                                                                            • Opcode Fuzzy Hash: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
                                                                            • Instruction Fuzzy Hash: 3511D335A00009EFCB14DF48C290C9DB7B6FF99305B258199E9069B315EB31AF86DB88
                                                                            Function 004228B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetCursorInfo.USER32(00000014), ref: 004228C4
                                                                            • ScreenToClient.USER32(?,?), ref: 004228D5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: ClientCursorInfoScreen
                                                                            • String ID: (B
                                                                            • API String ID: 1381309574-891251851
                                                                            • Opcode ID: 183b5d1f9ba3f3a11c0528ae00216a5e4976ffd3210267904aec7597f6dd3387
                                                                            • Instruction ID: 56ec9ec03ba55985748cef6039b39fbaea006a6cc74428b082933960e72c1f85
                                                                            • Opcode Fuzzy Hash: 183b5d1f9ba3f3a11c0528ae00216a5e4976ffd3210267904aec7597f6dd3387
                                                                            • Instruction Fuzzy Hash: 89F0ECB5A00209AFCB04DF98D985C9EBBB9FF88310F10C158FA49A7350D730EA45DB91
                                                                            Function 004B7880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                              • Part of subcall function 00454C20: _time64.MSVCR80 ref: 00454C25
                                                                            • fwprintf.MSVCR80 ref: 004B78B3
                                                                            • fflush.MSVCR80 ref: 004B78C3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: _time64fflushfwprintf
                                                                            • String ID: | %x %X |
                                                                            • API String ID: 804399740-1669508960
                                                                            • Opcode ID: a995debcebdf332dee2d0cd15bea4d7e243787ad81cf3f31d987c7b7fad9b84e
                                                                            • Instruction ID: 998b554e6e78045c2d5deda0b84162204a47a87edbaee598bb3a96ab0b245df9
                                                                            • Opcode Fuzzy Hash: a995debcebdf332dee2d0cd15bea4d7e243787ad81cf3f31d987c7b7fad9b84e
                                                                            • Instruction Fuzzy Hash: 4BF05471C01108ABDF04FB95DD868AEB738FF54309B5045A9E91667242DB34AA1CCBE5
                                                                            Function 00B9D6E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2233455214.0000000000B91000.00000020.00000001.01000000.00000009.sdmp, Offset: 00B90000, based on PE: true
                                                                            • Associated: 00000003.00000002.2233430106.0000000000B90000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233503760.0000000000BDD000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233530619.0000000000BE6000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233560525.0000000000BE7000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233581036.0000000000BEA000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233606577.0000000000BEB000.00000008.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233634751.0000000000BEC000.00000004.00000001.01000000.00000009.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233660618.0000000000BEE000.00000002.00000001.01000000.00000009.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_b90000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: exitfprintf
                                                                            • String ID: %s
                                                                            • API String ID: 4243785698-620797490
                                                                            • Opcode ID: fd9c6deb79413dfe1ad62202f921903fad40581ddfb75f7c5f3d252542e5ceab
                                                                            • Instruction ID: 4747bd8bf3161ecfdfd19d01b1040ceb503386d2748ece7f77148f724db0457d
                                                                            • Opcode Fuzzy Hash: fd9c6deb79413dfe1ad62202f921903fad40581ddfb75f7c5f3d252542e5ceab
                                                                            • Instruction Fuzzy Hash: 8EF0A735401211AFD300EF64DC48E9AB7F8EF89301F008459F485A3261EB75D805CB56
                                                                            Function 004150C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: memmove_s
                                                                            • String ID: nAA$nAA
                                                                            • API String ID: 1646303785-1657967095
                                                                            • Opcode ID: 48a814f637bbc169a426d2c1a272fa5cac1a1cc5ee3381e8494429463483b6d0
                                                                            • Instruction ID: 831bdc283bfef77eb9b1cad694d4ede0d3f081278f3ad19dba345cc0dbbac6ca
                                                                            • Opcode Fuzzy Hash: 48a814f637bbc169a426d2c1a272fa5cac1a1cc5ee3381e8494429463483b6d0
                                                                            • Instruction Fuzzy Hash: 0CF0D47090010DEFCB14DF9CC885D9EBBB8FB88344F10829DE919A7300E630EAA5CB90
                                                                            Function 00523211 Relevance: 5.1, APIs: 4, Instructions: 59memoryCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • GetProcessHeap.KERNEL32(00000000,0000000D,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?,0000040A,00000000), ref: 0052318D
                                                                            • HeapAlloc.KERNEL32(00000000,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?,0000040A,00000000,00000000), ref: 00523194
                                                                              • Part of subcall function 0052309D: IsProcessorFeaturePresent.KERNEL32(0000000C,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?,0000040A), ref: 005230A0
                                                                            • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?), ref: 005231B6
                                                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?), ref: 005231E3
                                                                            Memory Dump Source
                                                                            • Source File: 00000003.00000002.2232911074.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000003.00000002.2232874599.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233202132.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233270027.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233294466.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233317988.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000003.00000002.2233343518.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_3_2_400000_ManyCam.jbxd
                                                                            Similarity
                                                                            • API ID: AllocHeapVirtual$FeatureFreePresentProcessProcessor
                                                                            • String ID:
                                                                            • API String ID: 4058086966-0
                                                                            • Opcode ID: 0c4867eb5bd92bb6381ce8f4e327ffa02bccf704549b714ad9cee9f0e79b5bb8
                                                                            • Instruction ID: b5a60a9bbef02a3c563d751fc20c4e74480abeb514ab3cab8f797184bd5a284a
                                                                            • Opcode Fuzzy Hash: 0c4867eb5bd92bb6381ce8f4e327ffa02bccf704549b714ad9cee9f0e79b5bb8
                                                                            • Instruction Fuzzy Hash: 3711D631240231AFEB21176CFC0AB663E65BF67741F100820FA11D62E0D738CD08EAA0