Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
62f928.msi

Overview

General Information

Sample name:62f928.msi
Analysis ID:1579315
MD5:a2a7ff35bd33480418bd39e0832d0875
SHA1:8cd2ec2310b1240ffa9944631c409e658cea03a7
SHA256:46004e5408d63486737753e360a3c9ef74246163497c920d1ac7aa504c488e54
Tags:msiRemcosuser-smica83
Infos:

Detection

Remcos
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Remcos RAT
Yara detected UAC Bypass using CMSTP
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found API chain indicative of debugger detection
Found direct / indirect Syscall (likely to bypass EDR)
Found hidden mapped module (file has been removed from disk)
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Writes to foreign memory regions
Checks for available system drives (often done to infect USB drives)
Checks if the current process is being debugged
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Launches processes in debugging mode, may be used to hinder debugging
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Keylogger Generic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 4876 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\62f928.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 6736 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • ManyCam.exe (PID: 2760 cmdline: "C:\Users\user\AppData\Local\Regma\ManyCam.exe" MD5: BA699791249C311883BAA8CE3432703B)
      • pcaui.exe (PID: 1132 cmdline: "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Local\Regma\ManyCam.exe" MD5: 0BA34D8D0BD01CB98F912114ACC7CF19)
      • ManyCam.exe (PID: 4136 cmdline: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe MD5: BA699791249C311883BAA8CE3432703B)
        • pcaui.exe (PID: 1836 cmdline: "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe" MD5: 0BA34D8D0BD01CB98F912114ACC7CF19)
        • cmd.exe (PID: 1460 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 5140 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • Demowordpad.exe (PID: 2960 cmdline: C:\Users\user\AppData\Local\Temp\Demowordpad.exe MD5: FEA067901F48A5F1FAF7CA3B373F1A8F)
  • ManyCam.exe (PID: 5892 cmdline: "C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe" MD5: BA699791249C311883BAA8CE3432703B)
    • pcaui.exe (PID: 6904 cmdline: "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe" MD5: 0BA34D8D0BD01CB98F912114ACC7CF19)
    • cmd.exe (PID: 6472 cmdline: C:\Windows\SysWOW64\cmd.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5004 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • Demowordpad.exe (PID: 5372 cmdline: C:\Users\user\AppData\Local\Temp\Demowordpad.exe MD5: FEA067901F48A5F1FAF7CA3B373F1A8F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Remcos, RemcosRATRemcos (acronym of Remote Control & Surveillance Software) is a commercial Remote Access Tool to remotely control computers.Remcos is advertised as legitimate software which can be used for surveillance and penetration testing purposes, but has been used in numerous hacking campaigns.Remcos, once installed, opens a backdoor on the computer, granting full access to the remote user.Remcos is developed by the cybersecurity company BreakingSecurity.
  • APT33
  • The Gorgon Group
  • UAC-0050
https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos

Malware Configuration

Threatname: Remcos

{"Host:Port:Password": ["adminitpal.com:8080:1", "adminitpal.com:443:1"], "Assigned name": "Teddy", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Enable", "Hide file": "Disable", "Mutex": "tRvr-YKFHJK", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Enable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "notepad;chrome;edge;", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Putty", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "5", "Copy folder": "Remcos", "Keylog folder": "putty"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\krdqojnmbompJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
    C:\Users\user\AppData\Local\Temp\krdqojnmbompJoeSecurity_RemcosYara detected Remcos RATJoe Security
      C:\Users\user\AppData\Local\Temp\krdqojnmbompJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
        C:\Users\user\AppData\Local\Temp\krdqojnmbompWindows_Trojan_Remcos_b296e965unknownunknown
        • 0x6aaf8:$a1: Remcos restarted by watchdog!
        • 0x6b070:$a3: %02i:%02i:%02i:%03i
        C:\Users\user\AppData\Local\Temp\krdqojnmbompREMCOS_RAT_variantsunknownunknown
        • 0x64d94:$str_a1: C:\Windows\System32\cmd.exe
        • 0x64d10:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
        • 0x64d10:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
        • 0x65210:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
        • 0x65810:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
        • 0x64e04:$str_b2: Executing file:
        • 0x65c3c:$str_b3: GetDirectListeningPort
        • 0x65600:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject")
        • 0x65780:$str_b7: \update.vbs
        • 0x64e2c:$str_b9: Downloaded file:
        • 0x64e18:$str_b10: Downloading file:
        • 0x64ebc:$str_b12: Failed to upload file:
        • 0x65c04:$str_b13: StartForward
        • 0x65c24:$str_b14: StopForward
        • 0x656d8:$str_b15: fso.DeleteFile "
        • 0x6566c:$str_b16: On Error Resume Next
        • 0x65708:$str_b17: fso.DeleteFolder "
        • 0x64eac:$str_b18: Uploaded file:
        • 0x64e6c:$str_b19: Unable to delete:
        • 0x656a0:$str_b20: while fso.FileExists("
        • 0x65349:$str_c0: [Firefox StoredLogins not found]
        Click to see the 7 entries

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000019.00000002.2927530214.0000000000457000.00000002.00000001.01000000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
          00000019.00000002.2927530214.0000000000457000.00000002.00000001.01000000.00000000.sdmpJoeSecurity_RemcosYara detected Remcos RATJoe Security
            00000019.00000002.2927530214.0000000000457000.00000002.00000001.01000000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
              00000019.00000002.2927530214.0000000000457000.00000002.00000001.01000000.00000000.sdmpWindows_Trojan_Remcos_b296e965unknownunknown
              • 0x146f8:$a1: Remcos restarted by watchdog!
              • 0x14c70:$a3: %02i:%02i:%02i:%03i
              0000001C.00000002.3387760105.0000000005950000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                Click to see the 28 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                28.2.cmd.exe.59500c8.7.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                  28.2.cmd.exe.59500c8.7.raw.unpackJoeSecurity_RemcosYara detected Remcos RATJoe Security
                    28.2.cmd.exe.59500c8.7.raw.unpackJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
                      28.2.cmd.exe.59500c8.7.raw.unpackWindows_Trojan_Remcos_b296e965unknownunknown
                      • 0x6aaf8:$a1: Remcos restarted by watchdog!
                      • 0x6b070:$a3: %02i:%02i:%02i:%03i
                      28.2.cmd.exe.59500c8.7.raw.unpackREMCOS_RAT_variantsunknownunknown
                      • 0x64d94:$str_a1: C:\Windows\System32\cmd.exe
                      • 0x64d10:$str_a3: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
                      • 0x64d10:$str_a4: /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWOR
                      • 0x65210:$str_a5: \AppData\Local\Google\Chrome\User Data\Default\Login Data
                      • 0x65810:$str_b1: CreateObject("Scripting.FileSystemObject").DeleteFile(Wscript.ScriptFullName)
                      • 0x64e04:$str_b2: Executing file:
                      • 0x65c3c:$str_b3: GetDirectListeningPort
                      • 0x65600:$str_b4: Set fso = CreateObject("Scripting.FileSystemObject")
                      • 0x65780:$str_b7: \update.vbs
                      • 0x64e2c:$str_b9: Downloaded file:
                      • 0x64e18:$str_b10: Downloading file:
                      • 0x64ebc:$str_b12: Failed to upload file:
                      • 0x65c04:$str_b13: StartForward
                      • 0x65c24:$str_b14: StopForward
                      • 0x656d8:$str_b15: fso.DeleteFile "
                      • 0x6566c:$str_b16: On Error Resume Next
                      • 0x65708:$str_b17: fso.DeleteFolder "
                      • 0x64eac:$str_b18: Uploaded file:
                      • 0x64e6c:$str_b19: Unable to delete:
                      • 0x656a0:$str_b20: while fso.FileExists("
                      • 0x65349:$str_c0: [Firefox StoredLogins not found]
                      Click to see the 55 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Suricata Signatures

                      No Suricata rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus detection for dropped file
                      Source: C:\Users\user\AppData\Local\Temp\srpcrmxgavAvira: detection malicious, Label: BDS/Backdoor.Gen
                      Source: C:\Users\user\AppData\Local\Temp\krdqojnmbompAvira: detection malicious, Label: BDS/Backdoor.Gen
                      Found malware configuration
                      Source: 28.2.cmd.exe.59500c8.7.raw.unpackMalware Configuration Extractor: Remcos {"Host:Port:Password": ["adminitpal.com:8080:1", "adminitpal.com:443:1"], "Assigned name": "Teddy", "Connect interval": "1", "Install flag": "Disable", "Setup HKCU\\Run": "Enable", "Setup HKLM\\Run": "Enable", "Install path": "Application path", "Copy file": "remcos.exe", "Startup value": "Enable", "Hide file": "Disable", "Mutex": "tRvr-YKFHJK", "Keylog flag": "1", "Keylog path": "Application path", "Keylog file": "logs.dat", "Keylog crypt": "Disable", "Hide keylog file": "Disable", "Screenshot flag": "Enable", "Screenshot time": "1", "Take Screenshot option": "Disable", "Take screenshot title": "notepad;chrome;edge;", "Take screenshot time": "5", "Screenshot path": "AppData", "Screenshot file": "Putty", "Screenshot crypt": "Disable", "Mouse option": "Disable", "Delete file": "Disable", "Audio record time": "5", "Audio folder": "MicRecords", "Connect delay": "5", "Copy folder": "Remcos", "Keylog folder": "putty"}
                      Multi AV Scanner detection for submitted file
                      Source: 62f928.msiVirustotal: Detection: 16%Perma Link
                      Yara detected Remcos RAT
                      Source: Yara matchFile source: 28.2.cmd.exe.59500c8.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 28.2.cmd.exe.59500c8.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.cmd.exe.59d00c8.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.cmd.exe.59d00c8.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000019.00000002.2927530214.0000000000457000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001C.00000002.3387760105.0000000005950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.2929009454.00000000059D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 1460, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Demowordpad.exe PID: 2960, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 6472, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\krdqojnmbomp, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\srpcrmxgav, type: DROPPED
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Local\Temp\srpcrmxgavJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Temp\krdqojnmbompJoe Sandbox ML: detected
                      Source: cmd.exe, 00000013.00000002.2929009454.00000000059D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: -----BEGIN PUBLIC KEY-----memstr_e4c92b46-e

                      Exploits

                      barindex
                      Yara detected UAC Bypass using CMSTP
                      Source: Yara matchFile source: 28.2.cmd.exe.59500c8.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.ManyCam.exe.9b525ce.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.2.Demowordpad.exe.2f4ea8a.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 28.2.cmd.exe.5352a8a.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 26.2.ManyCam.exe.9c419ce.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 28.2.cmd.exe.59500c8.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.cmd.exe.4f0aa8a.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.cmd.exe.4f50757.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.2.Demowordpad.exe.2f93b57.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 28.2.cmd.exe.5398757.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 26.2.ManyCam.exe.9c425ce.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.ManyCam.exe.9b929ce.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 25.2.Demowordpad.exe.2f94757.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.ManyCam.exe.9b0c901.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.ManyCam.exe.9b4d901.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 28.2.cmd.exe.5397b57.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.cmd.exe.59d00c8.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.cmd.exe.59d00c8.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 15.2.ManyCam.exe.9b519ce.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.cmd.exe.4f4fb57.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 26.2.ManyCam.exe.9bfc901.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.ManyCam.exe.9b935ce.10.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000019.00000002.2927530214.0000000000457000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001C.00000002.3387760105.0000000005950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.2929009454.00000000059D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: ManyCam.exe PID: 2760, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ManyCam.exe PID: 4136, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 1460, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Demowordpad.exe PID: 2960, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: ManyCam.exe PID: 5892, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 6472, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\krdqojnmbomp, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\srpcrmxgav, type: DROPPED
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
                      Source: Binary string: d:\branch_2.5\bin\cximagecrt.pdb0 source: ManyCam.exe, 00000004.00000002.2385618467.0000000010062000.00000002.00000001.01000000.00000004.sdmp, ManyCam.exe, 0000000F.00000002.2647092406.0000000010062000.00000002.00000001.01000000.0000000D.sdmp, ManyCam.exe, 0000001A.00000002.3214938143.0000000010062000.00000002.00000001.01000000.0000000D.sdmp, cximagecrt.dll.3.dr
                      Source: Binary string: d:\branch_2.5\bin\cximagecrt.pdb source: ManyCam.exe, 00000004.00000002.2385618467.0000000010062000.00000002.00000001.01000000.00000004.sdmp, ManyCam.exe, 0000000F.00000002.2647092406.0000000010062000.00000002.00000001.01000000.0000000D.sdmp, ManyCam.exe, 0000001A.00000002.3214938143.0000000010062000.00000002.00000001.01000000.0000000D.sdmp, cximagecrt.dll.3.dr
                      Source: Binary string: tracefmt.pdb source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000000.2843853626.00000000000E1000.00000020.00000001.01000000.00000016.sdmp, Demowordpad.exe, 00000019.00000002.2927208005.00000000000E1000.00000020.00000001.01000000.00000016.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000021.00000002.3385818366.00000000000E1000.00000020.00000001.01000000.00000016.sdmp
                      Source: Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb8` source: ManyCam.exe, 0000000F.00000002.2640900189.000000000185D000.00000002.00000001.01000000.00000012.sdmp, ManyCam.exe, 0000001A.00000002.3209857150.0000000000D8D000.00000002.00000001.01000000.00000012.sdmp, highgui099.dll.3.dr
                      Source: Binary string: c:\Program Files\OpenCV\bin\cxcore099.pdb source: ManyCam.exe, 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmp, ManyCam.exe, 0000000F.00000002.2640115558.00000000011D1000.00000002.00000001.01000000.0000000E.sdmp, ManyCam.exe, 0000001A.00000002.3209116933.0000000000BC1000.00000002.00000001.01000000.0000000E.sdmp
                      Source: Binary string: \tracef@mt.pdbv source: ManyCam.exe, 00000004.00000002.2382949102.0000000009843000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645530055.000000000997E000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213620478.0000000009A71000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: ManyCam.exe, 00000004.00000002.2384692934.000000000A000000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.2384125666.0000000009CAB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645938626.0000000009C6B000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2646367318.0000000009FC0000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2646569631.000000000A37D000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928027730.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928401666.0000000005060000.00000004.00001000.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928454078.00000000030A0000.00000004.00001000.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928110123.0000000002B9E000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3214442930.000000000A46E000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3214231631.000000000A0B0000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213896105.0000000009D58000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387399217.00000000054A0000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3386847725.0000000004FA8000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: ManyCam.exe, 00000004.00000002.2384692934.000000000A000000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.2384125666.0000000009CAB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645938626.0000000009C6B000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2646367318.0000000009FC0000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2646569631.000000000A37D000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928027730.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928401666.0000000005060000.00000004.00001000.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928454078.00000000030A0000.00000004.00001000.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928110123.0000000002B9E000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3214442930.000000000A46E000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3214231631.000000000A0B0000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213896105.0000000009D58000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387399217.00000000054A0000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3386847725.0000000004FA8000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: .pdbload <modname> - you must specify a module to load source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000000.2843853626.00000000000E1000.00000020.00000001.01000000.00000016.sdmp, Demowordpad.exe, 00000019.00000002.2927208005.00000000000E1000.00000020.00000001.01000000.00000016.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000021.00000002.3385818366.00000000000E1000.00000020.00000001.01000000.00000016.sdmp
                      Source: Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb8`} source: ManyCam.exe, 00000004.00000002.2378044776.00000000017CD000.00000002.00000001.01000000.00000008.sdmp
                      Source: Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb source: ManyCam.exe, 00000004.00000002.2378044776.00000000017CD000.00000002.00000001.01000000.00000008.sdmp, ManyCam.exe, 0000000F.00000002.2640900189.000000000185D000.00000002.00000001.01000000.00000012.sdmp, ManyCam.exe, 0000001A.00000002.3209857150.0000000000D8D000.00000002.00000001.01000000.00000012.sdmp, highgui099.dll.3.dr
                      Source: Binary string: c:\Program Files\OpenCV\bin\cv099.pdb source: ManyCam.exe, 00000004.00000003.2373737632.0000000000C11000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.2378309489.000000000187F000.00000002.00000001.01000000.00000009.sdmp, ManyCam.exe, 0000000F.00000002.2640529435.00000000012AF000.00000002.00000001.01000000.00000011.sdmp, ManyCam.exe, 0000001A.00000002.3209564446.0000000000D1F000.00000002.00000001.01000000.00000011.sdmp, cv099.dll.4.dr
                      Source: Binary string: c:\Program Files\OpenCV\bin\cxcore099.pdbu source: ManyCam.exe, 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmp, ManyCam.exe, 0000000F.00000002.2640115558.00000000011D1000.00000002.00000001.01000000.0000000E.sdmp, ManyCam.exe, 0000001A.00000002.3209116933.0000000000BC1000.00000002.00000001.01000000.0000000E.sdmp
                      Source: Binary string: d:\branch_2.5\bin\ManyCam.pdb source: ManyCam.exe, 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000003.2375015382.0000000000C11000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000000.2151979907.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.dr
                      Source: Binary string: d:\branch_2.5\Bin\CrashRpt.pdb source: ManyCam.exe, 00000004.00000002.2378693094.0000000002012000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 0000000F.00000002.2641911704.0000000002012000.00000002.00000001.01000000.0000000F.sdmp, ManyCam.exe, 0000001A.00000002.3210844805.0000000002012000.00000002.00000001.01000000.0000000F.sdmp
                      Source: Binary string: dbghelp.pdb source: ManyCam.exe, 00000004.00000002.2386054055.000000006D511000.00000020.00000001.01000000.00000006.sdmp, ManyCam.exe, 0000000F.00000002.2647197974.000000006D511000.00000020.00000001.01000000.00000010.sdmp, ManyCam.exe, 0000001A.00000002.3215308587.000000006D511000.00000020.00000001.01000000.00000010.sdmp
                      Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: c:Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_004164A0 lstrlenW,FindFirstFileW,GetFullPathNameW,SetLastError,4_2_004164A0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_004164A0 lstrlenW,FindFirstFileW,GetFullPathNameW,SetLastError,15_2_004164A0
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior

                      Networking

                      barindex
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: adminitpal.com
                      Source: Malware configuration extractorURLs: adminitpal.com
                      Source: ManyCam.exe, 0000001A.00000002.3213620478.0000000009A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://c0rl.m%L
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                      Source: ManyCam.exe, 00000004.00000002.2382949102.0000000009843000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645530055.000000000997E000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213620478.0000000009A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                      Source: ManyCam.exe, 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000003.2375015382.0000000000C11000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2639408265.00000000005A4000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946945665.00000000005A4000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://download.manycam.com
                      Source: ManyCam.exe, 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.2151979907.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drString found in binary or memory: http://download.manycam.com/effects/%s/%s?v=%sBackgroundsDynamicDynamic
                      Source: ManyCam.exe, 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.2151979907.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drString found in binary or memory: http://download.manycam.com/effects/%s/%s?v=%sManyCam
                      Source: ManyCam.exe, 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.2151979907.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drString found in binary or memory: http://download.manycam.comNew
                      Source: ManyCam.exe, 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.2151979907.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drString found in binary or memory: http://download.manycam.comVerdanaThis
                      Source: ManyCam.exeString found in binary or memory: http://manycam.com/feedback/?version=%s
                      Source: ManyCam.exe, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drString found in binary or memory: http://manycam.com/help/effects
                      Source: ManyCam.exe, 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.2151979907.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drString found in binary or memory: http://manycam.com/upload_effect?filepath=ManyCam
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                      Source: ManyCam.exe, 00000004.00000002.2382949102.0000000009843000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645530055.000000000997E000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213620478.0000000009A71000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0L
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0a
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009AF0000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009AAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004EBB000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002EFF000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009B9F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.0000000005303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
                      Source: ManyCam.exe, ManyCam.exe, 0000000F.00000002.2639408265.00000000005A4000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946945665.00000000005A4000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drString found in binary or memory: http://www.manycam.com
                      Source: ManyCam.exe, ManyCam.exe, 0000000F.00000002.2639408265.00000000005A4000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946945665.00000000005A4000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: http://www.manycam.com/codec
                      Source: ManyCam.exe, 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.2151979907.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drString found in binary or memory: http://www.manycam.com/codecVerdanaThis
                      Source: ManyCam.exe, 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.2151979907.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drString found in binary or memory: http://www.manycam.com/codecVerdanaTo
                      Source: ManyCam.exe, 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.2151979907.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drString found in binary or memory: http://www.manycam.com/help/effects/snapshot/these
                      Source: ManyCam.exe, 00000004.00000003.2375015382.0000000000C11000.00000004.00000020.00020000.00000000.sdmp, cximagecrt.dll.3.drString found in binary or memory: http://www.manycam.com0
                      Source: ManyCam.exe, 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.2151979907.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drString found in binary or memory: http://www.manycam.comhttp://manycam.com/feedback/?version=%sAnchor
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
                      Source: ManyCam.exe, 00000004.00000002.2382949102.0000000009843000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645530055.000000000997E000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213620478.0000000009A71000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.vmware.com/0/
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
                      Source: ManyCam.exe, 00000004.00000002.2382949102.0000000009843000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645530055.000000000997E000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213620478.0000000009A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.c
                      Source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                      Source: Yara matchFile source: 28.2.cmd.exe.59500c8.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 28.2.cmd.exe.59500c8.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.cmd.exe.59d00c8.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.cmd.exe.59d00c8.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000019.00000002.2927530214.0000000000457000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001C.00000002.3387760105.0000000005950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.2929009454.00000000059D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 1460, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Demowordpad.exe PID: 2960, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 6472, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\krdqojnmbomp, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\srpcrmxgav, type: DROPPED

                      E-Banking Fraud

                      barindex
                      Yara detected Remcos RAT
                      Source: Yara matchFile source: 28.2.cmd.exe.59500c8.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 28.2.cmd.exe.59500c8.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.cmd.exe.59d00c8.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.cmd.exe.59d00c8.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000019.00000002.2927530214.0000000000457000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001C.00000002.3387760105.0000000005950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.2929009454.00000000059D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 1460, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Demowordpad.exe PID: 2960, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 6472, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\krdqojnmbomp, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\srpcrmxgav, type: DROPPED

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 28.2.cmd.exe.59500c8.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 28.2.cmd.exe.59500c8.7.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 28.2.cmd.exe.59500c8.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 15.2.ManyCam.exe.9b525ce.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 25.2.Demowordpad.exe.2f4ea8a.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 28.2.cmd.exe.5352a8a.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 26.2.ManyCam.exe.9c419ce.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 28.2.cmd.exe.59500c8.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 28.2.cmd.exe.59500c8.7.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 28.2.cmd.exe.59500c8.7.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 19.2.cmd.exe.4f0aa8a.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 19.2.cmd.exe.4f50757.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 25.2.Demowordpad.exe.2f93b57.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 28.2.cmd.exe.5398757.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 26.2.ManyCam.exe.9c425ce.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 4.2.ManyCam.exe.9b929ce.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 25.2.Demowordpad.exe.2f94757.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 15.2.ManyCam.exe.9b0c901.9.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 4.2.ManyCam.exe.9b4d901.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 28.2.cmd.exe.5397b57.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 19.2.cmd.exe.59d00c8.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 19.2.cmd.exe.59d00c8.7.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 19.2.cmd.exe.59d00c8.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 19.2.cmd.exe.59d00c8.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 19.2.cmd.exe.59d00c8.7.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: 19.2.cmd.exe.59d00c8.7.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 15.2.ManyCam.exe.9b519ce.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 19.2.cmd.exe.4f4fb57.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 26.2.ManyCam.exe.9bfc901.8.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 4.2.ManyCam.exe.9b935ce.10.raw.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: 00000019.00000002.2927530214.0000000000457000.00000002.00000001.01000000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 0000001C.00000002.3387760105.0000000005950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: 00000013.00000002.2929009454.00000000059D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: Process Memory Space: cmd.exe PID: 1460, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: Process Memory Space: Demowordpad.exe PID: 2960, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: Process Memory Space: cmd.exe PID: 6472, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: C:\Users\user\AppData\Local\Temp\krdqojnmbomp, type: DROPPEDMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: C:\Users\user\AppData\Local\Temp\krdqojnmbomp, type: DROPPEDMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: C:\Users\user\AppData\Local\Temp\krdqojnmbomp, type: DROPPEDMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: C:\Users\user\AppData\Local\Temp\srpcrmxgav, type: DROPPEDMatched rule: Windows_Trojan_Remcos_b296e965 Author: unknown
                      Source: C:\Users\user\AppData\Local\Temp\srpcrmxgav, type: DROPPEDMatched rule: REMCOS_RAT_variants Author: unknown
                      Source: C:\Users\user\AppData\Local\Temp\srpcrmxgav, type: DROPPEDMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6e2515.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{9C7064B9-89ED-41DD-86B6-540DFCC59041}Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI265D.tmpJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6e2517.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6e2517.msiJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\6e2517.msiJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_0050EC904_2_0050EC90
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016FD1604_2_016FD160
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016DE1204_2_016DE120
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016FE1104_2_016FE110
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_0173B1D04_2_0173B1D0
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016AB1A04_2_016AB1A0
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016E01804_2_016E0180
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016AB0304_2_016AB030
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016DD0004_2_016DD000
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_017000D04_2_017000D0
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016AC0D04_2_016AC0D0
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_017390904_2_01739090
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_0172C3604_2_0172C360
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016F33404_2_016F3340
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016B93384_2_016B9338
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016AB3104_2_016AB310
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_017283B04_2_017283B0
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016B63A74_2_016B63A7
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016993804_2_01699380
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016F73904_2_016F7390
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016B727E4_2_016B727E
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016932404_2_01693240
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016ED2404_2_016ED240
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_0172E2404_2_0172E240
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_017022304_2_01702230
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016E02094_2_016E0209
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016982F04_2_016982F0
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016B32F44_2_016B32F4
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016942C04_2_016942C0
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_017302C04_2_017302C0
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016962A04_2_016962A0
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016AE2A04_2_016AE2A0
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016D02A04_2_016D02A0
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016F12A04_2_016F12A0
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_017135204_2_01713520
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_0171A5234_2_0171A523
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016F65F04_2_016F65F0
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016AE5A04_2_016AE5A0
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_0172E5A04_2_0172E5A0
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_017294704_2_01729470
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016BD4224_2_016BD422
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016F54204_2_016F5420
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016BD4304_2_016BD430
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016F04F04_2_016F04F0
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_0173E4D04_2_0173E4D0
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_016AB4C04_2_016AB4C0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0050EC9015_2_0050EC90
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0118E11015_2_0118E110
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0116E12015_2_0116E120
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0117018015_2_01170180
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0113C0D015_2_0113C0D0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011900D015_2_011900D0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011BC36015_2_011BC360
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011B83B015_2_011B83B0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011463A715_2_011463A7
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0117020915_2_01170209
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0119223015_2_01192230
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011BE24015_2_011BE240
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011262A015_2_011262A0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0113E2A015_2_0113E2A0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011602A015_2_011602A0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011242C015_2_011242C0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011C02C015_2_011C02C0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011282F015_2_011282F0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011AA52315_2_011AA523
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0113E5A015_2_0113E5A0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011BE5A015_2_011BE5A0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011865F015_2_011865F0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011CE4D015_2_011CE4D0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011804F015_2_011804F0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0116471015_2_01164710
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0118870015_2_01188700
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011CC79015_2_011CC790
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0113A65015_2_0113A650
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0117C67015_2_0117C670
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0118466015_2_01184660
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011A46B315_2_011A46B3
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011486A915_2_011486A9
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0113A6CE15_2_0113A6CE
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011266E015_2_011266E0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0116897015_2_01168970
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011BE97015_2_011BE970
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0113A9D015_2_0113A9D0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0117E9C015_2_0117E9C0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0113A81015_2_0113A810
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011A486015_2_011A4860
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0116A89015_2_0116A890
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0119A88315_2_0119A883
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0113A88E15_2_0113A88E
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0113E8B015_2_0113E8B0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011448F815_2_011448F8
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0118A8E015_2_0118A8E0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_0113AB4015_2_0113AB40
                      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Regma\CrashRpt.dll C28E0AEC124902E948C554436C0EBBEBBA9FC91C906CE2CD887FADA0C64E3386
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: String function: 00416740 appears 60 times
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: String function: 004B77A0 appears 100 times
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: String function: 016D6DF0 appears 304 times
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: String function: 004B76D0 appears 36 times
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: String function: 0047BCF0 appears 141 times
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: String function: 00416740 appears 60 times
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: String function: 004B77A0 appears 101 times
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: String function: 01166DF0 appears 280 times
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: String function: 004B76D0 appears 36 times
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: String function: 0047BCF0 appears 141 times
                      Source: CrashRpt.dll.3.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                      Source: CrashRpt.dll.4.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
                      Source: 28.2.cmd.exe.59500c8.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 28.2.cmd.exe.59500c8.7.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 28.2.cmd.exe.59500c8.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 15.2.ManyCam.exe.9b525ce.8.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 25.2.Demowordpad.exe.2f4ea8a.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 28.2.cmd.exe.5352a8a.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 26.2.ManyCam.exe.9c419ce.10.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 28.2.cmd.exe.59500c8.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 28.2.cmd.exe.59500c8.7.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 28.2.cmd.exe.59500c8.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 19.2.cmd.exe.4f0aa8a.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 19.2.cmd.exe.4f50757.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 25.2.Demowordpad.exe.2f93b57.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 28.2.cmd.exe.5398757.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 26.2.ManyCam.exe.9c425ce.9.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 4.2.ManyCam.exe.9b929ce.9.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 25.2.Demowordpad.exe.2f94757.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 15.2.ManyCam.exe.9b0c901.9.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 4.2.ManyCam.exe.9b4d901.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 28.2.cmd.exe.5397b57.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 19.2.cmd.exe.59d00c8.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 19.2.cmd.exe.59d00c8.7.raw.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 19.2.cmd.exe.59d00c8.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 19.2.cmd.exe.59d00c8.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 19.2.cmd.exe.59d00c8.7.unpack, type: UNPACKEDPEMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: 19.2.cmd.exe.59d00c8.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 15.2.ManyCam.exe.9b519ce.10.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 19.2.cmd.exe.4f4fb57.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 26.2.ManyCam.exe.9bfc901.8.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 4.2.ManyCam.exe.9b935ce.10.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: 00000019.00000002.2927530214.0000000000457000.00000002.00000001.01000000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 0000001C.00000002.3387760105.0000000005950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: 00000013.00000002.2929009454.00000000059D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: Process Memory Space: cmd.exe PID: 1460, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: Process Memory Space: Demowordpad.exe PID: 2960, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: Process Memory Space: cmd.exe PID: 6472, type: MEMORYSTRMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: C:\Users\user\AppData\Local\Temp\krdqojnmbomp, type: DROPPEDMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: C:\Users\user\AppData\Local\Temp\krdqojnmbomp, type: DROPPEDMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: C:\Users\user\AppData\Local\Temp\krdqojnmbomp, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: C:\Users\user\AppData\Local\Temp\srpcrmxgav, type: DROPPEDMatched rule: Windows_Trojan_Remcos_b296e965 reference_sample = 0ebeffa44bd1c3603e30688ace84ea638fbcf485ca55ddcfd6fbe90609d4f3ed, os = windows, severity = x86, creation_date = 2021-06-10, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Remcos, fingerprint = a5267bc2dee28a3ef58beeb7e4a151699e3e561c16ce0ab9eb27de33c122664d, id = b296e965-a99e-4446-b969-ba233a2a8af4, last_modified = 2021-08-23
                      Source: C:\Users\user\AppData\Local\Temp\srpcrmxgav, type: DROPPEDMatched rule: REMCOS_RAT_variants Description = Detects multiple variants of REMCOS seen in the wild. Created by modifying and combining several of Florian\'s recent REMCOS ruleset. This rule aims for broader detection than the original ruleset, which used separate rules for each variant. If you do decide to break it into individual rules, the YARA strings variable names are grouped by the REMCOS variant type., Website = https://www.deadbits.org, Date = 2019-07-18, Repo = https://github.com/deadbits/yara-rules, Author = Adam M. Swanda
                      Source: C:\Users\user\AppData\Local\Temp\srpcrmxgav, type: DROPPEDMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                      Source: classification engineClassification label: mal100.troj.expl.evad.winMSI@23/43@0/0
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_004B7920 GetLastError,FormatMessageW,GlobalFree,4_2_004B7920
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_004B2100 CoCreateInstance,4_2_004B2100
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_00488A00 FindResourceW,GetLastError,SizeofResource,GetLastError,GetLastError,4_2_00488A00
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CML26CA.tmpJump to behavior
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5140:120:WilError_03
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF922745D2A5985678.TMPJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: 62f928.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 88.31%
                      Source: 62f928.msiVirustotal: Detection: 16%
                      Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\62f928.msi"
                      Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Regma\ManyCam.exe "C:\Users\user\AppData\Local\Regma\ManyCam.exe"
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Local\Regma\ManyCam.exe"
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeProcess created: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe"
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\Demowordpad.exe C:\Users\user\AppData\Local\Temp\Demowordpad.exe
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe "C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe"
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe"
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exe
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\Demowordpad.exe C:\Users\user\AppData\Local\Temp\Demowordpad.exe
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Regma\ManyCam.exe "C:\Users\user\AppData\Local\Regma\ManyCam.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Local\Regma\ManyCam.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeProcess created: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\Demowordpad.exe C:\Users\user\AppData\Local\Temp\Demowordpad.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\Demowordpad.exe C:\Users\user\AppData\Local\Temp\Demowordpad.exeJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: cximagecrt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: cxcore099.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: cv099.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: highgui099.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: crashrpt.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: opengl32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: glu32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: glu32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: avifil32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: avicap32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: msvfw32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: msacm32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: winmmbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: winmmbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: pla.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: pdh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: tdh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: wevtapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: shdocvw.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\System32\pcaui.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\System32\pcaui.exeSection loaded: pcaui.dllJump to behavior
                      Source: C:\Windows\System32\pcaui.exeSection loaded: dui70.dllJump to behavior
                      Source: C:\Windows\System32\pcaui.exeSection loaded: wer.dllJump to behavior
                      Source: C:\Windows\System32\pcaui.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: cximagecrt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: cxcore099.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: cv099.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: highgui099.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: crashrpt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: opengl32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: glu32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: glu32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: avifil32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: avicap32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: msvfw32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: msvfw32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: msacm32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: msvfw32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: winmmbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: winmmbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: pla.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: pdh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: tdh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: wevtapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: shdocvw.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\pcaui.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\System32\pcaui.exeSection loaded: pcaui.dllJump to behavior
                      Source: C:\Windows\System32\pcaui.exeSection loaded: dui70.dllJump to behavior
                      Source: C:\Windows\System32\pcaui.exeSection loaded: wer.dllJump to behavior
                      Source: C:\Windows\System32\pcaui.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: linkinfo.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntshrui.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cscapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: bitsproxy.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Demowordpad.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Demowordpad.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Demowordpad.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Demowordpad.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Demowordpad.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Demowordpad.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Demowordpad.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Demowordpad.exeSection loaded: shdocvw.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: cximagecrt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: cxcore099.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: cv099.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: highgui099.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: crashrpt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: opengl32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: glu32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: glu32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: avifil32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: avicap32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: msvfw32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: msvfw32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: msacm32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: msvfw32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: winmmbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: winmmbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: pla.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: pdh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: tdh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: wevtapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: shdocvw.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\System32\pcaui.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Windows\System32\pcaui.exeSection loaded: pcaui.dllJump to behavior
                      Source: C:\Windows\System32\pcaui.exeSection loaded: dui70.dllJump to behavior
                      Source: C:\Windows\System32\pcaui.exeSection loaded: wer.dllJump to behavior
                      Source: C:\Windows\System32\pcaui.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
                      Source: wwaxt.19.drLNK file: ..\..\Roaming\SyncvalidKil3\ManyCam.exe
                      Source: 62f928.msiStatic file information: File size 2957312 > 1048576
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
                      Source: Binary string: d:\branch_2.5\bin\cximagecrt.pdb0 source: ManyCam.exe, 00000004.00000002.2385618467.0000000010062000.00000002.00000001.01000000.00000004.sdmp, ManyCam.exe, 0000000F.00000002.2647092406.0000000010062000.00000002.00000001.01000000.0000000D.sdmp, ManyCam.exe, 0000001A.00000002.3214938143.0000000010062000.00000002.00000001.01000000.0000000D.sdmp, cximagecrt.dll.3.dr
                      Source: Binary string: d:\branch_2.5\bin\cximagecrt.pdb source: ManyCam.exe, 00000004.00000002.2385618467.0000000010062000.00000002.00000001.01000000.00000004.sdmp, ManyCam.exe, 0000000F.00000002.2647092406.0000000010062000.00000002.00000001.01000000.0000000D.sdmp, ManyCam.exe, 0000001A.00000002.3214938143.0000000010062000.00000002.00000001.01000000.0000000D.sdmp, cximagecrt.dll.3.dr
                      Source: Binary string: tracefmt.pdb source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000000.2843853626.00000000000E1000.00000020.00000001.01000000.00000016.sdmp, Demowordpad.exe, 00000019.00000002.2927208005.00000000000E1000.00000020.00000001.01000000.00000016.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000021.00000002.3385818366.00000000000E1000.00000020.00000001.01000000.00000016.sdmp
                      Source: Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb8` source: ManyCam.exe, 0000000F.00000002.2640900189.000000000185D000.00000002.00000001.01000000.00000012.sdmp, ManyCam.exe, 0000001A.00000002.3209857150.0000000000D8D000.00000002.00000001.01000000.00000012.sdmp, highgui099.dll.3.dr
                      Source: Binary string: c:\Program Files\OpenCV\bin\cxcore099.pdb source: ManyCam.exe, 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmp, ManyCam.exe, 0000000F.00000002.2640115558.00000000011D1000.00000002.00000001.01000000.0000000E.sdmp, ManyCam.exe, 0000001A.00000002.3209116933.0000000000BC1000.00000002.00000001.01000000.0000000E.sdmp
                      Source: Binary string: \tracef@mt.pdbv source: ManyCam.exe, 00000004.00000002.2382949102.0000000009843000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645530055.000000000997E000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213620478.0000000009A71000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdbUGP source: ManyCam.exe, 00000004.00000002.2384692934.000000000A000000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.2384125666.0000000009CAB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645938626.0000000009C6B000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2646367318.0000000009FC0000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2646569631.000000000A37D000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928027730.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928401666.0000000005060000.00000004.00001000.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928454078.00000000030A0000.00000004.00001000.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928110123.0000000002B9E000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3214442930.000000000A46E000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3214231631.000000000A0B0000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213896105.0000000009D58000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387399217.00000000054A0000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3386847725.0000000004FA8000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: ManyCam.exe, 00000004.00000002.2384692934.000000000A000000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.2384125666.0000000009CAB000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645938626.0000000009C6B000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2646367318.0000000009FC0000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2646569631.000000000A37D000.00000004.00000001.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928027730.0000000004B51000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928401666.0000000005060000.00000004.00001000.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928454078.00000000030A0000.00000004.00001000.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928110123.0000000002B9E000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3214442930.000000000A46E000.00000004.00000001.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3214231631.000000000A0B0000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213896105.0000000009D58000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387399217.00000000054A0000.00000004.00001000.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3386847725.0000000004FA8000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: .pdbload <modname> - you must specify a module to load source: ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000000.2843853626.00000000000E1000.00000020.00000001.01000000.00000016.sdmp, Demowordpad.exe, 00000019.00000002.2927208005.00000000000E1000.00000020.00000001.01000000.00000016.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000021.00000002.3385818366.00000000000E1000.00000020.00000001.01000000.00000016.sdmp
                      Source: Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb8`} source: ManyCam.exe, 00000004.00000002.2378044776.00000000017CD000.00000002.00000001.01000000.00000008.sdmp
                      Source: Binary string: c:\Program Files\OpenCV\bin\highgui099.pdb source: ManyCam.exe, 00000004.00000002.2378044776.00000000017CD000.00000002.00000001.01000000.00000008.sdmp, ManyCam.exe, 0000000F.00000002.2640900189.000000000185D000.00000002.00000001.01000000.00000012.sdmp, ManyCam.exe, 0000001A.00000002.3209857150.0000000000D8D000.00000002.00000001.01000000.00000012.sdmp, highgui099.dll.3.dr
                      Source: Binary string: c:\Program Files\OpenCV\bin\cv099.pdb source: ManyCam.exe, 00000004.00000003.2373737632.0000000000C11000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.2378309489.000000000187F000.00000002.00000001.01000000.00000009.sdmp, ManyCam.exe, 0000000F.00000002.2640529435.00000000012AF000.00000002.00000001.01000000.00000011.sdmp, ManyCam.exe, 0000001A.00000002.3209564446.0000000000D1F000.00000002.00000001.01000000.00000011.sdmp, cv099.dll.4.dr
                      Source: Binary string: c:\Program Files\OpenCV\bin\cxcore099.pdbu source: ManyCam.exe, 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmp, ManyCam.exe, 0000000F.00000002.2640115558.00000000011D1000.00000002.00000001.01000000.0000000E.sdmp, ManyCam.exe, 0000001A.00000002.3209116933.0000000000BC1000.00000002.00000001.01000000.0000000E.sdmp
                      Source: Binary string: d:\branch_2.5\bin\ManyCam.pdb source: ManyCam.exe, 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000003.2375015382.0000000000C11000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000000.2151979907.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.dr
                      Source: Binary string: d:\branch_2.5\Bin\CrashRpt.pdb source: ManyCam.exe, 00000004.00000002.2378693094.0000000002012000.00000002.00000001.01000000.00000005.sdmp, ManyCam.exe, 0000000F.00000002.2641911704.0000000002012000.00000002.00000001.01000000.0000000F.sdmp, ManyCam.exe, 0000001A.00000002.3210844805.0000000002012000.00000002.00000001.01000000.0000000F.sdmp
                      Source: Binary string: dbghelp.pdb source: ManyCam.exe, 00000004.00000002.2386054055.000000006D511000.00000020.00000001.01000000.00000006.sdmp, ManyCam.exe, 0000000F.00000002.2647197974.000000006D511000.00000020.00000001.01000000.00000010.sdmp, ManyCam.exe, 0000001A.00000002.3215308587.000000006D511000.00000020.00000001.01000000.00000010.sdmp
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_0052309D IsProcessorFeaturePresent,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,InterlockedCompareExchange,GetProcessHeap,HeapFree,4_2_0052309D
                      Source: krdqojnmbomp.19.drStatic PE information: real checksum: 0x0 should be: 0x7afa9
                      Source: cxcore099.dll.3.drStatic PE information: real checksum: 0xe6401 should be: 0xe3cd7
                      Source: cxcore099.dll.4.drStatic PE information: real checksum: 0xe6401 should be: 0xe3cd7
                      Source: srpcrmxgav.28.drStatic PE information: real checksum: 0x0 should be: 0x7afa9
                      Source: krdqojnmbomp.19.drStatic PE information: section name: nrdpr
                      Source: srpcrmxgav.28.drStatic PE information: section name: nrdpr
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_005242D1 push ecx; ret 4_2_005242E4
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_01740361 push ecx; ret 4_2_01740374
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_005242D1 push ecx; ret 15_2_005242E4
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_011D0361 push ecx; ret 15_2_011D0374
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Regma\cxcore099.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Regma\CrashRpt.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\SyncvalidKil3\highgui099.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\srpcrmxgavJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Regma\cv099.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\SyncvalidKil3\CrashRpt.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\SyncvalidKil3\cv099.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\Demowordpad.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\SyncvalidKil3\dbghelp.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Regma\ManyCam.exeJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Regma\dbghelp.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\SyncvalidKil3\cximagecrt.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeFile created: C:\Users\user\AppData\Roaming\SyncvalidKil3\cxcore099.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\krdqojnmbompJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Regma\cximagecrt.dllJump to dropped file
                      Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Local\Regma\highgui099.dllJump to dropped file
                      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\krdqojnmbompJump to dropped file
                      Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\srpcrmxgavJump to dropped file

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Found hidden mapped module (file has been removed from disk)
                      Source: C:\Windows\SysWOW64\cmd.exeModule Loaded: C:\USERS\user\APPDATA\LOCAL\TEMP\KRDQOJNMBOMP
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Switches to a custom stack to bypass stack traces
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeAPI/Special instruction interceptor: Address: 6C897C44
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeAPI/Special instruction interceptor: Address: 6C897C44
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeAPI/Special instruction interceptor: Address: 6C897945
                      Source: C:\Windows\SysWOW64\cmd.exeAPI/Special instruction interceptor: Address: 6C893B54
                      Source: C:\Users\user\AppData\Local\Temp\Demowordpad.exeAPI/Special instruction interceptor: Address: 1288A6
                      Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\srpcrmxgavJump to dropped file
                      Source: C:\Windows\SysWOW64\cmd.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\krdqojnmbompJump to dropped file
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeAPI coverage: 0.3 %
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeAPI coverage: 0.3 %
                      Source: C:\Windows\SysWOW64\cmd.exeLast function: Thread delayed
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_004164A0 lstrlenW,FindFirstFileW,GetFullPathNameW,SetLastError,4_2_004164A0
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_004164A0 lstrlenW,FindFirstFileW,GetFullPathNameW,SetLastError,15_2_004164A0
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_0173D5E0 GetSystemInfo,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,QueryPerformanceFrequency,4_2_0173D5E0
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noreply@vmware.com0
                      Source: cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0
                      Source: ManyCam.exe, 0000001A.00000002.3213620478.0000000009A71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6vmware
                      Source: cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1!0
                      Source: cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://www.vmware.com/0/
                      Source: cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.1
                      Source: cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware, Inc.0
                      Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior

                      Anti Debugging

                      barindex
                      Found API chain indicative of debugger detection
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeDebugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleepgraph_4-50275
                      Source: C:\Users\user\AppData\Local\Temp\Demowordpad.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_00523722 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,4_2_00523722
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_0052309D IsProcessorFeaturePresent,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcessHeap,GetProcessHeap,HeapAlloc,InterlockedCompareExchange,GetProcessHeap,HeapFree,4_2_0052309D
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_00523077 GetProcessHeap,HeapFree,4_2_00523077
                      Source: C:\Windows\System32\msiexec.exeProcess created: C:\Users\user\AppData\Local\Regma\ManyCam.exe "C:\Users\user\AppData\Local\Regma\ManyCam.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_00523722 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,4_2_00523722
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeCode function: 15_2_00523722 IsDebuggerPresent,_crt_debugger_hook,SetUnhandledExceptionFilter,UnhandledExceptionFilter,_crt_debugger_hook,GetCurrentProcess,TerminateProcess,15_2_00523722

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Found direct / indirect Syscall (likely to bypass EDR)
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeNtQuerySystemInformation: Direct from: 0x173FFC0Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeNtProtectVirtualMemory: Direct from: 0x6D172E48Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeNtProtectVirtualMemory: Direct from: 0x6C802970Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Demowordpad.exeNtQuerySystemInformation: Direct from: 0x2EFF020Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeNtQuerySystemInformation: Direct from: 0x11CFFC0Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeNtQuerySystemInformation: Direct from: 0xBBFFC0Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Demowordpad.exeNtCreateFile: Direct from: 0x128C30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeNtSetInformationThread: Direct from: 0x6D51245DJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Demowordpad.exeNtSetInformationProcess: Direct from: 0x77377B2EJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Demowordpad.exeNtAllocateVirtualMemory: Direct from: 0x129B63Jump to behavior
                      Maps a DLL or memory area into another process
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: NULL target: C:\Users\user\AppData\Local\Temp\Demowordpad.exe protection: read writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeSection loaded: NULL target: C:\Windows\SysWOW64\cmd.exe protection: read writeJump to behavior
                      Writes to foreign memory regions
                      Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\Demowordpad.exe base: 125F4FJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\Demowordpad.exe base: C98008Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeMemory written: C:\Users\user\AppData\Local\Temp\Demowordpad.exe base: 400000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\Demowordpad.exe C:\Users\user\AppData\Local\Temp\Demowordpad.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cmd.exeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\Demowordpad.exe C:\Users\user\AppData\Local\Temp\Demowordpad.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\local\regma\manycam.exe"
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\roaming\syncvalidkil3\manycam.exe"
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\roaming\syncvalidkil3\manycam.exe"
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\local\regma\manycam.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\roaming\syncvalidkil3\manycam.exe"Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exeProcess created: C:\Windows\System32\pcaui.exe "c:\windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "manycam" -v "manycam llc" -s "to work properly, this app must be reinstalled after you upgrade windows." -n 4 -f 0 -k 0 -e "c:\users\user\appdata\roaming\syncvalidkil3\manycam.exe"Jump to behavior
                      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_00524748 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,4_2_00524748
                      Source: C:\Users\user\AppData\Local\Regma\ManyCam.exeCode function: 4_2_004170D0 memset,GetVersionExW,4_2_004170D0

                      Stealing of Sensitive Information

                      barindex
                      Yara detected Remcos RAT
                      Source: Yara matchFile source: 28.2.cmd.exe.59500c8.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 28.2.cmd.exe.59500c8.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.cmd.exe.59d00c8.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.cmd.exe.59d00c8.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000019.00000002.2927530214.0000000000457000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001C.00000002.3387760105.0000000005950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.2929009454.00000000059D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 1460, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Demowordpad.exe PID: 2960, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 6472, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\krdqojnmbomp, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\srpcrmxgav, type: DROPPED

                      Remote Access Functionality

                      barindex
                      Yara detected Remcos RAT
                      Source: Yara matchFile source: 28.2.cmd.exe.59500c8.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 28.2.cmd.exe.59500c8.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.cmd.exe.59d00c8.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 19.2.cmd.exe.59d00c8.7.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000019.00000002.2927530214.0000000000457000.00000002.00000001.01000000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000001C.00000002.3387760105.0000000005950000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000013.00000002.2929009454.00000000059D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 1460, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Demowordpad.exe PID: 2960, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: cmd.exe PID: 6472, type: MEMORYSTR
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\krdqojnmbomp, type: DROPPED
                      Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\srpcrmxgav, type: DROPPED

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire Infrastructure1
                      Replication Through Removable Media                      		1
                      Command and Scripting Interpreter                      		11
                      DLL Side-Loading                      		211
                      Process Injection                      		21
                      Masquerading                      		OS Credential Dumping1
                      System Time Discovery                      		Remote Services11
                      Archive Collected Data                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Native API                      		Boot or Logon Initialization Scripts1
                      Abuse Elevation Control Mechanism                      		1
                      Disable or Modify Tools                      		LSASS Memory231
                      Security Software Discovery                      		Remote Desktop ProtocolData from Removable Media1
                      Application Layer Protocol                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)11
                      DLL Side-Loading                      		11
                      Virtualization/Sandbox Evasion                      		Security Account Manager11
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook211
                      Process Injection                      		NTDS1
                      Process Discovery                      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information                      		LSA Secrets11
                      Peripheral Device Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Abuse Elevation Control Mechanism                      		Cached Domain Credentials3
                      File and Directory Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                      Obfuscated Files or Information                      		DCSync115
                      System Information Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                      DLL Side-Loading                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                      File Deletion                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 1579315 Sample: 62f928.msi Startdate: 21/12/2024 Architecture: WINDOWS Score: 100 67 Found malware configuration 2->67 69 Malicious sample detected (through community Yara rule) 2->69 71 Antivirus detection for dropped file 2->71 73 6 other signatures 2->73 9 msiexec.exe 83 43 2->9         started        12 ManyCam.exe 1 2->12         started        15 msiexec.exe 3 2->15         started        process3 file4 59 C:\Users\user\AppData\...\highgui099.dll, PE32 9->59 dropped 61 C:\Users\user\AppData\...\cximagecrt.dll, PE32 9->61 dropped 63 C:\Users\user\AppData\Local\...\cxcore099.dll, PE32 9->63 dropped 65 4 other files (3 malicious) 9->65 dropped 17 ManyCam.exe 10 9->17         started        101 Maps a DLL or memory area into another process 12->101 103 Found direct / indirect Syscall (likely to bypass EDR) 12->103 21 cmd.exe 2 12->21         started        23 pcaui.exe 12->23         started        signatures5 process6 file7 45 C:\Users\user\AppData\...\highgui099.dll, PE32 17->45 dropped 47 C:\Users\user\AppData\...\cximagecrt.dll, PE32 17->47 dropped 49 C:\Users\user\AppData\...\cxcore099.dll, PE32 17->49 dropped 53 4 other files (3 malicious) 17->53 dropped 75 Found API chain indicative of debugger detection 17->75 77 Switches to a custom stack to bypass stack traces 17->77 79 Found direct / indirect Syscall (likely to bypass EDR) 17->79 25 ManyCam.exe 1 17->25         started        28 pcaui.exe 17->28         started        51 C:\Users\user\AppData\Local\Temp\srpcrmxgav, PE32 21->51 dropped 30 conhost.exe 21->30         started        32 Demowordpad.exe 21->32         started        signatures8 process9 signatures10 93 Found API chain indicative of debugger detection 25->93 95 Maps a DLL or memory area into another process 25->95 97 Switches to a custom stack to bypass stack traces 25->97 99 Found direct / indirect Syscall (likely to bypass EDR) 25->99 34 cmd.exe 5 25->34         started        38 pcaui.exe 25->38         started        process11 file12 55 C:\Users\user\AppData\Local\...\krdqojnmbomp, PE32 34->55 dropped 57 C:\Users\user\AppData\...\Demowordpad.exe, PE32 34->57 dropped 81 Writes to foreign memory regions 34->81 83 Found hidden mapped module (file has been removed from disk) 34->83 85 Maps a DLL or memory area into another process 34->85 87 Switches to a custom stack to bypass stack traces 34->87 40 Demowordpad.exe 34->40         started        43 conhost.exe 34->43         started        signatures13 process14 signatures15 89 Switches to a custom stack to bypass stack traces 40->89 91 Found direct / indirect Syscall (likely to bypass EDR) 40->91

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      62f928.msi16%VirustotalBrowse
                      62f928.msi8%ReversingLabs

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Temp\srpcrmxgav100%AviraBDS/Backdoor.Gen
                      C:\Users\user\AppData\Local\Temp\krdqojnmbomp100%AviraBDS/Backdoor.Gen
                      C:\Users\user\AppData\Local\Temp\srpcrmxgav100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\krdqojnmbomp100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Regma\CrashRpt.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Regma\ManyCam.exe0%ReversingLabs
                      C:\Users\user\AppData\Local\Regma\cv099.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Regma\cxcore099.dll5%ReversingLabs
                      C:\Users\user\AppData\Local\Regma\cximagecrt.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Regma\dbghelp.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Regma\highgui099.dll0%ReversingLabs
                      C:\Users\user\AppData\Local\Temp\Demowordpad.exe0%ReversingLabs
                      C:\Users\user\AppData\Roaming\SyncvalidKil3\CrashRpt.dll0%ReversingLabs
                      C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe0%ReversingLabs
                      C:\Users\user\AppData\Roaming\SyncvalidKil3\cv099.dll0%ReversingLabs
                      C:\Users\user\AppData\Roaming\SyncvalidKil3\cxcore099.dll5%ReversingLabs
                      C:\Users\user\AppData\Roaming\SyncvalidKil3\cximagecrt.dll0%ReversingLabs
                      C:\Users\user\AppData\Roaming\SyncvalidKil3\dbghelp.dll0%ReversingLabs
                      C:\Users\user\AppData\Roaming\SyncvalidKil3\highgui099.dll0%ReversingLabs

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      No Antivirus matches

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      fp2e7a.wpc.phicdn.net
                      		192.229.221.95
                      		truefalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        adminitpal.comtrue
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://www.manycam.com/codecManyCam.exe, ManyCam.exe, 0000000F.00000002.2639408265.00000000005A4000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946945665.00000000005A4000.00000002.00000001.01000000.0000000C.sdmpfalse
                            		unknown
                            http://crl.mManyCam.exe, 00000004.00000002.2382949102.0000000009843000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645530055.000000000997E000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213620478.0000000009A71000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://www.manycam.com/codecVerdanaToManyCam.exe, 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.2151979907.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drfalse
                                		unknown
                                https://www.digicert.cManyCam.exe, 00000004.00000002.2382949102.0000000009843000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645530055.000000000997E000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213620478.0000000009A71000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://www.vmware.com/0ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.manycam.com/help/effects/snapshot/theseManyCam.exe, 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.2151979907.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drfalse
                                      		unknown
                                      http://www.manycam.com/codecVerdanaThisManyCam.exe, 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.2151979907.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drfalse
                                        		unknown
                                        http://www.symauth.com/rpa00ManyCam.exe, 00000004.00000002.2382949102.0000000009843000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645530055.000000000997E000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213620478.0000000009A71000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://manycam.com/help/effectsManyCam.exe, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drfalse
                                            		high
                                            http://manycam.com/upload_effect?filepath=ManyCamManyCam.exe, 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.2151979907.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drfalse
                                              		high
                                              http://www.manycam.com0ManyCam.exe, 00000004.00000003.2375015382.0000000000C11000.00000004.00000020.00020000.00000000.sdmp, cximagecrt.dll.3.drfalse
                                                		unknown
                                                http://download.manycam.comVerdanaThisManyCam.exe, 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.2151979907.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drfalse
                                                  		unknown
                                                  http://www.info-zip.org/ManyCam.exe, 00000004.00000002.2383862619.0000000009AF0000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009AAF000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004EBB000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002EFF000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009B9F000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.0000000005303000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://download.manycam.comManyCam.exe, 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000003.2375015382.0000000000C11000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2639408265.00000000005A4000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946945665.00000000005A4000.00000002.00000001.01000000.0000000C.sdmpfalse
                                                      		unknown
                                                      http://www.manycam.comhttp://manycam.com/feedback/?version=%sAnchorManyCam.exe, 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.2151979907.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drfalse
                                                        		unknown
                                                        http://www.vmware.com/0/ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://download.manycam.com/effects/%s/%s?v=%sBackgroundsDynamicDynamicManyCam.exe, 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.2151979907.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drfalse
                                                            		unknown
                                                            http://download.manycam.com/effects/%s/%s?v=%sManyCamManyCam.exe, 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.2151979907.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drfalse
                                                              		unknown
                                                              http://download.manycam.comNewManyCam.exe, 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 00000004.00000000.2151979907.000000000053B000.00000002.00000001.01000000.00000003.sdmp, ManyCam.exe, 0000000F.00000000.2376267252.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000000F.00000002.2639043702.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946855490.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000002.3208311962.000000000053B000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drfalse
                                                                		unknown
                                                                http://c0rl.m%LManyCam.exe, 0000001A.00000002.3213620478.0000000009A71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.symauth.com/cps0(ManyCam.exe, 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, ManyCam.exe, 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Demowordpad.exe, 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, ManyCam.exe, 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.manycam.comManyCam.exe, ManyCam.exe, 0000000F.00000002.2639408265.00000000005A4000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe, 0000001A.00000000.2946945665.00000000005A4000.00000002.00000001.01000000.0000000C.sdmp, ManyCam.exe.3.drfalse
                                                                      		unknown
                                                                      http://manycam.com/feedback/?version=%sManyCam.exefalse
                                                                        		high

                                                                        World Map of Contacted IPs

                                                                        No contacted IP infos

                                                                        General Information

                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                        Analysis ID:1579315
                                                                        Start date and time:2024-12-21 15:01:10 +01:00
                                                                        Joe Sandbox product:CloudBasic
                                                                        Overall analysis duration:0h 9m 9s
                                                                        Hypervisor based Inspection enabled:false
                                                                        Report type:full
                                                                        Cookbook file name:default.jbs
                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                        Number of analysed new started processes analysed:34
                                                                        Number of new started drivers analysed:0
                                                                        Number of existing processes analysed:0
                                                                        Number of existing drivers analysed:0
                                                                        Number of injected processes analysed:0
                                                                        Technologies:
                                                                        • HCA enabled
                                                                        • EGA enabled
                                                                        • AMSI enabled
                                                                        Analysis Mode:default
                                                                        Analysis stop reason:Timeout
                                                                        Sample name:62f928.msi
                                                                        Detection:MAL
                                                                        Classification:mal100.troj.expl.evad.winMSI@23/43@0/0
                                                                        EGA Information:
                                                                        • Successful, ratio: 100%
                                                                        HCA Information:
                                                                        • Successful, ratio: 100%
                                                                        • Number of executed functions: 2
                                                                        • Number of non-executed functions: 277
                                                                        Cookbook Comments:
                                                                        • Found application associated with file extension: .msi

                                                                        Warnings

                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                                        • Excluded IPs from analysis (whitelisted): 104.102.63.47, 20.190.147.7, 20.223.36.55, 2.16.158.187, 13.107.246.63, 2.16.158.75, 20.12.23.50, 20.31.169.57, 172.202.163.200
                                                                        • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, otelrules.azureedge.net, slscr.update.microsoft.com, e15275.d.akamaiedge.net, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, tse1.mm.bing.net, arc.msn.com, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, wildcard.weather.microsoft.com.edgekey.net, login.live.com, ocsp.edge.digicert.com
                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.

                                                                        Simulations

                                                                        Behavior and APIs

                                                                        TimeTypeDescription
                                                                        09:03:21API Interceptor1x Sleep call for process: cmd.exe modified
                                                                        15:03:02AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BIT8282.tmp
                                                                        15:03:15AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wizardpatch_AQF_test.lnk

                                                                        Joe Sandbox View / Context

                                                                        IPs

                                                                        No context

                                                                        Domains

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        fp2e7a.wpc.phicdn.netfile.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                        • 192.229.221.95
                                                                        P0RN-vidz.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                                                                        • 192.229.221.95
                                                                        uDTW3VjJJT.exeGet hashmaliciousLummaC, StealcBrowse
                                                                        • 192.229.221.95
                                                                        f4p4BwljZt.exeGet hashmaliciousLummaCBrowse
                                                                        • 192.229.221.95
                                                                        Qmg24kMXxU.exeGet hashmaliciousLummaC, StealcBrowse
                                                                        • 192.229.221.95
                                                                        hesaphareketi-20-12-2024-pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                        • 192.229.221.95
                                                                        LbtytfWpvx.vbsGet hashmaliciousRemcosBrowse
                                                                        • 192.229.221.95
                                                                        17345937653b107659e23b9c28725ee4827d5eb205eece8b9a5c90afbbb742a9832aaefaab913.dat-decoded.dllGet hashmaliciousUnknownBrowse
                                                                        • 192.229.221.95
                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC StealerBrowse
                                                                        • 192.229.221.95
                                                                        Payment_Failure_Notice_Office365_sdf_[13019].htmlGet hashmaliciousHTMLPhisherBrowse
                                                                        • 192.229.221.95

                                                                        ASNs

                                                                        No context

                                                                        JA3 Fingerprints

                                                                        No context

                                                                        Dropped Files

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        C:\Users\user\AppData\Local\Regma\CrashRpt.dll5gzbR4Yqta.msiGet hashmaliciousUnknownBrowse
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                            iieCxV2b1n.msiGet hashmaliciousRedLineBrowse
                                                                              kvW4hZu9JA.msiGet hashmaliciousUnknownBrowse
                                                                                PauizRq7By.msiGet hashmaliciousRHADAMANTHYSBrowse
                                                                                  XtDhwVrVKn.exeGet hashmaliciousUnknownBrowse
                                                                                    VqBVE8dJEA.exeGet hashmaliciousRemcosBrowse

                                                                                      Created / dropped Files

                                                                                      C:\Config.Msi\6e2516.rbs

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:modified
                                                                                      Size (bytes):9537
                                                                                      Entropy (8bit):5.647742204121744
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:K4X/bO9T+eIjmNUbkCPZCsThqbUbkCPZC6jR5NBThqaHqjruZLMwHGxccTCFpgB6:K4XM+efmbke8IBbke8UWYFp1
                                                                                      MD5:32F28B2174C381EB7735B6C7F47384E0
                                                                                      SHA1:B12A0C1244146B2AFC92EDBC0612D5C17892907B
                                                                                      SHA-256:6B382AE3D66AA5F6931E546715D9A0FC1EE7F3B9D7BB2B1FA1351D5544434157
                                                                                      SHA-512:AF7B157280722C0EC57162658D6BAE785C73D117035DD6E96931A7C9CD3387C34F23D9EE9973871F413B61EB5BADE7F9FBB40B89304ABB91537B915A204FDF55
                                                                                      Malicious:false
                                                                                      Preview:...@IXOS.@.....@BH.Y.@.....@.....@.....@.....@.....@......&.{9C7064B9-89ED-41DD-86B6-540DFCC59041}..Fossa..62f928.msi.@.....@.....@.....@........&.{6729BE5C-C13E-40DC-A40C-D2D5371CABA4}.....@.....@.....@.....@.......@.....@.....@.......@......Fossa......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{F800788E-DCA4-5100-A820-3F4CEFD20E64}&.{9C7064B9-89ED-41DD-86B6-540DFCC59041}.@......&.{1782F4E4-6DC7-5DBE-A28B-CB20DABBB6D7}&.{9C7064B9-89ED-41DD-86B6-540DFCC59041}.@......&.{985840A2-FB2C-5FE7-8DB3-EDB81A898EFE}&.{9C7064B9-89ED-41DD-86B6-540DFCC59041}.@......&.{FAFC2355-0E6C-5C42-94B1-101D403901E4}&.{9C7064B9-89ED-41DD-86B6-540DFCC59041}.@......&.{A4037ED7-170A-5910-B811-63FC091B599E}&.{9C7064B9-89ED-41DD-86B6-540DFCC59041}.@......&.{B0C8B2C7-466D-5BE5-A758-FF8055ACA3B5}&.{9C7064B9-89ED-41DD-86B6-540DFCC59041}.@......&.{376555A8-4F93-5351-9998-41FCD6402799}&.{9C7064B9-89ED-41DD-86B6-540DFCC59

                                                                                      C:\Users\user\AppData\Local\Regma\CrashRpt.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):123976
                                                                                      Entropy (8bit):6.382577198291231
                                                                                      Encrypted:false
                                                                                      SSDEEP:3072:fzjKVg7GOfS5SqPcCXA4SQlah+8Z4OAAHWTtopW+Z:fzjKVg7GOESqPcCXxT8hhZ4OAAHW2Wa
                                                                                      MD5:B2D1F5E4A1F0E8D85F0A8AEB7B8148C7
                                                                                      SHA1:871078213FCC0CE143F518BD69CAA3156B385415
                                                                                      SHA-256:C28E0AEC124902E948C554436C0EBBEBBA9FC91C906CE2CD887FADA0C64E3386
                                                                                      SHA-512:1F6D97E02CD684CF4F4554B0E819196BD2811E19B964A680332268BCBB6DEE0E17B2B35B6E66F0FE5622DFFB0A734F39F8E49637A38E4FE7F10D3B5182B30260
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Joe Sandbox View:
                                                                                      • Filename: 5gzbR4Yqta.msi, Detection: malicious, Browse
                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                      • Filename: iieCxV2b1n.msi, Detection: malicious, Browse
                                                                                      • Filename: kvW4hZu9JA.msi, Detection: malicious, Browse
                                                                                      • Filename: PauizRq7By.msi, Detection: malicious, Browse
                                                                                      • Filename: XtDhwVrVKn.exe, Detection: malicious, Browse
                                                                                      • Filename: VqBVE8dJEA.exe, Detection: malicious, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................W.....U.....U.............U.......U.......U.....U.....U....Rich....................PE..L.....M...........!................'........ ......................................Gb..............................P........t..........d%..............H...........`$..............................0W..@............ ...............................text...8........................... ..`.rdata../l... ...n..................@..@.data...t...........................@....rsrc...d%.......&..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Regma\ManyCam.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):1756232
                                                                                      Entropy (8bit):6.047140524753333
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:wlkcF8MnJ6tdGeHzpNTxlSvQynZAWBM2FU+SrzcBsWLZF5:wlf8MnJ6tdGeHzpNTxlSvfnOWC6U5Ed5
                                                                                      MD5:BA699791249C311883BAA8CE3432703B
                                                                                      SHA1:F8734601F9397CB5EBB8872AF03F5B0639C2EAC6
                                                                                      SHA-256:7C4EB51A737A81C163F95B50EC54518B82FCF91389D0560E855F3E26CEC07282
                                                                                      SHA-512:6A0386424C61FBF525625EBE53BB2193ACCD51C2BE9A2527FD567D0A6E112B0D1A047D8F7266D706B726E9C41EA77496E1EDE186A5E59F5311EEEA829A302325
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3...R..R..R..f]..R..2...R....R....R....R....R..R..Q.....R....R....R..Rich.R..........................PE..L...e..M............................|B............@.................................f.........P......................................@..................H............................................d..@............................................text...b........................... ..`.rdata..B...........................@..@.data........P.......P..............@....rsrc........@......................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Regma\cv099.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):679936
                                                                                      Entropy (8bit):6.674616014554414
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:dHxL34kbwAQR5+ERTJGZfnpyvhZFjtJbPbwQjtX5ooVyPMDFdqvGHjucsEUNwm/7:dzbwAQR57RJGoxjP7/2+HINwwb
                                                                                      MD5:2A8B33FEE2F84490D52A3A7C75254971
                                                                                      SHA1:16CE2B1632A17949B92CE32A6211296FEE431DCA
                                                                                      SHA-256:FAFF6A0745E1720413A028F77583FFF013C3F4682756DC717A0549F1BE3FEFC2
                                                                                      SHA-512:8DAF104582547D6B3A6D8698836E279D88AD9A870E9FDD66C319ECADA3757A3997F411976461ED30A5D24436BAA7504355B49D4ACEC2F7CDFE10E1E392E0F7FB
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.IO.q'..q'..q'...Y..q'.:.J..q'.:.Z..q'.:.\..q'..q&..q'.:.I.#q'.:.]..q'.:.[..q'.:._..q'.Rich.q'.........PE..L.....YM...........!.........p..........................................................................................a+......P.......,.......................T9..P...................................@...............,............................text............................... ..`.rdata..............................@..@.data...........0..................@....rsrc...,...........................@..@.reloc...:.......@... ..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Regma\cxcore099.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):929792
                                                                                      Entropy (8bit):6.883051393212028
                                                                                      Encrypted:false
                                                                                      SSDEEP:24576:MNohaQGpXDCfZCgs1ruSteHz3+AlEOyIrbv1yw:0msgUeTAIrbb
                                                                                      MD5:60AD2FC365DC3DE0CE1FD191ACC6A0B0
                                                                                      SHA1:8C85BF1B8734B150CF2AFDFE64C1227DBEF25393
                                                                                      SHA-256:CF58A2F246D7D081986B44B14ABC810C256C4F594738659E522476BCD7977D8C
                                                                                      SHA-512:65B093547569A4C06028EC723BE3D562102153741BD71A0DC6A16A2E96D56CB2101F5D1EBEDDB235C570A12EC5834AA5F8529BF446DFC31F677D6150319BF65B
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 5%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................&......&......&............&......&......&......&.....Rich...........PE..L...w.YM...........!......... .......................................................d..................................b(......d....@..4....................P...d......................................@...............H............................text............................... ..`.rdata..b/.......0..................@..@.data........@...p...@..............@....rsrc...4....@......................@..@.reloc...g...P...p..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Regma\cximagecrt.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):498760
                                                                                      Entropy (8bit):6.674124910838454
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:fJaqPgrHZx0Cxn0P5ASCH8aH6IAC+tITsQ8p:fkqPgr5x0Cxn0P5ASCH8aaIACDTx8p
                                                                                      MD5:C36F6E088C6457A43ADB7EDCD17803F3
                                                                                      SHA1:B25B9FB4C10B8421C8762C7E7B3747113D5702DE
                                                                                      SHA-256:8E1243454A29998CC7DC89CAECFADC0D29E00E5776A8B5777633238B8CD66F72
                                                                                      SHA-512:87CAD4C3059BD7DE02338922CF14E515AF5CAD663D473B19DD66A4C8BEFC8BCE61C9C2B5A14671BC71951FDFF345E4CA7A799250D622E2C9236EC03D74D4FE4E
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B2/..SA[.SA[.SA[..?[.SA[!.<[.SA[!.:[.SA[.S@[.SA[!.,[ISA[!./["SA[!.;[.SA[!.9[.SA[Rich.SA[................PE..L......M...........!.........`......]........ ......................................a!..................................#U..t...x....@..................H....P... ..p"..............................@...@............ ..X............................text............................... ..`.rdata....... ....... ..............@..@.data...<....0.......0..............@....rsrc........@.......@..............@..@.reloc..n!...P...0...P..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Regma\dbghelp.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):489984
                                                                                      Entropy (8bit):6.620591640062086
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:p3KP8f7yHkluOutwm5ZNetC5IlhhMUyFWgQK7x5Iz4JxRRAuUzT/9cl84S683WbX:psX5ZNG2y1ycw5IGxRwVc6683WbXn
                                                                                      MD5:E458D88C71990F545EF941CD16080BAD
                                                                                      SHA1:CD24CCEC2493B64904CF3C139CD8D58D28D5993B
                                                                                      SHA-256:5EC121730240548A85B7EF1F7E30D5FDBEE153BB20DD92C2D44BF37395294EC0
                                                                                      SHA-512:B1755E3DB10B1D12D6EAFFD1D91F5CA5E0F9F8AE1350675BC44AE7A4AF4A48090A9828A8ACBBC69C5813EAC23E02576478113821CB2E04B6288E422F923B446F
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$..`..`..`.....I.....b..`........k......g.....p.....a......a.....w.....a..Rich`..........PE..L.....m=...........!................5l............Qm................................................................0.......$...x....P.......................`...K..@................................................................................text............................... ..`.data...,@.......*..................@....rsrc........P......................@..@.reloc...e...`...f..................@..B..m=8...(.m=C...(.m=P.......Z...(.m=f...).m=s...........msvcrt.dll.KERNEL32.dll.NTDLL.DLL.VERSION.dll.ADVAPI32.dll.RPCRT4.dll...................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Regma\highgui099.dll

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):397312
                                                                                      Entropy (8bit):6.672405371278951
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:J+7gXTkVRt1dixRtVq2EjMS2E7ETstO/:JlTeRt1dSzd4MSUTsO/
                                                                                      MD5:A354C42FCB37A50ECAD8DDE250F6119E
                                                                                      SHA1:0EB4AD5E90D28A4A8553D82CEC53072279AF1961
                                                                                      SHA-256:89DB6973F4EC5859792BCD8A50CD10DB6B847613F2CEA5ADEF740EEC141673B2
                                                                                      SHA-512:981C82F6334961C54C80009B14A0C2CD48067BAF6D502560D508BE86F5185374A422609C7FDC9A2CDE9B98A7061EFAB7FD9B1F4F421436A9112833122BC35059
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r|..6...6...6......4......;......5....;..n......#...6..........."......7......7......7...Rich6...........PE..L.....YM...........!.........@......y........................................ .......r.............................. K..F....9..........d........................#..`...................................................D............................text............................... ..`.rdata..f...........................@..@.data...0r...`...p...`..............@....rsrc...d...........................@..@.reloc...$.......0..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Regma\sobrt

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:JSON data
                                                                                      Category:dropped
                                                                                      Size (bytes):53242
                                                                                      Entropy (8bit):4.59606276262123
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:BMYPBv4tsCv6qQZLXaDGjv7p3r0W3iS716ajXbVNs6wGyNMS2jeJ0+9MkuGJGo2G:ZAvCqu+w7p/ySjLVm6pFvpkls/2yc
                                                                                      MD5:5BA0E4EF5BB61DB3B1554A108118ED45
                                                                                      SHA1:1004DB2678BAA94E1A9F99E767673514B0122A21
                                                                                      SHA-256:D26373617C8EF46DAA7482688B17AE8153A633EA2FE75053282F0F4308903F57
                                                                                      SHA-512:62B43ECC1DC6F5D58283B164278B01FE5FB00963D712D3D4ED5B97FCB22C7C46010142FFE65C2DF74B80EDD6E48754FDDF446F23DC28787DC008E156D3F54B3C
                                                                                      Malicious:false
                                                                                      Preview:[]YiFZx...X...HZ.W....v.R.MJ...m[X...Ko..O..I^..r.BX.nVO.....F.AS..HTj..mF_Ro.v.S..\.Y..`.R.u...Bg.jOL..q.X..vHQgP..`..GUKu.g.....j...H...`........l...qwapN...LPD.f..K.guO.Q..Y.JKrn...B.w.dV.].rGk.l.I.c.SBQ.D..woH..o...iR.t.Pi..Sg.kK..a..G..c.AC...Ka..BE.B.C.L.K.Fo.....`..k.dr....qd.uK.....o..vr.[E.`XFI.d..omgi.P^GM..B.NyNnGT..f.O.b..[Cm.Frl...]x.\..oj.WhM.U.wPmjChQ.^.....L..Y.Yt.d...O..C_E...UH..T...r_.QIL.T.g.xgNC..cq..K..\w...U.`.r_..Q....S..W`Q..Q.._...E.F.[.Fv..g..L^xcv.`.jA...m.Ni...MqA..j.g\b......yC.O.M.ni`..UBYg.....NVY..C..rOX.vD....]...LE..B...JgvvPZHG...j.u....mZ..kr._.Q.n......S.U....a.\..ol.gS.p.....[D.]............o....uD.g._..PxB.COfB....AkU^...vJ..eCl.s.n....X...d..P...i...M.Y..ID.^`....br..O.s...FE....b..A.r.Ey.^....D.vj...c\^....FxA.V.Di......v[.yL...p.........W..C.].P\..wL]O....F.J...b.v.tv....\..w.A.kgvO.pWFe.k.T.jmv\.BIs...vqox..Ul..[f.....H.o..U..bQh.H..tB.Q]...\......a.M.f..^.....xH....O..S.EfkZg.._..u.DS]v..gYJ..]wM.d.t..^c..U.eho...._..G...s[.b.q.B..m....I..N^

                                                                                      C:\Users\user\AppData\Local\Regma\xtda

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):1187805
                                                                                      Entropy (8bit):7.889447931606726
                                                                                      Encrypted:false
                                                                                      SSDEEP:24576:kBbh4gGkO8DpypWg6Qh4l5w5JauZIduV+Ao9FXYa9BAvnHHzY+:kBpjO8Dp7hQh4rCauZIAcAo9vBOHTb
                                                                                      MD5:7910D6147F32875538E6D887C32522ED
                                                                                      SHA1:50F9A0A38B87F48C655AB45DE0E25637F070E12D
                                                                                      SHA-256:45D1882A8DF64A9FA624CD4538BB17161633AE66A5C4D0AEA7D2F17A274A6416
                                                                                      SHA-512:2DE6830A7B9FCF8E6ED08C870BD531705F8094F79205761606B40655B75686205871AA92968B5E2568AFD741F2A09363EFBD296304C61BEDDCE3FFD15E1DE742
                                                                                      Malicious:false
                                                                                      Preview:nn.i.....BRts..v.jx_.HRn.d.crAH..ouo.q.Agj....Eg....b..N.V....g.x..M[.X.\..S..R..AqLl..e..hto.J.E..Y.pY..n..Eo....k..P.Yf..f........._rq.I.g.k.Pr.U.F...C......b.^.JaVR.ShB.sI..eP.r.SY.u..W.W.D..K.Y.h..Gf.iM^yl.U.ew...V..`..h..v.f.JL.o.].R`.......s..kr.....tAQIp..y.Da...km.I....[t..[...MNqlm...a....bO..EQ..Gu..xv.x.x..g.d._...fb`F\gqs....jSpO.wT.._p.ww...H.HB.w...C..rfR..oR.v.ZYt.c.....jf.`ko.iJ...OutPZ.E[`...o.[\....i.[.bfn.wU.JBAHK.....sr\Mc......F...[[...t..V`i].v.....T..]..gc......T.QQSV.].[N..t..cI...Hu_`Jx.yW\`.Ogu.]..[.c.....i_.i.upDu..V..AV_.J..S.u.n...S.e..na.aiBh.v...TWx..OWUaQn....y..hc.N.YB..L...D.R.K.BUBKm.IqC.X.k..re...XQ...J]A[....r..a.kV..W...kq^..YF.ceu.._.b...Yw^`.D.n.n..PMV...DwG.K...DB......n.G..e........U..y..lY.d.CL..s.^a...L.D._..NQ.nPX\h..\....Qy.^.KY.ZL...K.f.tfiex.\K.....J_ZO.....N`..g.eSI..Fd.Grx..i.....LWe...n..k.Y[...pA...J..S._.q.^..H.rO_.V.._..i.d.K.R....Cno...Hpmc_q.t.q....oa.Jc..XA..C.cv[..T.]KK......aGnnF...d.d...U.L.^..U[C.r...^.g^.IcvGSh.E...qZ.O...q.

                                                                                      C:\Users\user\AppData\Local\Temp\Demowordpad.exe

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                      File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):444240
                                                                                      Entropy (8bit):5.784642468970509
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:b/bMNKYj3NAigge0W+JUMrineL5VwqF6G1utO+ueO+ueSdNXP3:b/b83NAigWE5qF6WutO+ueO+ueSdNXP3
                                                                                      MD5:FEA067901F48A5F1FAF7CA3B373F1A8F
                                                                                      SHA1:E8ABE0DEB87DE9FE3BB3A611234584E9A9B17CCE
                                                                                      SHA-256:BF24B2F3E3A3C60ED116791B99E5421A4DE34AC9C6E2201D34AB487E448CE152
                                                                                      SHA-512:07C83A2D3D5DD475BC8AA48EBA9B03E8FB742DBBD7BD623ED05DC1086EFED7DFD1C1B8F037EE2E81EFBA1DE58EA3243D7C84AC8B484E808CD28765F9C7517023
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........z.Z.............cc......cr......ce..............cu.............cb......cg.....Rich............................PE..L...9.[J................."...J......O_.......@............................................@...... ..........................,%.......0..................P....@..\N..p................................5..@...............T............................text...6!.......".................. ..`.data........@..."...&..............@....rsrc........0.......H..............@..@.reloc...Y...@...Z...V..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\b7f8a9a

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):1676104
                                                                                      Entropy (8bit):7.5416073230686775
                                                                                      Encrypted:false
                                                                                      SSDEEP:24576:WgmllgPmB8ZzBHJYgbXNrUvrtq60S43rZsOPk5VrZVg:g7gPmyBpZODtVff59Za
                                                                                      MD5:0E2EF88C353BC8BC92A0C450CD924AF5
                                                                                      SHA1:D4C48AC3C2F97302ED86CE307ED5906A37FA2F54
                                                                                      SHA-256:D1D5E2E71183C04BFAD29CDB3A2729EF578B028DA5208A3A8303AC338973DAEE
                                                                                      SHA-512:B756A08654FAF19482BA0F8844B526E7298F6D42D7D5FC37B05E2A8FC063B022E9DA957C1BE9A5C79D7CFBFE63A26C3AB8328702725D555CBF2D4D90E945DCCC
                                                                                      Malicious:false
                                                                                      Preview:.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\e990ee81

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):1676104
                                                                                      Entropy (8bit):7.541607818726879
                                                                                      Encrypted:false
                                                                                      SSDEEP:24576:9gmllgPmB8ZzBHJYgbXNrUvrtq60S43rZsOPk5VrZVg:d7gPmyBpZODtVff59Za
                                                                                      MD5:AAA3FFF9F41F32C7DF85C41C72BBFABA
                                                                                      SHA1:87069CDF449A4AE3EF2C83DF65C817059B468749
                                                                                      SHA-256:F7AE31BA6E1E9569701040C41A22DE940C7C1F7A60C544C33595853051B3BD8C
                                                                                      SHA-512:6A66EFEF9A8D3754B1F459885C8B0748D91C211D9EFB183EB463565F3F94801E51557494DE14EE56C35E28F6FF890D1FD08915E4AFBC0434D52590D1FBE592F2
                                                                                      Malicious:false
                                                                                      Preview:.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\krdqojnmbomp

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):498176
                                                                                      Entropy (8bit):6.594952046566869
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:LuD09AUkNIGBYYv4eK13x13nZHSRVMf139F5wIB7+IwtHwBtVxbesvZPVC+DYr:O09AfNIEYsunZvZ19ZUsI
                                                                                      MD5:E9859D614C315349888EBD4B9329AF2E
                                                                                      SHA1:D001374A15A0EC7E5654F80728358B194584A435
                                                                                      SHA-256:4BB1D9FA19CDDBB52960AE7846E55FC23C655A9835C3775AD6F0C7D8B94EDDAD
                                                                                      SHA-512:914DBBB8D598BB49D9AA59B5A0204DE8BE0190907C32A87E87925A34F149F96EDF5B08101D3C825CF2D08DDB643B4FB56B752F71F543EEE95CCDCDAED1A5BD5C
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\user\AppData\Local\Temp\krdqojnmbomp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: C:\Users\user\AppData\Local\Temp\krdqojnmbomp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: C:\Users\user\AppData\Local\Temp\krdqojnmbomp, Author: Joe Security
                                                                                      • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\krdqojnmbomp, Author: unknown
                                                                                      • Rule: REMCOS_RAT_variants, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\krdqojnmbomp, Author: unknown
                                                                                      • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: C:\Users\user\AppData\Local\Temp\krdqojnmbomp, Author: ditekSHen
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)...H...H...H....(..H....*..H....+..H...0]..H..&....H... ...H... ...H... ...H...0J..H...H...I...!...H...!&..H...!...H..Rich.H..........PE..L....(W.................`..."......:;.......p....@......................................................................... ........`..`K.......................;......8...........................H...@............p...............................text...._.......`.................. ..`.rdata.......p.......d..............@..@.data...l]..........................@....rsrc...`K...`...L..................@..@.reloc...;.......<...J..............@..Bnrdpr.... ..........................@...........................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\srpcrmxgav

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):498176
                                                                                      Entropy (8bit):6.594952046566869
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:LuD09AUkNIGBYYv4eK13x13nZHSRVMf139F5wIB7+IwtHwBtVxbesvZPVC+DYr:O09AfNIEYsunZvZ19ZUsI
                                                                                      MD5:E9859D614C315349888EBD4B9329AF2E
                                                                                      SHA1:D001374A15A0EC7E5654F80728358B194584A435
                                                                                      SHA-256:4BB1D9FA19CDDBB52960AE7846E55FC23C655A9835C3775AD6F0C7D8B94EDDAD
                                                                                      SHA-512:914DBBB8D598BB49D9AA59B5A0204DE8BE0190907C32A87E87925A34F149F96EDF5B08101D3C825CF2D08DDB643B4FB56B752F71F543EEE95CCDCDAED1A5BD5C
                                                                                      Malicious:true
                                                                                      Yara Hits:
                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\Users\user\AppData\Local\Temp\srpcrmxgav, Author: Joe Security
                                                                                      • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: C:\Users\user\AppData\Local\Temp\srpcrmxgav, Author: Joe Security
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: C:\Users\user\AppData\Local\Temp\srpcrmxgav, Author: Joe Security
                                                                                      • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\srpcrmxgav, Author: unknown
                                                                                      • Rule: REMCOS_RAT_variants, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\srpcrmxgav, Author: unknown
                                                                                      • Rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM, Description: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003), Source: C:\Users\user\AppData\Local\Temp\srpcrmxgav, Author: ditekSHen
                                                                                      Antivirus:
                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........)...H...H...H....(..H....*..H....+..H...0]..H..&....H... ...H... ...H... ...H...0J..H...H...I...!...H...!&..H...!...H..Rich.H..........PE..L....(W.................`..."......:;.......p....@......................................................................... ........`..`K.......................;......8...........................H...@............p...............................text...._.......`.................. ..`.rdata.......p.......d..............@..@.data...l]..........................@....rsrc...`K...`...L..................@..@.reloc...;.......<...J..............@..Bnrdpr.... ..........................@...........................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\wwaxt

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\cmd.exe
                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sat Dec 21 13:02:26 2024, mtime=Sat Dec 21 13:02:27 2024, atime=Tue Dec 10 15:18:26 2024, length=1756232, window=hide
                                                                                      Category:dropped
                                                                                      Size (bytes):907
                                                                                      Entropy (8bit):4.974160962641225
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:8CC48pnu8Chz8lXIsY//l/oLIlJ/5lqGBDYjAp8+HPGpWSDyJD4UNlp4EuEmV:8gEDBlXUMMxQAp8QkyNlp1m
                                                                                      MD5:D8268B81AB045945C747820BF35AFEE6
                                                                                      SHA1:3883E88BF0E645B657B8938FD364D3A930C2E3B3
                                                                                      SHA-256:48C2A16238DC890ECAA901C19AB28CE4D762E503D6DAEE793616DF4F8E71DD9F
                                                                                      SHA-512:EA05B9A4DD4FA48145D6CCFB8F2A2E97B40160F89898B54549DC5D597D2BCEE5552E9379257C03E7379F2CBEFE3F769E36BBEBC6746257C8C06B512195D30E1D
                                                                                      Malicious:false
                                                                                      Preview:L..................F.... .....v..S..\U...S...u$$.K..H.........................:..DG..Yr?.D..U..k0.&...&.......$..S...]$\.S...-...S......t...CFSF..1.....EW<2..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW<2.YAp...........................^.A.p.p.D.a.t.a...B.V.1......YNp..Roaming.@......EW<2.YRp..../......................2..R.o.a.m.i.n.g.....d.1......YNp..SYNCVA~1..L......YNp.YRp....<.....................U...S.y.n.c.v.a.l.i.d.K.i.l.3.....b.2.H....YM. .ManyCam.exe.H......YNp.YNp....G.........................M.a.n.y.C.a.m...e.x.e.......j...............-.......i.............6g.....C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe..'.....\.....\.R.o.a.m.i.n.g.\.S.y.n.c.v.a.l.i.d.K.i.l.3.\.M.a.n.y.C.a.m...e.x.e.`.......X.......701188...........hT..CrF.f4... ...S?.....-...-$..hT..CrF.f4... ...S?.....-...-$.E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                      C:\Users\user\AppData\Roaming\SyncvalidKil3\CrashRpt.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Regma\ManyCam.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):123976
                                                                                      Entropy (8bit):6.382577198291231
                                                                                      Encrypted:false
                                                                                      SSDEEP:3072:fzjKVg7GOfS5SqPcCXA4SQlah+8Z4OAAHWTtopW+Z:fzjKVg7GOESqPcCXxT8hhZ4OAAHW2Wa
                                                                                      MD5:B2D1F5E4A1F0E8D85F0A8AEB7B8148C7
                                                                                      SHA1:871078213FCC0CE143F518BD69CAA3156B385415
                                                                                      SHA-256:C28E0AEC124902E948C554436C0EBBEBBA9FC91C906CE2CD887FADA0C64E3386
                                                                                      SHA-512:1F6D97E02CD684CF4F4554B0E819196BD2811E19B964A680332268BCBB6DEE0E17B2B35B6E66F0FE5622DFFB0A734F39F8E49637A38E4FE7F10D3B5182B30260
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................W.....U.....U.............U.......U.......U.....U.....U....Rich....................PE..L.....M...........!................'........ ......................................Gb..............................P........t..........d%..............H...........`$..............................0W..@............ ...............................text...8........................... ..`.rdata../l... ...n..................@..@.data...t...........................@....rsrc...d%.......&..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Regma\ManyCam.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):1756232
                                                                                      Entropy (8bit):6.047140524753333
                                                                                      Encrypted:false
                                                                                      SSDEEP:49152:wlkcF8MnJ6tdGeHzpNTxlSvQynZAWBM2FU+SrzcBsWLZF5:wlf8MnJ6tdGeHzpNTxlSvfnOWC6U5Ed5
                                                                                      MD5:BA699791249C311883BAA8CE3432703B
                                                                                      SHA1:F8734601F9397CB5EBB8872AF03F5B0639C2EAC6
                                                                                      SHA-256:7C4EB51A737A81C163F95B50EC54518B82FCF91389D0560E855F3E26CEC07282
                                                                                      SHA-512:6A0386424C61FBF525625EBE53BB2193ACCD51C2BE9A2527FD567D0A6E112B0D1A047D8F7266D706B726E9C41EA77496E1EDE186A5E59F5311EEEA829A302325
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........3...R..R..R..f]..R..2...R....R....R....R....R..R..Q.....R....R....R..Rich.R..........................PE..L...e..M............................|B............@.................................f.........P......................................@..................H............................................d..@............................................text...b........................... ..`.rdata..B...........................@..@.data........P.......P..............@....rsrc........@......................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Roaming\SyncvalidKil3\cv099.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Regma\ManyCam.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):679936
                                                                                      Entropy (8bit):6.674616014554414
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:dHxL34kbwAQR5+ERTJGZfnpyvhZFjtJbPbwQjtX5ooVyPMDFdqvGHjucsEUNwm/7:dzbwAQR57RJGoxjP7/2+HINwwb
                                                                                      MD5:2A8B33FEE2F84490D52A3A7C75254971
                                                                                      SHA1:16CE2B1632A17949B92CE32A6211296FEE431DCA
                                                                                      SHA-256:FAFF6A0745E1720413A028F77583FFF013C3F4682756DC717A0549F1BE3FEFC2
                                                                                      SHA-512:8DAF104582547D6B3A6D8698836E279D88AD9A870E9FDD66C319ECADA3757A3997F411976461ED30A5D24436BAA7504355B49D4ACEC2F7CDFE10E1E392E0F7FB
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Y.IO.q'..q'..q'...Y..q'.:.J..q'.:.Z..q'.:.\..q'..q&..q'.:.I.#q'.:.]..q'.:.[..q'.:._..q'.Rich.q'.........PE..L.....YM...........!.........p..........................................................................................a+......P.......,.......................T9..P...................................@...............,............................text............................... ..`.rdata..............................@..@.data...........0..................@....rsrc...,...........................@..@.reloc...:.......@... ..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Roaming\SyncvalidKil3\cxcore099.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Regma\ManyCam.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):929792
                                                                                      Entropy (8bit):6.883051393212028
                                                                                      Encrypted:false
                                                                                      SSDEEP:24576:MNohaQGpXDCfZCgs1ruSteHz3+AlEOyIrbv1yw:0msgUeTAIrbb
                                                                                      MD5:60AD2FC365DC3DE0CE1FD191ACC6A0B0
                                                                                      SHA1:8C85BF1B8734B150CF2AFDFE64C1227DBEF25393
                                                                                      SHA-256:CF58A2F246D7D081986B44B14ABC810C256C4F594738659E522476BCD7977D8C
                                                                                      SHA-512:65B093547569A4C06028EC723BE3D562102153741BD71A0DC6A16A2E96D56CB2101F5D1EBEDDB235C570A12EC5834AA5F8529BF446DFC31F677D6150319BF65B
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 5%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................&......&......&............&......&......&......&.....Rich...........PE..L...w.YM...........!......... .......................................................d..................................b(......d....@..4....................P...d......................................@...............H............................text............................... ..`.rdata..b/.......0..................@..@.data........@...p...@..............@....rsrc...4....@......................@..@.reloc...g...P...p..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Roaming\SyncvalidKil3\cximagecrt.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Regma\ManyCam.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):498760
                                                                                      Entropy (8bit):6.674124910838454
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:fJaqPgrHZx0Cxn0P5ASCH8aH6IAC+tITsQ8p:fkqPgr5x0Cxn0P5ASCH8aaIACDTx8p
                                                                                      MD5:C36F6E088C6457A43ADB7EDCD17803F3
                                                                                      SHA1:B25B9FB4C10B8421C8762C7E7B3747113D5702DE
                                                                                      SHA-256:8E1243454A29998CC7DC89CAECFADC0D29E00E5776A8B5777633238B8CD66F72
                                                                                      SHA-512:87CAD4C3059BD7DE02338922CF14E515AF5CAD663D473B19DD66A4C8BEFC8BCE61C9C2B5A14671BC71951FDFF345E4CA7A799250D622E2C9236EC03D74D4FE4E
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B2/..SA[.SA[.SA[..?[.SA[!.<[.SA[!.:[.SA[.S@[.SA[!.,[ISA[!./["SA[!.;[.SA[!.9[.SA[Rich.SA[................PE..L......M...........!.........`......]........ ......................................a!..................................#U..t...x....@..................H....P... ..p"..............................@...@............ ..X............................text............................... ..`.rdata....... ....... ..............@..@.data...<....0.......0..............@....rsrc........@.......@..............@..@.reloc..n!...P...0...P..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Roaming\SyncvalidKil3\dbghelp.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Regma\ManyCam.exe
                                                                                      File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):489984
                                                                                      Entropy (8bit):6.620591640062086
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:p3KP8f7yHkluOutwm5ZNetC5IlhhMUyFWgQK7x5Iz4JxRRAuUzT/9cl84S683WbX:psX5ZNG2y1ycw5IGxRwVc6683WbXn
                                                                                      MD5:E458D88C71990F545EF941CD16080BAD
                                                                                      SHA1:CD24CCEC2493B64904CF3C139CD8D58D28D5993B
                                                                                      SHA-256:5EC121730240548A85B7EF1F7E30D5FDBEE153BB20DD92C2D44BF37395294EC0
                                                                                      SHA-512:B1755E3DB10B1D12D6EAFFD1D91F5CA5E0F9F8AE1350675BC44AE7A4AF4A48090A9828A8ACBBC69C5813EAC23E02576478113821CB2E04B6288E422F923B446F
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$..`..`..`.....I.....b..`........k......g.....p.....a......a.....w.....a..Rich`..........PE..L.....m=...........!................5l............Qm................................................................0.......$...x....P.......................`...K..@................................................................................text............................... ..`.data...,@.......*..................@....rsrc........P......................@..@.reloc...e...`...f..................@..B..m=8...(.m=C...(.m=P.......Z...(.m=f...).m=s...........msvcrt.dll.KERNEL32.dll.NTDLL.DLL.VERSION.dll.ADVAPI32.dll.RPCRT4.dll...................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Roaming\SyncvalidKil3\highgui099.dll

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Regma\ManyCam.exe
                                                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):397312
                                                                                      Entropy (8bit):6.672405371278951
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:J+7gXTkVRt1dixRtVq2EjMS2E7ETstO/:JlTeRt1dSzd4MSUTsO/
                                                                                      MD5:A354C42FCB37A50ECAD8DDE250F6119E
                                                                                      SHA1:0EB4AD5E90D28A4A8553D82CEC53072279AF1961
                                                                                      SHA-256:89DB6973F4EC5859792BCD8A50CD10DB6B847613F2CEA5ADEF740EEC141673B2
                                                                                      SHA-512:981C82F6334961C54C80009B14A0C2CD48067BAF6D502560D508BE86F5185374A422609C7FDC9A2CDE9B98A7061EFAB7FD9B1F4F421436A9112833122BC35059
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r|..6...6...6......4......;......5....;..n......#...6..........."......7......7......7...Rich6...........PE..L.....YM...........!.........@......y........................................ .......r.............................. K..F....9..........d........................#..`...................................................D............................text............................... ..`.rdata..f...........................@..@.data...0r...`...p...`..............@....rsrc...d...........................@..@.reloc...$.......0..................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Roaming\SyncvalidKil3\sobrt

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Regma\ManyCam.exe
                                                                                      File Type:JSON data
                                                                                      Category:dropped
                                                                                      Size (bytes):53242
                                                                                      Entropy (8bit):4.59606276262123
                                                                                      Encrypted:false
                                                                                      SSDEEP:768:BMYPBv4tsCv6qQZLXaDGjv7p3r0W3iS716ajXbVNs6wGyNMS2jeJ0+9MkuGJGo2G:ZAvCqu+w7p/ySjLVm6pFvpkls/2yc
                                                                                      MD5:5BA0E4EF5BB61DB3B1554A108118ED45
                                                                                      SHA1:1004DB2678BAA94E1A9F99E767673514B0122A21
                                                                                      SHA-256:D26373617C8EF46DAA7482688B17AE8153A633EA2FE75053282F0F4308903F57
                                                                                      SHA-512:62B43ECC1DC6F5D58283B164278B01FE5FB00963D712D3D4ED5B97FCB22C7C46010142FFE65C2DF74B80EDD6E48754FDDF446F23DC28787DC008E156D3F54B3C
                                                                                      Malicious:false
                                                                                      Preview:[]YiFZx...X...HZ.W....v.R.MJ...m[X...Ko..O..I^..r.BX.nVO.....F.AS..HTj..mF_Ro.v.S..\.Y..`.R.u...Bg.jOL..q.X..vHQgP..`..GUKu.g.....j...H...`........l...qwapN...LPD.f..K.guO.Q..Y.JKrn...B.w.dV.].rGk.l.I.c.SBQ.D..woH..o...iR.t.Pi..Sg.kK..a..G..c.AC...Ka..BE.B.C.L.K.Fo.....`..k.dr....qd.uK.....o..vr.[E.`XFI.d..omgi.P^GM..B.NyNnGT..f.O.b..[Cm.Frl...]x.\..oj.WhM.U.wPmjChQ.^.....L..Y.Yt.d...O..C_E...UH..T...r_.QIL.T.g.xgNC..cq..K..\w...U.`.r_..Q....S..W`Q..Q.._...E.F.[.Fv..g..L^xcv.`.jA...m.Ni...MqA..j.g\b......yC.O.M.ni`..UBYg.....NVY..C..rOX.vD....]...LE..B...JgvvPZHG...j.u....mZ..kr._.Q.n......S.U....a.\..ol.gS.p.....[D.]............o....uD.g._..PxB.COfB....AkU^...vJ..eCl.s.n....X...d..P...i...M.Y..ID.^`....br..O.s...FE....b..A.r.Ey.^....D.vj...c\^....FxA.V.Di......v[.yL...p.........W..C.].P\..wL]O....F.J...b.v.tv....\..w.A.kgvO.pWFe.k.T.jmv\.BIs...vqox..Ul..[f.....H.o..U..bQh.H..tB.Q]...\......a.M.f..^.....xH....O..S.EfkZg.._..u.DS]v..gYJ..]wM.d.t..^c..U.eho...._..G...s[.b.q.B..m....I..N^

                                                                                      C:\Users\user\AppData\Roaming\SyncvalidKil3\xtda

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Local\Regma\ManyCam.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):1187805
                                                                                      Entropy (8bit):7.889447931606726
                                                                                      Encrypted:false
                                                                                      SSDEEP:24576:kBbh4gGkO8DpypWg6Qh4l5w5JauZIduV+Ao9FXYa9BAvnHHzY+:kBpjO8Dp7hQh4rCauZIAcAo9vBOHTb
                                                                                      MD5:7910D6147F32875538E6D887C32522ED
                                                                                      SHA1:50F9A0A38B87F48C655AB45DE0E25637F070E12D
                                                                                      SHA-256:45D1882A8DF64A9FA624CD4538BB17161633AE66A5C4D0AEA7D2F17A274A6416
                                                                                      SHA-512:2DE6830A7B9FCF8E6ED08C870BD531705F8094F79205761606B40655B75686205871AA92968B5E2568AFD741F2A09363EFBD296304C61BEDDCE3FFD15E1DE742
                                                                                      Malicious:false
                                                                                      Preview:nn.i.....BRts..v.jx_.HRn.d.crAH..ouo.q.Agj....Eg....b..N.V....g.x..M[.X.\..S..R..AqLl..e..hto.J.E..Y.pY..n..Eo....k..P.Yf..f........._rq.I.g.k.Pr.U.F...C......b.^.JaVR.ShB.sI..eP.r.SY.u..W.W.D..K.Y.h..Gf.iM^yl.U.ew...V..`..h..v.f.JL.o.].R`.......s..kr.....tAQIp..y.Da...km.I....[t..[...MNqlm...a....bO..EQ..Gu..xv.x.x..g.d._...fb`F\gqs....jSpO.wT.._p.ww...H.HB.w...C..rfR..oR.v.ZYt.c.....jf.`ko.iJ...OutPZ.E[`...o.[\....i.[.bfn.wU.JBAHK.....sr\Mc......F...[[...t..V`i].v.....T..]..gc......T.QQSV.].[N..t..cI...Hu_`Jx.yW\`.Ogu.]..[.c.....i_.i.upDu..V..AV_.J..S.u.n...S.e..na.aiBh.v...TWx..OWUaQn....y..hc.N.YB..L...D.R.K.BUBKm.IqC.X.k..re...XQ...J]A[....r..a.kV..W...kq^..YF.ceu.._.b...Yw^`.D.n.n..PMV...DwG.K...DB......n.G..e........U..y..lY.d.CL..s.^a...L.D._..NQ.nPX\h..\....Qy.^.KY.ZL...K.f.tfiex.\K.....J_ZO.....N`..g.eSI..Fd.Grx..i.....LWe...n..k.Y[...pA...J..S._.q.^..H.rO_.V.._..i.d.K.R....Cno...Hpmc_q.t.q....oa.Jc..XA..C.cv[..T.]KK......aGnnF...d.d...U.L.^..U[C.r...^.g^.IcvGSh.E...qZ.O...q.

                                                                                      C:\Windows\Installer\6e2515.msi

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Fossa, Author: Dekko Ohm, Keywords: Installer, Comments: This installer database contains the logic and data required to install Fossa., Template: Intel;1033, Revision Number: {6729BE5C-C13E-40DC-A40C-D2D5371CABA4}, Create Time/Date: Tue Dec 10 10:20:28 2024, Last Saved Time/Date: Tue Dec 10 10:20:28 2024, Number of Pages: 500, Number of Words: 10, Name of Creating Application: WiX Toolset (4.0.0.0), Security: 2
                                                                                      Category:dropped
                                                                                      Size (bytes):2957312
                                                                                      Entropy (8bit):7.994067187686304
                                                                                      Encrypted:true
                                                                                      SSDEEP:49152:IiSoOl+YyNuCClJkqwhmsl5aBZJnxsTKHgX7Gu0ojmWS8MqIugHt:It7+YJCCvkEsloxTHZojmWhDg
                                                                                      MD5:A2A7FF35BD33480418BD39E0832D0875
                                                                                      SHA1:8CD2EC2310B1240FFA9944631C409E658CEA03A7
                                                                                      SHA-256:46004E5408D63486737753E360A3C9EF74246163497C920D1AC7AA504C488E54
                                                                                      SHA-512:20B4BCC20BDD3D40EC0D2D3F8531615C5FCE78339784DD8F346E6AECCDCA8307F472E59D9F246DAEB1E1A4343C9D6D53F83B2DEB7EB21F5B4035B2D083AD037C
                                                                                      Malicious:false
                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\6e2517.msi

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Fossa, Author: Dekko Ohm, Keywords: Installer, Comments: This installer database contains the logic and data required to install Fossa., Template: Intel;1033, Revision Number: {6729BE5C-C13E-40DC-A40C-D2D5371CABA4}, Create Time/Date: Tue Dec 10 10:20:28 2024, Last Saved Time/Date: Tue Dec 10 10:20:28 2024, Number of Pages: 500, Number of Words: 10, Name of Creating Application: WiX Toolset (4.0.0.0), Security: 2
                                                                                      Category:dropped
                                                                                      Size (bytes):2957312
                                                                                      Entropy (8bit):7.994067187686304
                                                                                      Encrypted:true
                                                                                      SSDEEP:49152:IiSoOl+YyNuCClJkqwhmsl5aBZJnxsTKHgX7Gu0ojmWS8MqIugHt:It7+YJCCvkEsloxTHZojmWhDg
                                                                                      MD5:A2A7FF35BD33480418BD39E0832D0875
                                                                                      SHA1:8CD2EC2310B1240FFA9944631C409E658CEA03A7
                                                                                      SHA-256:46004E5408D63486737753E360A3C9EF74246163497C920D1AC7AA504C488E54
                                                                                      SHA-512:20B4BCC20BDD3D40EC0D2D3F8531615C5FCE78339784DD8F346E6AECCDCA8307F472E59D9F246DAEB1E1A4343C9D6D53F83B2DEB7EB21F5B4035B2D083AD037C
                                                                                      Malicious:false
                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\MSI265D.tmp

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):3646
                                                                                      Entropy (8bit):5.557778594285753
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:P4X/ph/OZMuw/43wlwsceYwnT6e64RCLfEPUXS:P4XRhOw/43wlwsdYwnT6e6JWUXS
                                                                                      MD5:13AC23DA620F9702049D93DB4AD08085
                                                                                      SHA1:356A011768D643D4A1A52624D41D76E89AEE4500
                                                                                      SHA-256:C6154D287A842F8D8980FE5C85D046D33A9226E1A1CFB6FD0240A1E3481936F6
                                                                                      SHA-512:24C92B689AC27205909C9A0A8D465A4DE221714EE62DAC7BC52FD3E2C7C9E50E66B705E22A64D5B5829DC94AA0BE8243A648D75A377B36F91E585BC535525F56
                                                                                      Malicious:false
                                                                                      Preview:...@IXOS.@.....@BH.Y.@.....@.....@.....@.....@.....@......&.{9C7064B9-89ED-41DD-86B6-540DFCC59041}..Fossa..62f928.msi.@.....@.....@.....@........&.{6729BE5C-C13E-40DC-A40C-D2D5371CABA4}.....@.....@.....@.....@.......@.....@.....@.......@......Fossa......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration.....@.....@.....@.]....&.{F800788E-DCA4-5100-A820-3F4CEFD20E64}2.C:\Users\user\AppData\Local\Regma\CrashRpt.dll.@.......@.....@.....@......&.{1782F4E4-6DC7-5DBE-A28B-CB20DABBB6D7}/.C:\Users\user\AppData\Local\Regma\cv099.dll.@.......@.....@.....@......&.{985840A2-FB2C-5FE7-8DB3-EDB81A898EFE}3.C:\Users\user\AppData\Local\Regma\cxcore099.dll.@.......@.....@.....@......&.{FAFC2355-0E6C-5C42-94B1-101D403901E4}4.C:\Users\user\AppData\Local\Regma\cximagecrt.dll.@.......@.....@.....@......&.{A4037ED7-170A-5910-B811-63FC091B599E}1.C:\Users\user\AppData\Local\Regma\dbghel

                                                                                      C:\Windows\Installer\SourceHash{9C7064B9-89ED-41DD-86B6-540DFCC59041}

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):1.1636515905050542
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:JSbX72FjFAGiLIlHVRpth/7777777777777777777777777vDHFyZQGbispSl0i5:JDQI5p/GbrF
                                                                                      MD5:6539005396E58E96D4666F890B69D0AB
                                                                                      SHA1:13ADF9CC25DAF1E1BCDE74212FB768B93A83C46C
                                                                                      SHA-256:27C0F770A9414CCC08A70E1A0506E0FBFEDB85D15D4FEF43EED95845E08274AA
                                                                                      SHA-512:23F9082733028D053A064567593BFB73F267C57BEC66F3046A0FE6C73212EC49AFA1E3F84487D159148A01CE9C31E928E73FF9523553C4DBBB99005C6D8B1E7C
                                                                                      Malicious:false
                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):1.4660636332216386
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:L8PhMuRc06WXJa/T5kHzZF2S5Hrk2SI/0Vl:yhM1R/TqHzZgAw
                                                                                      MD5:4991D6279F90A920343F36DC50D75E8D
                                                                                      SHA1:4D242819526C47A1A4F72D3BB693374ACEA7A579
                                                                                      SHA-256:0886F0770B6D8D40FCE6EFF0C55AFF03A48FD2E5DC33270B6B777C72E66CEF4A
                                                                                      SHA-512:993372C74EFFD7E5E9AC9F382860CC95DBEAFB16CCEAD8B378097EA62E9198138CBF112E18CD4A3C9E4BB6B9F900266D8169C1C55844035B6690EC551B95FB96
                                                                                      Malicious:false
                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):360001
                                                                                      Entropy (8bit):5.362984548633005
                                                                                      Encrypted:false
                                                                                      SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgaum:zTtbmkExhMJCIpEP
                                                                                      MD5:2A6BDC551CD7BE2A24C7A68A470E8AB0
                                                                                      SHA1:863E4F81853EEAC49AF1081CEF38F14ACF9372AD
                                                                                      SHA-256:E8854F32A9F85A69186DB3E4F7CD92630225CD78119AEFDBA9151F2CA3B6C04F
                                                                                      SHA-512:8A1FF3DAE62199F19E03FAFB905B94BF3A302C4458C6DA142635A6EBEB120CEC4B3438B4B59641E7ED2E457D0516985287E28653A0F68EA1E8FBBD4524A77B3A
                                                                                      Malicious:false
                                                                                      Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                      C:\Windows\Temp\~DF00362BAAC093916C.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                      Category:dropped
                                                                                      Size (bytes):32768
                                                                                      Entropy (8bit):1.182111206755347
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:xnkuT1veFXJxT5eHzZF2S5Hrk2SI/0Vl:tkXJToHzZgAw
                                                                                      MD5:5C83EAA01DC2A80D208E2134D51BAC8E
                                                                                      SHA1:98AF03EF64B1BF3BC59370F283BFE703A07673B0
                                                                                      SHA-256:2BDB91F126E1BA86CD6F55B079FD65E9296D2DD0DC3F7BA096D033B21D3EBD79
                                                                                      SHA-512:490CB632DFC63F61FB3E8BB70E2AC3A80EF8B922C2BA7D0F56030CC81BC141F93EF584193AFD9251AB465F3684AFE7FE4AB0E061A729B04D35B4B08F94C01148
                                                                                      Malicious:false
                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DF0724E6B1F1805CD2.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):1.4660636332216386
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:L8PhMuRc06WXJa/T5kHzZF2S5Hrk2SI/0Vl:yhM1R/TqHzZgAw
                                                                                      MD5:4991D6279F90A920343F36DC50D75E8D
                                                                                      SHA1:4D242819526C47A1A4F72D3BB693374ACEA7A579
                                                                                      SHA-256:0886F0770B6D8D40FCE6EFF0C55AFF03A48FD2E5DC33270B6B777C72E66CEF4A
                                                                                      SHA-512:993372C74EFFD7E5E9AC9F382860CC95DBEAFB16CCEAD8B378097EA62E9198138CBF112E18CD4A3C9E4BB6B9F900266D8169C1C55844035B6690EC551B95FB96
                                                                                      Malicious:false
                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DF4D55995EA9DC11C3.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):1.4660636332216386
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:L8PhMuRc06WXJa/T5kHzZF2S5Hrk2SI/0Vl:yhM1R/TqHzZgAw
                                                                                      MD5:4991D6279F90A920343F36DC50D75E8D
                                                                                      SHA1:4D242819526C47A1A4F72D3BB693374ACEA7A579
                                                                                      SHA-256:0886F0770B6D8D40FCE6EFF0C55AFF03A48FD2E5DC33270B6B777C72E66CEF4A
                                                                                      SHA-512:993372C74EFFD7E5E9AC9F382860CC95DBEAFB16CCEAD8B378097EA62E9198138CBF112E18CD4A3C9E4BB6B9F900266D8169C1C55844035B6690EC551B95FB96
                                                                                      Malicious:false
                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DF7D2D14DB8B445E62.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                      Category:dropped
                                                                                      Size (bytes):32768
                                                                                      Entropy (8bit):1.182111206755347
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:xnkuT1veFXJxT5eHzZF2S5Hrk2SI/0Vl:tkXJToHzZgAw
                                                                                      MD5:5C83EAA01DC2A80D208E2134D51BAC8E
                                                                                      SHA1:98AF03EF64B1BF3BC59370F283BFE703A07673B0
                                                                                      SHA-256:2BDB91F126E1BA86CD6F55B079FD65E9296D2DD0DC3F7BA096D033B21D3EBD79
                                                                                      SHA-512:490CB632DFC63F61FB3E8BB70E2AC3A80EF8B922C2BA7D0F56030CC81BC141F93EF584193AFD9251AB465F3684AFE7FE4AB0E061A729B04D35B4B08F94C01148
                                                                                      Malicious:false
                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DF922745D2A5985678.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):69632
                                                                                      Entropy (8bit):0.10487828165257096
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:Xgql7/X2ipVA2ipV7VgwGClrkgq8+9ueN:XVl7/X2S62S5Hrq8zq
                                                                                      MD5:FA1511D021DD2213D7201BED2E13373C
                                                                                      SHA1:799D1EFDBECA69B4191C342D505A21A1BB76D2ED
                                                                                      SHA-256:869D0E2DF85DAF4E0C572059575F778AACB83BA34CDFE926915245BCB6158C2B
                                                                                      SHA-512:8CFCC8B7FAB486A998A8914B6A977A0B4B9AF55E172C78DD45DEE870BB06EE1BFCF6BD6EAB347E2B7BC045B9775778834C207178AACAEBD356AE7EBB7E179B53
                                                                                      Malicious:false
                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DF9362F87E879B54AD.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):512
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3::
                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                      Malicious:false
                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DFAFA4D0FC48C8D18D.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):512
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3::
                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                      Malicious:false
                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DFB78D9C116250DC15.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):512
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3::
                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                      Malicious:false
                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DFB8A5A2843155FF30.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):32768
                                                                                      Entropy (8bit):0.07008560595732845
                                                                                      Encrypted:false
                                                                                      SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOyZy84GExkbJIDtQVky6lS:2F0i8n0itFzDHFyZQGbiDJS
                                                                                      MD5:3D02BA738169FBB3DD48E44D7DA01EA4
                                                                                      SHA1:70EE6265F076CB99691F9FB1102E241CD5937150
                                                                                      SHA-256:311F094E666BD2B095B2837C871FADA28C701D309CF797EF61556BA3BE4A99E9
                                                                                      SHA-512:CECD308EA5566880999DC2237FFEBDF8AE1987D3691F1FD1D367FEF617C7447FAD6C38022BF2C6E6E379C32C885A72229714E40110FFFBADEA8D5D59961477E5
                                                                                      Malicious:false
                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DFC3377944FB0407BE.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                      Category:dropped
                                                                                      Size (bytes):32768
                                                                                      Entropy (8bit):1.182111206755347
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:xnkuT1veFXJxT5eHzZF2S5Hrk2SI/0Vl:tkXJToHzZgAw
                                                                                      MD5:5C83EAA01DC2A80D208E2134D51BAC8E
                                                                                      SHA1:98AF03EF64B1BF3BC59370F283BFE703A07673B0
                                                                                      SHA-256:2BDB91F126E1BA86CD6F55B079FD65E9296D2DD0DC3F7BA096D033B21D3EBD79
                                                                                      SHA-512:490CB632DFC63F61FB3E8BB70E2AC3A80EF8B922C2BA7D0F56030CC81BC141F93EF584193AFD9251AB465F3684AFE7FE4AB0E061A729B04D35B4B08F94C01148
                                                                                      Malicious:false
                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DFF11F3B956D8C6194.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):512
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3::
                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                      Malicious:false
                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Windows\Temp\~DFFF87292FADB1AC8C.TMP

                                                                                      Download File
                                                                                      Process:C:\Windows\System32\msiexec.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):512
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3::
                                                                                      MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                      SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                      SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                      SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                      Malicious:false
                                                                                      Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, MSI Installer, Code page: 1252, Title: Installation Database, Subject: Fossa, Author: Dekko Ohm, Keywords: Installer, Comments: This installer database contains the logic and data required to install Fossa., Template: Intel;1033, Revision Number: {6729BE5C-C13E-40DC-A40C-D2D5371CABA4}, Create Time/Date: Tue Dec 10 10:20:28 2024, Last Saved Time/Date: Tue Dec 10 10:20:28 2024, Number of Pages: 500, Number of Words: 10, Name of Creating Application: WiX Toolset (4.0.0.0), Security: 2
                                                                                      Entropy (8bit):7.994067187686304
                                                                                      TrID:
                                                                                      • Microsoft Windows Installer (60509/1) 88.31%
                                                                                      • Generic OLE2 / Multistream Compound File (8008/1) 11.69%
                                                                                      File name:62f928.msi
                                                                                      File size:2'957'312 bytes
                                                                                      MD5:a2a7ff35bd33480418bd39e0832d0875
                                                                                      SHA1:8cd2ec2310b1240ffa9944631c409e658cea03a7
                                                                                      SHA256:46004e5408d63486737753e360a3c9ef74246163497c920d1ac7aa504c488e54
                                                                                      SHA512:20b4bcc20bdd3d40ec0d2d3f8531615c5fce78339784dd8f346e6aeccdca8307f472e59d9f246daeb1e1a4343c9d6d53f83b2deb7eb21f5b4035b2d083ad037c
                                                                                      SSDEEP:49152:IiSoOl+YyNuCClJkqwhmsl5aBZJnxsTKHgX7Gu0ojmWS8MqIugHt:It7+YJCCvkEsloxTHZojmWhDg
                                                                                      TLSH:0ED53324B44473AFD6D77BB04422E6ACC61C2C8A53BA92F170E7318177B4F619BFA184
                                                                                      File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                      File Icon

                                                                                      Icon Hash:2d2e3797b32b2b99

                                                                                      Network Behavior

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                      Dec 21, 2024 15:01:59.999872923 CET1.1.1.1192.168.2.60x226fNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                      Dec 21, 2024 15:01:59.999872923 CET1.1.1.1192.168.2.60x226fNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                      Dec 21, 2024 15:03:09.241204023 CET1.1.1.1192.168.2.60x7f6fNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                      Dec 21, 2024 15:03:09.241204023 CET1.1.1.1192.168.2.60x7f6fNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false

                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      Behavior

                                                                                      Click to jump to process

                                                                                      System Behavior

                                                                                      General

                                                                                      Target ID:1
                                                                                      Start time:09:02:02
                                                                                      Start date:21/12/2024
                                                                                      Path:C:\Windows\System32\msiexec.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\62f928.msi"
                                                                                      Imagebase:0x7ff745730000
                                                                                      File size:69'632 bytes
                                                                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:3
                                                                                      Start time:09:02:02
                                                                                      Start date:21/12/2024
                                                                                      Path:C:\Windows\System32\msiexec.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                      Imagebase:0x7ff745730000
                                                                                      File size:69'632 bytes
                                                                                      MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:4
                                                                                      Start time:09:02:04
                                                                                      Start date:21/12/2024
                                                                                      Path:C:\Users\user\AppData\Local\Regma\ManyCam.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\AppData\Local\Regma\ManyCam.exe"
                                                                                      Imagebase:0x400000
                                                                                      File size:1'756'232 bytes
                                                                                      MD5 hash:BA699791249C311883BAA8CE3432703B
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000004.00000002.2383862619.0000000009B47000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Antivirus matches:
                                                                                      • Detection: 0%, ReversingLabs
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:5
                                                                                      Start time:09:02:04
                                                                                      Start date:21/12/2024
                                                                                      Path:C:\Windows\System32\pcaui.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Local\Regma\ManyCam.exe"
                                                                                      Imagebase:0x7ff6331b0000
                                                                                      File size:162'816 bytes
                                                                                      MD5 hash:0BA34D8D0BD01CB98F912114ACC7CF19
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:15
                                                                                      Start time:09:02:26
                                                                                      Start date:21/12/2024
                                                                                      Path:C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe
                                                                                      Imagebase:0x400000
                                                                                      File size:1'756'232 bytes
                                                                                      MD5 hash:BA699791249C311883BAA8CE3432703B
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000000F.00000002.2645623231.0000000009B06000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Antivirus matches:
                                                                                      • Detection: 0%, ReversingLabs
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:16
                                                                                      Start time:09:02:27
                                                                                      Start date:21/12/2024
                                                                                      Path:C:\Windows\System32\pcaui.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe"
                                                                                      Imagebase:0x7ff6331b0000
                                                                                      File size:162'816 bytes
                                                                                      MD5 hash:0BA34D8D0BD01CB98F912114ACC7CF19
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:19
                                                                                      Start time:09:02:48
                                                                                      Start date:21/12/2024
                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                      Imagebase:0x1c0000
                                                                                      File size:236'544 bytes
                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000013.00000002.2928233026.0000000004F04000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000013.00000002.2929009454.00000000059D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000013.00000002.2929009454.00000000059D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000013.00000002.2929009454.00000000059D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000013.00000002.2929009454.00000000059D0000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:20
                                                                                      Start time:09:02:48
                                                                                      Start date:21/12/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff66e660000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:25
                                                                                      Start time:09:03:13
                                                                                      Start date:21/12/2024
                                                                                      Path:C:\Users\user\AppData\Local\Temp\Demowordpad.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\Demowordpad.exe
                                                                                      Imagebase:0xe0000
                                                                                      File size:444'240 bytes
                                                                                      MD5 hash:FEA067901F48A5F1FAF7CA3B373F1A8F
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000019.00000002.2927530214.0000000000457000.00000002.00000001.01000000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 00000019.00000002.2927530214.0000000000457000.00000002.00000001.01000000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000019.00000002.2927530214.0000000000457000.00000002.00000001.01000000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 00000019.00000002.2927530214.0000000000457000.00000002.00000001.01000000.00000000.sdmp, Author: unknown
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000019.00000002.2928298393.0000000002F48000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Antivirus matches:
                                                                                      • Detection: 0%, ReversingLabs
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:26
                                                                                      Start time:09:03:24
                                                                                      Start date:21/12/2024
                                                                                      Path:C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe"
                                                                                      Imagebase:0x400000
                                                                                      File size:1'756'232 bytes
                                                                                      MD5 hash:BA699791249C311883BAA8CE3432703B
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000001A.00000002.3213715800.0000000009BF6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:27
                                                                                      Start time:09:03:24
                                                                                      Start date:21/12/2024
                                                                                      Path:C:\Windows\System32\pcaui.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Windows\system32\pcaui.exe" -g {11111111-1111-1111-1111-111111111111} -x {bce4b583-343f-44b8-8f95-9f76104077b9} -a "ManyCam" -v "ManyCam LLC" -s "To work properly, this app must be reinstalled after you upgrade Windows." -n 4 -f 0 -k 0 -e "C:\Users\user\AppData\Roaming\SyncvalidKil3\ManyCam.exe"
                                                                                      Imagebase:0x7ff6331b0000
                                                                                      File size:162'816 bytes
                                                                                      MD5 hash:0BA34D8D0BD01CB98F912114ACC7CF19
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:28
                                                                                      Start time:09:03:45
                                                                                      Start date:21/12/2024
                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\SysWOW64\cmd.exe
                                                                                      Imagebase:0x1c0000
                                                                                      File size:236'544 bytes
                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000001C.00000002.3387760105.0000000005950000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_Remcos, Description: Yara detected Remcos RAT, Source: 0000001C.00000002.3387760105.0000000005950000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000001C.00000002.3387760105.0000000005950000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: Windows_Trojan_Remcos_b296e965, Description: unknown, Source: 0000001C.00000002.3387760105.0000000005950000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 0000001C.00000002.3387133385.000000000534C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:29
                                                                                      Start time:09:03:45
                                                                                      Start date:21/12/2024
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff66e660000
                                                                                      File size:862'208 bytes
                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:33
                                                                                      Start time:09:04:04
                                                                                      Start date:21/12/2024
                                                                                      Path:C:\Users\user\AppData\Local\Temp\Demowordpad.exe
                                                                                      Wow64 process (32bit):
                                                                                      Commandline:C:\Users\user\AppData\Local\Temp\Demowordpad.exe
                                                                                      Imagebase:
                                                                                      File size:444'240 bytes
                                                                                      MD5 hash:FEA067901F48A5F1FAF7CA3B373F1A8F
                                                                                      Has elevated privileges:false
                                                                                      Has administrator privileges:false
                                                                                      Programmed in:C, C++ or other language
                                                                                      Has exited:false

                                                                                      Disassembly

                                                                                      Reset < >

                                                                                        Execution Graph

                                                                                        Execution Coverage:0.2%
                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:48
                                                                                        Total number of Limit Nodes:2
                                                                                        execution_graph 50261 17401d9 50262 17401e5 50261->50262 50263 17401e0 50261->50263 50267 17400c3 50262->50267 50275 1740554 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 50263->50275 50266 17401f6 50268 17400cf ___DllMainCRTStartup 50267->50268 50271 174012a 50268->50271 50272 17400f6 ___DllMainCRTStartup 50268->50272 50276 173ff00 50268->50276 50270 174015a 50270->50272 50273 173ff00 ___DllMainCRTStartup 21 API calls 50270->50273 50271->50270 50271->50272 50274 173ff00 ___DllMainCRTStartup 21 API calls 50271->50274 50272->50266 50273->50272 50274->50270 50275->50262 50277 173ff0b 50276->50277 50278 1740007 50277->50278 50280 173ff33 50277->50280 50295 173ff4d 50277->50295 50282 1740027 InterlockedCompareExchange 50278->50282 50278->50295 50279 173ff63 InterlockedCompareExchange 50279->50280 50281 173ff6c 50279->50281 50280->50279 50280->50281 50283 173ff58 Sleep 50280->50283 50286 173ff82 _amsg_exit 50281->50286 50287 173ff8b _initterm_e 50281->50287 50284 1740031 50282->50284 50285 174001c Sleep 50282->50285 50283->50279 50288 1740045 _decode_pointer 50284->50288 50289 174003b _amsg_exit 50284->50289 50285->50282 50292 173ffc0 50286->50292 50293 173ffb1 50287->50293 50287->50295 50290 17400a6 InterlockedExchange 50288->50290 50291 174005a _decode_pointer 50288->50291 50289->50295 50290->50295 50294 1740067 50291->50294 50292->50295 50296 173ffce InterlockedExchange 50292->50296 50301 1698b48 50293->50301 50298 174008e free _encoded_null 50294->50298 50299 174006c _encoded_null 50294->50299 50295->50271 50296->50295 50298->50290 50299->50294 50300 174007e _decode_pointer 50299->50300 50300->50294 50302 1698b6d 50301->50302 50303 1698b97 LocalAlloc 50302->50303 50304 1698bc0 50303->50304 50305 1698c56 CreateFileW 50304->50305 50306 1698c92 50305->50306 50307 1698ca8 50306->50307 50308 1698cce ReadFile 50306->50308 50307->50292 50309 1698d28 50308->50309 50310 1698d84 LoadLibraryA VirtualProtect 50309->50310 50311 1698994 50310->50311 50312 1698e12 VirtualProtect 50311->50312 50312->50307

                                                                                        Executed Functions

                                                                                        Function 0173FF00 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 141sleepCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • Sleep.KERNEL32(000003E8,?,?,00000001,?,0174012A,00000001,?,?,01761078,00000010,017401F6,?), ref: 0173FF5D
                                                                                          • Part of subcall function 01698B48: LocalAlloc.KERNELBASE(00000000,06400000), ref: 01698BA8
                                                                                        • InterlockedCompareExchange.KERNEL32(01773700,?,00000000), ref: 0173FF66
                                                                                        • _amsg_exit.MSVCR80 ref: 0173FF84
                                                                                        • _initterm_e.MSVCR80 ref: 0173FF9F
                                                                                        • InterlockedExchange.KERNEL32(01773700,00000000), ref: 0173FFD0
                                                                                        • Sleep.KERNEL32(000003E8,?,?,00000001,?,0174012A,00000001,?,?,01761078,00000010,017401F6,?), ref: 01740021
                                                                                        • InterlockedCompareExchange.KERNEL32(01773700,00000001,00000000), ref: 0174002B
                                                                                        • _amsg_exit.MSVCR80 ref: 0174003D
                                                                                        • _decode_pointer.MSVCR80(?,?,00000001,?,0174012A,00000001,?,?,01761078,00000010,017401F6,?), ref: 01740051
                                                                                        • _decode_pointer.MSVCR80(?,00000001,?,0174012A,00000001,?,?,01761078,00000010,017401F6,?), ref: 01740060
                                                                                        • _encoded_null.MSVCR80(00000001,?,0174012A,00000001,?,?,01761078,00000010,017401F6,?), ref: 01740072
                                                                                        • _decode_pointer.MSVCR80(?,?,0174012A,00000001,?,?,01761078,00000010,017401F6,?), ref: 01740082
                                                                                        • free.MSVCR80 ref: 0174008F
                                                                                        • _encoded_null.MSVCR80(?,01761078,00000010,017401F6,?), ref: 01740096
                                                                                        • InterlockedExchange.KERNEL32(01773700,00000000), ref: 017400B3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExchangeInterlocked$_decode_pointer$CompareSleep_amsg_exit_encoded_null$AllocLocal_initterm_efree
                                                                                        • String ID: 0M"v
                                                                                        • API String ID: 3563276230-3086592775
                                                                                        • Opcode ID: 2fbc5dd311a2b5a6d9790d75b3f54e228c5a5ea1d0a6b9d69f60820a5cd19a98
                                                                                        • Instruction ID: 9efc411eb2013526a88ae7be6b63950e7e28174afd2e3b868cbd1b69930c9ba5
                                                                                        • Opcode Fuzzy Hash: 2fbc5dd311a2b5a6d9790d75b3f54e228c5a5ea1d0a6b9d69f60820a5cd19a98
                                                                                        • Instruction Fuzzy Hash: A141E775644306DFD730AF69EC84E6AFFA4FB417A1F10841EFA05C6266DB31D4809B92
                                                                                        Function 01698B48 Relevance: 9.3, APIs: 6, Instructions: 288memoryfilelibraryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        APIs
                                                                                        • LocalAlloc.KERNELBASE(00000000,06400000), ref: 01698BA8
                                                                                        • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000004,00000080,00000000), ref: 01698C7A
                                                                                        • ReadFile.KERNELBASE(?,00000001,00000000,?,00000000), ref: 01698CE2
                                                                                        • LoadLibraryA.KERNELBASE(00000001), ref: 01698D93
                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,00000000), ref: 01698E01
                                                                                        • VirtualProtect.KERNELBASE(?,?,00000000,00000000), ref: 01698E22
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: FileProtectVirtual$AllocCreateLibraryLoadLocalRead
                                                                                        • String ID:
                                                                                        • API String ID: 2652859266-0
                                                                                        • Opcode ID: 551e7c63052fcfe0101ff07439704a0dda2d7c4436f5002aaf5477e8add607dd
                                                                                        • Instruction ID: 39ff3efab42963fe1dd75d7d9005affc1614f2e1983bfab59cfdad71e88aa788
                                                                                        • Opcode Fuzzy Hash: 551e7c63052fcfe0101ff07439704a0dda2d7c4436f5002aaf5477e8add607dd
                                                                                        • Instruction Fuzzy Hash: 7DD159B5D00219EFCF45CFA8D980A9DBBF9BF08314F20409AE519EB261D731AA91DF14

                                                                                        Non-executed Functions

                                                                                        Function 01729470 Relevance: 109.5, APIs: 36, Strings: 26, Instructions: 959stringmemoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • isspace.MSVCR80 ref: 017294E6
                                                                                        • cvGetErrStatus.CXCORE099 ref: 0172951D
                                                                                        • cvGetErrStatus.CXCORE099 ref: 01729582
                                                                                        • cvAttrValue.CXCORE099(?,type_id), ref: 017295B3
                                                                                        • cvFindType.CXCORE099(00000000), ref: 01729605
                                                                                        • cvGetErrStatus.CXCORE099 ref: 01729613
                                                                                          • Part of subcall function 016D6D60: malloc.MSVCR80 ref: 016D6D6E
                                                                                        • cvGetErrStatus.CXCORE099 ref: 01729669
                                                                                        • cvSeqPush.CXCORE099(?,00000000), ref: 0172969A
                                                                                        • cvGetFileNode.CXCORE099(?,?,?,00000001), ref: 017296AB
                                                                                        • cvGetErrStatus.CXCORE099 ref: 017296B5
                                                                                        • cvGetErrStatus.CXCORE099 ref: 017296D8
                                                                                        • cvGetErrStatus.CXCORE099 ref: 01729721
                                                                                        • cvGetErrStatus.CXCORE099 ref: 01729783
                                                                                        • cvSeqPush.CXCORE099(?,00000000), ref: 01729796
                                                                                        • isdigit.MSVCR80 ref: 017297C1
                                                                                        • isdigit.MSVCR80 ref: 017297DA
                                                                                        • isalnum.MSVCR80 ref: 017297F9
                                                                                        • isdigit.MSVCR80 ref: 01729831
                                                                                        • isdigit.MSVCR80 ref: 0172984F
                                                                                        • strtol.MSVCR80 ref: 0172986E
                                                                                        • strtod.MSVCR80 ref: 0172988C
                                                                                        • isalpha.MSVCR80 ref: 017298A5
                                                                                        • cvGetErrStatus.CXCORE099 ref: 017298CB
                                                                                        • isalnum.MSVCR80 ref: 01729942
                                                                                        • isspace.MSVCR80 ref: 01729977
                                                                                        • strtol.MSVCR80 ref: 017299B8
                                                                                        • isalnum.MSVCR80 ref: 01729A15
                                                                                        • sprintf.MSVCR80 ref: 01729D8E
                                                                                        • cvError.CXCORE099(FFFFFF2C,icvXMLParseValue,?,.\cxpersistence.cpp,000007A2), ref: 01729DAD
                                                                                        • cvMemStorageAllocString.CXCORE099(?,?,?), ref: 01729E00
                                                                                        • cvGetErrStatus.CXCORE099 ref: 01729E12
                                                                                        • cvError.CXCORE099(000000FF,icvXMLParseValue,Inner function failed.,.\cxpersistence.cpp,00000720), ref: 01729ECA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Status$isdigit$isalnum$ErrorPushisspacestrtol$AllocAttrFileFindNodeStorageStringTypeValueisalphamallocsprintfstrtod
                                                                                        • String ID: "$%s(%d): %s$.\cxpersistence.cpp$Closing " is expected$Directive tags are not allowed here$Empty tags are not supported$Inner function failed.$Invalid character in the symbol entity name$Invalid numeric value (inconsistent explicit type specification?)$Invalid numeric value in the string$Literal " is not allowed within a string. Use &quot;$Literal ' or > are not allowed. Use &apos; or &gt;$Map element should have a name$Mismatched closing tag$Sequence element should not have name (use <_></_>)$The actual type is different from the specified type$There should be space between literals$Too long string literal$amp$apos$icvXMLParseValue$map$quot$seq$str$type_id
                                                                                        • API String ID: 3112902832-1733747330
                                                                                        • Opcode ID: da61fc11bd4f90571c328639ea584d4615f4ccd7d6d54b90462034e0b1b46dde
                                                                                        • Instruction ID: 724f7026d98821dc07925b8040457a81fb5cba6d90b0e98e0ba3675d1c15cace
                                                                                        • Opcode Fuzzy Hash: da61fc11bd4f90571c328639ea584d4615f4ccd7d6d54b90462034e0b1b46dde
                                                                                        • Instruction Fuzzy Hash: A46247B2E083719BE7218E3CC850767FBE5AB8130CF4C455DEB859B292E631D946C792
                                                                                        Function 017000D0 Relevance: 97.1, APIs: 39, Strings: 16, Instructions: 851COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,cvCalcCovarMatrix,NULL vec pointer,.\cxmatmul.cpp,000009B4), ref: 0170021A
                                                                                        • cvGetMat.CXCORE099(?,?,00000000,00000000), ref: 01700235
                                                                                          • Part of subcall function 0169E130: cvError.CXCORE099(000000E5,cvGetMat,NULL array pointer is passed,.\cxarray.cpp,00000ADB,?,?,?,?), ref: 0169E4BC
                                                                                        • cvGetErrStatus.CXCORE099 ref: 01700243
                                                                                          • Part of subcall function 016D6D60: malloc.MSVCR80 ref: 016D6D6E
                                                                                        • cvGetMat.CXCORE099(?,?,00000000,00000000), ref: 01700261
                                                                                        • cvGetErrStatus.CXCORE099 ref: 0170026F
                                                                                        • cvError.CXCORE099(000000FF,cvCalcCovarMatrix,Inner function failed.,.\cxmatmul.cpp,000009B7), ref: 0170028E
                                                                                        • cvError.CXCORE099(FFFFFF33,cvCalcCovarMatrix,Covariation matrix and average vector should have the same types,.\cxmatmul.cpp,000009BB), ref: 017002C4
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvError.CXCORE099(FFFFFF2E,cvCalcCovarMatrix,The format of input vectors is not supported,.\cxmatmul.cpp,00000A6E), ref: 01700953
                                                                                        • cvFree_.CXCORE099(?), ref: 01700CBF
                                                                                        • cvReleaseMat.CXCORE099(?,?), ref: 01700CCC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status$Free_Releasemalloc
                                                                                        • String ID: $.\cxmatmul.cpp$All input vectors and average vector must have the same size$All input vectors must have the same type$All vectors must have a single channel$Covariation matrix and average vector should have the same types$Covariation matrix must be 32fC1 or 64fC1$Covariation matrix must be square$Inner function failed.$NULL vec pointer$The format of input vectors is not supported$The number of input vectors does not match to avg vector size$The number of vectors is zero or negative$The size of input vectors does not match with the size of covariation matrix$The vector count and covariance matrix size do not match$cvCalcCovarMatrix
                                                                                        • API String ID: 1144712305-2216315964
                                                                                        • Opcode ID: d3aa84b6a1e1979d0694b7555d6b893133a1d93cbb42c83df2d659b82ded0d23
                                                                                        • Instruction ID: a26de16b44d146a218055411a66e43a94eaae0a103ea4924a318bb50220a21a1
                                                                                        • Opcode Fuzzy Hash: d3aa84b6a1e1979d0694b7555d6b893133a1d93cbb42c83df2d659b82ded0d23
                                                                                        • Instruction Fuzzy Hash: 0872C9B1A08301DFD721DF18D890A2BFBE5FB85760F108A5DF5909B296D771E851CB82
                                                                                        Function 0172C360 Relevance: 77.4, APIs: 31, Strings: 13, Instructions: 409memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1877 172c360-172c3c3 cvAlloc cvGetErrStatus 1878 172c3c5-172c3ca 1877->1878 1879 172c3cf-172c3e7 cvStartReadSeq 1877->1879 1880 172c5e4-172c5fd cvError 1878->1880 1881 172c437-172c459 cvStartWriteStruct cvGetErrStatus 1879->1881 1882 172c3e9-172c3ed 1879->1882 1885 172c85b-172c88a cvFree_ * 2 call 173fbb0 1880->1885 1883 172c465-172c4d1 sprintf cvWriteString cvWriteInt call 17267c0 cvGetErrStatus 1881->1883 1884 172c45b-172c460 1881->1884 1886 172c3f0-172c3f3 1882->1886 1895 172c4d3-172c4d8 1883->1895 1896 172c4dd-172c4df 1883->1896 1884->1880 1889 172c407-172c416 1886->1889 1890 172c3f5-172c404 1886->1890 1893 172c42b-172c435 1889->1893 1894 172c418-172c428 cvChangeSeqBlock 1889->1894 1890->1889 1893->1881 1893->1886 1894->1893 1895->1880 1897 172c4f2-172c530 cvWriteInt call 17267c0 cvGetErrStatus 1896->1897 1898 172c4e1-172c4ef cvWriteString 1896->1898 1901 172c532-172c537 1897->1901 1902 172c53c-172c53e 1897->1902 1898->1897 1901->1880 1903 172c540 1902->1903 1904 172c545-172c58e sprintf cvWriteString call 172bb70 cvGetErrStatus 1902->1904 1903->1904 1907 172c590-172c595 1904->1907 1908 172c597-172c5aa 1904->1908 1907->1880 1909 172c5b0-172c5bd 1908->1909 1910 172c5ac 1908->1910 1911 172c5c3-172c5dd cvAlloc cvGetErrStatus 1909->1911 1912 172c5bf 1909->1912 1910->1909 1913 172c602-172c604 1911->1913 1914 172c5df 1911->1914 1912->1911 1915 172c608-172c60a 1913->1915 1914->1880 1916 172c622-172c630 1915->1916 1917 172c60c-172c616 1915->1917 1920 172c634-172c666 call 1725240 1916->1920 1918 172c7e6-172c7f0 1917->1918 1919 172c61c-172c620 1917->1919 1918->1915 1921 172c7f6-172c819 cvEndWriteStruct cvStartReadSeq 1918->1921 1919->1920 1925 172c6b3-172c6c0 1920->1925 1926 172c668-172c682 call 17250b0 1920->1926 1921->1885 1923 172c81b-172c81f 1921->1923 1927 172c823-172c826 1923->1927 1929 172c6c2 1925->1929 1930 172c6c7-172c6f4 cvStartWriteStruct cvStartReadSeq 1925->1930 1938 172c684-172c6a9 1926->1938 1939 172c6ab 1926->1939 1931 172c833-172c83e 1927->1931 1932 172c828-172c830 1927->1932 1929->1930 1934 172c7d5-172c7e3 cvEndWriteStruct 1930->1934 1935 172c6fa-172c6fe 1930->1935 1936 172c853-172c859 1931->1936 1937 172c840-172c850 cvChangeSeqBlock 1931->1937 1932->1931 1934->1918 1940 172c700-172c703 1935->1940 1936->1885 1936->1927 1937->1936 1938->1925 1938->1939 1939->1925 1941 172c789-172c794 1940->1941 1942 172c709-172c70e 1940->1942 1943 172c796-172c7a6 cvChangeSeqBlock 1941->1943 1944 172c7a9-172c7b7 1941->1944 1945 172c710-172c71a 1942->1945 1946 172c71c-172c73e 1942->1946 1943->1944 1944->1940 1947 172c7bd-172c7bf 1944->1947 1948 172c758-172c75d memcpy 1945->1948 1949 172c760-172c76b 1946->1949 1950 172c740-172c757 1946->1950 1947->1934 1953 172c7c1-172c7d2 cvWriteRawData 1947->1953 1948->1949 1951 172c785 1949->1951 1952 172c76d-172c783 cvWriteRawData 1949->1952 1950->1948 1951->1941 1952->1951 1953->1934
                                                                                        APIs
                                                                                        • cvAlloc.CXCORE099(?), ref: 0172C3B0
                                                                                        • cvGetErrStatus.CXCORE099 ref: 0172C3BC
                                                                                          • Part of subcall function 016D6D60: malloc.MSVCR80 ref: 016D6D6E
                                                                                        • cvStartReadSeq.CXCORE099(?,?,00000000), ref: 0172C3D6
                                                                                        • cvChangeSeqBlock.CXCORE099(?,00000001), ref: 0172C41F
                                                                                        • cvStartWriteStruct.CXCORE099(?,?,00000006,opencv-graph,00000000,00000000), ref: 0172C44A
                                                                                        • cvGetErrStatus.CXCORE099 ref: 0172C452
                                                                                        • cvError.CXCORE099(000000FF,icvWriteGraph,Inner function failed.,.\cxpersistence.cpp,00001198), ref: 0172C5F5
                                                                                        • cvStartWriteStruct.CXCORE099(?,vertices,0000000D,00000000,00000000,00000000), ref: 0172C6D3
                                                                                        • cvStartReadSeq.CXCORE099(?,?,00000000,?,vertices,0000000D,00000000,00000000,00000000), ref: 0172C6E0
                                                                                        • memcpy.MSVCR80(?,?,?), ref: 0172C758
                                                                                        • cvWriteRawData.CXCORE099(?,00000000,?,?), ref: 0172C779
                                                                                        • cvChangeSeqBlock.CXCORE099(?,00000001), ref: 0172C79D
                                                                                        • cvWriteRawData.CXCORE099(?,00000000,00000000,?), ref: 0172C7CD
                                                                                        • cvEndWriteStruct.CXCORE099(?), ref: 0172C7DA
                                                                                        • cvEndWriteStruct.CXCORE099(?), ref: 0172C7FB
                                                                                        • cvStartReadSeq.CXCORE099(?,?,00000000,?), ref: 0172C80C
                                                                                        • cvChangeSeqBlock.CXCORE099(?,00000001), ref: 0172C847
                                                                                        • cvFree_.CXCORE099(?), ref: 0172C860
                                                                                        • cvFree_.CXCORE099(?,?), ref: 0172C86A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Write$Start$Struct$BlockChangeRead$DataFree_Status$AllocErrormallocmemcpy
                                                                                        • String ID: %08x$.\cxpersistence.cpp$2if%s$Inner function failed.$edge_count$edge_dt$edges$flags$icvWriteGraph$opencv-graph$vertex_count$vertex_dt$vertices
                                                                                        • API String ID: 3464137964-881343473
                                                                                        • Opcode ID: 468d83250f551410767561841ccbe4db65d5cb466824b151eb967293cd7ecac6
                                                                                        • Instruction ID: 99d006eed7f3462c48d5abc11dc9ef7a1823ef36e2ff366d9d7520d21b3cafb9
                                                                                        • Opcode Fuzzy Hash: 468d83250f551410767561841ccbe4db65d5cb466824b151eb967293cd7ecac6
                                                                                        • Instruction Fuzzy Hash: 54E19CB16083129FD315DF58C880A6FF7E9EFA8704F10491DFA8997241EB71E9468B92
                                                                                        Function 016FE110 Relevance: 63.6, APIs: 32, Strings: 3, Instructions: 2324COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvGetMat.CXCORE099(?,?,?,00000000), ref: 016FE177
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016FE182
                                                                                        • cvError.CXCORE099(000000FF,cvGEMM,Inner function failed.,.\cxmatmul.cpp,0000028F), ref: 016FE1A1
                                                                                        • cvError.CXCORE099(000000E8,cvGEMM,0174124F,.\cxmatmul.cpp,00000280), ref: 016FE1C9
                                                                                        • cvGetMat.CXCORE099(?,?,?,00000000), ref: 016FE1FF
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016FE20A
                                                                                        • cvError.CXCORE099(000000E8,cvGEMM,0174124F,.\cxmatmul.cpp,000002A0), ref: 016FE238
                                                                                        • cvGetMat.CXCORE099(?,?,?,00000000), ref: 016FE26C
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016FE279
                                                                                        • cvGetMat.CXCORE099(?,?,?,00000000), ref: 016FE2DE
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016FE2E9
                                                                                        • cvError.CXCORE099(FFFFFF33,cvGEMM,0174124F,.\cxmatmul.cpp,000002A4), ref: 016FE338
                                                                                        • cvError.CXCORE099(FFFFFF2F,cvGEMM,0174124F,.\cxmatmul.cpp,000002A8), ref: 016FE38C
                                                                                        • cvTranspose.CXCORE099(?,00000000), ref: 016FE3A9
                                                                                        • cvError.CXCORE099(FFFFFF2F,cvGEMM,0174124F,.\cxmatmul.cpp,000002C9), ref: 016FE475
                                                                                        • cvError.CXCORE099(FFFFFF2F,cvGEMM,0174124F,.\cxmatmul.cpp,000002D0), ref: 016FE4BA
                                                                                        • cvError.CXCORE099(FFFFFF2F,cvGEMM,0174124F,.\cxmatmul.cpp,000002D7), ref: 016FE4FB
                                                                                        • cvError.CXCORE099(FFFFFF2F,cvGEMM,0174124F,.\cxmatmul.cpp,000002DE), ref: 016FE53C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status$Transpose
                                                                                        • String ID: .\cxmatmul.cpp$Inner function failed.$cvGEMM
                                                                                        • API String ID: 3014044127-1641548190
                                                                                        • Opcode ID: 7370e5b3bbe39077f6b5216adb95448e27e1d86217ecbf932b0ab5a7d369d173
                                                                                        • Instruction ID: 0d4c9f40b6fd49e70d3aae69c82d66e0fa382e5006f78e0a677cbecd0f8b59bf
                                                                                        • Opcode Fuzzy Hash: 7370e5b3bbe39077f6b5216adb95448e27e1d86217ecbf932b0ab5a7d369d173
                                                                                        • Instruction Fuzzy Hash: 5923B1B2A00209DFCB14CF48D98469C7BB5FF48354F26455CEA1AA7365EB32E865CF90
                                                                                        Function 0173E4D0 Relevance: 32.1, APIs: 14, Strings: 4, Instructions: 603COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvMinMaxLoc.CXCORE099(?,?,?,00000000,00000000,?), ref: 0173E543
                                                                                        • cvError.CXCORE099(000000FB,cvNormalize,Unknown/unsupported norm type,.\cxutils.cpp,00000203), ref: 0173E5B6
                                                                                        • _CIsqrt.MSVCR80 ref: 0173E6D0
                                                                                        • cvReleaseMat.CXCORE099(00000000), ref: 0173E86F
                                                                                        • _CIsqrt.MSVCR80 ref: 0173E8DE
                                                                                        • cvNorm.CXCORE099(?,00000000,?,?), ref: 0173EA85
                                                                                        • cvConvertScale.CXCORE099(?,01703518,?,?,?,?,?,?,00000000,?), ref: 0173EAC3
                                                                                        • cvGetMat.CXCORE099(01703518,?,00000000,00000000,?,?,00000000,?), ref: 0173EADE
                                                                                        • cvGetErrStatus.CXCORE099(?,?,?,?,?,?,00000000,?), ref: 0173EAEA
                                                                                        • cvCreateMat.CXCORE099(?,00000002,?,?,?,?,?,?,?,00000000,?), ref: 0173EB09
                                                                                        • cvGetErrStatus.CXCORE099(?,?,?,?,?,?,?,?,?,00000000,?), ref: 0173EB15
                                                                                        • cvError.CXCORE099(000000FF,cvNormalize,Inner function failed.,.\cxutils.cpp,0000020B,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0173EB34
                                                                                        • cvConvertScale.CXCORE099(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0173EB59
                                                                                        • cvCopy.CXCORE099(?,01703518,?,?,?), ref: 0173EB65
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ConvertErrorIsqrtScaleStatus$CopyCreateNormRelease
                                                                                        • String ID: .\cxutils.cpp$Inner function failed.$Unknown/unsupported norm type$cvNormalize
                                                                                        • API String ID: 3894548046-3038725888
                                                                                        • Opcode ID: 9bef86923a976dc6198a55c934d65d20303ed30d69b64ad95de6491387fc45c2
                                                                                        • Instruction ID: e9f2c27bfada1c68fe6a601b9c8a1fe816170ac985a70ef11d8557a9f2d3921f
                                                                                        • Opcode Fuzzy Hash: 9bef86923a976dc6198a55c934d65d20303ed30d69b64ad95de6491387fc45c2
                                                                                        • Instruction Fuzzy Hash: 121242B2E001059BDB13AE04D9987ADFBA4FBC5740F614D98D5829226BFF31D9648FC1
                                                                                        Function 0173B1D0 Relevance: 26.0, APIs: 16, Instructions: 2039COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: memset$Isqrt$__alloca_probe_16
                                                                                        • String ID:
                                                                                        • API String ID: 374455506-0
                                                                                        • Opcode ID: 7a0246b2b7f853d21cb24337b471fae9d27c4056b89eb0219a421f85487d597b
                                                                                        • Instruction ID: f1a5901a914b1aaed3edf67113a9af353c877cb8dad51c3f60981e8351157142
                                                                                        • Opcode Fuzzy Hash: 7a0246b2b7f853d21cb24337b471fae9d27c4056b89eb0219a421f85487d597b
                                                                                        • Instruction Fuzzy Hash: 940383B2E01109DFCB06AF14D5886DCBBB4FF44354F624988E955A72AAF7329964CFC0
                                                                                        Function 0052309D Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 70memorylibraryloaderCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • IsProcessorFeaturePresent.KERNEL32(0000000C,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?,0000040A), ref: 005230A0
                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405), ref: 005230BA
                                                                                        • GetProcAddress.KERNEL32(00000000,InterlockedPushEntrySList), ref: 005230D4
                                                                                        • GetProcAddress.KERNEL32(00000000,InterlockedPopEntrySList), ref: 005230E1
                                                                                        • GetProcessHeap.KERNEL32(00000000,00000008,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000), ref: 00523113
                                                                                        • HeapAlloc.KERNEL32(00000000,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405), ref: 00523116
                                                                                        • InterlockedCompareExchange.KERNEL32(?,00000000,00000000), ref: 0052312A
                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000), ref: 00523136
                                                                                        • HeapFree.KERNEL32(00000000,?,?,?,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405), ref: 00523139
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$AddressProcProcess$AllocCompareExchangeFeatureFreeInterlockedLibraryLoadPresentProcessor
                                                                                        • String ID: InterlockedPopEntrySList$InterlockedPushEntrySList$kernel32.dll
                                                                                        • API String ID: 3830925854-2586642590
                                                                                        • Opcode ID: 045a139df42147dc29b3cf1c1bb3d0180b322a35e46f72030a23bd9566d498ff
                                                                                        • Instruction ID: 6a309bd71f26a8b6476057eaf9253ffddd2ea6d6ddf4b4a8f55772e675858cee
                                                                                        • Opcode Fuzzy Hash: 045a139df42147dc29b3cf1c1bb3d0180b322a35e46f72030a23bd9566d498ff
                                                                                        • Instruction Fuzzy Hash: 7E11B276610228AFE7209F69FC899177FACFF66B51B008419F605C3250D7389814EB60
                                                                                        Function 00523722 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 57COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • IsDebuggerPresent.KERNEL32 ref: 0052439E
                                                                                        • _crt_debugger_hook.MSVCR80(00000001), ref: 005243AB
                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 005243B3
                                                                                        • UnhandledExceptionFilter.KERNEL32(00575E58), ref: 005243BE
                                                                                        • _crt_debugger_hook.MSVCR80(00000001), ref: 005243CF
                                                                                        • GetCurrentProcess.KERNEL32(C0000409), ref: 005243DA
                                                                                        • TerminateProcess.KERNEL32(00000000), ref: 005243E1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ExceptionFilterProcessUnhandled_crt_debugger_hook$CurrentDebuggerPresentTerminate
                                                                                        • String ID: !ME
                                                                                        • API String ID: 3369434319-2242867602
                                                                                        • Opcode ID: fa064457d980cb34010aba6a9c8ddec48f34fb03e7b2cf8e25b020562b0318d8
                                                                                        • Instruction ID: 39ba21fb788a80fe4ca9cc942bdb85b36a6e35659692cabfea893639d5bd73cc
                                                                                        • Opcode Fuzzy Hash: fa064457d980cb34010aba6a9c8ddec48f34fb03e7b2cf8e25b020562b0318d8
                                                                                        • Instruction Fuzzy Hash: 9521B0B4901214DFE700DF69FD4E6457BB4FB2A308F10441AF508877A0E7B0568DAF15
                                                                                        Function 0173D5E0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 127registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetSystemInfo.KERNEL32(?,?,00000000), ref: 0173D5FF
                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,HARDWARE\DESCRIPTION\SYSTEM\CentralProcessor\0\,00000000,00000001,?), ref: 0173D65B
                                                                                        • RegQueryValueExA.ADVAPI32(?,~MHz,00000000,00000000,?,?), ref: 0173D67B
                                                                                        • RegCloseKey.ADVAPI32(?), ref: 0173D69F
                                                                                        • QueryPerformanceFrequency.KERNEL32(?,?,00000000), ref: 0173D73F
                                                                                        Strings
                                                                                        • ~MHz, xrefs: 0173D675
                                                                                        • HARDWARE\DESCRIPTION\SYSTEM\CentralProcessor\0\, xrefs: 0173D636
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Query$CloseFrequencyInfoOpenPerformanceSystemValue
                                                                                        • String ID: HARDWARE\DESCRIPTION\SYSTEM\CentralProcessor\0\$~MHz
                                                                                        • API String ID: 3168753991-3803085211
                                                                                        • Opcode ID: 09632577b556b0c928b9f7038561ff68cfb1fdc41e81ac8508cbfecffa6f7d25
                                                                                        • Instruction ID: e903e7e17dde7ae28d07c087ff6f262246dd0ff6e9d9f20fc59159646e0aa08b
                                                                                        • Opcode Fuzzy Hash: 09632577b556b0c928b9f7038561ff68cfb1fdc41e81ac8508cbfecffa6f7d25
                                                                                        • Instruction Fuzzy Hash: BE41D3B52043498FC321DF59E884A6BFBE4FBC4365F80492EF585C3245E776E4888B52
                                                                                        Function 016F5420 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 591memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocFree___alloca_probe_16
                                                                                        • String ID:
                                                                                        • API String ID: 2673625120-3916222277
                                                                                        • Opcode ID: 2c0ba4de508d27fac0a197bb1e0b53c0b961cf21cf7a1da19a4052a66c1207e0
                                                                                        • Instruction ID: f1c39596fca09f08147e273c84fbfdffb922c74a5855da18d8051465be7d60bd
                                                                                        • Opcode Fuzzy Hash: 2c0ba4de508d27fac0a197bb1e0b53c0b961cf21cf7a1da19a4052a66c1207e0
                                                                                        • Instruction Fuzzy Hash: 61424672D0061ACBCB14CF98C8845EDFBB2FF88315B26815ED916B7314E735AA65CB90
                                                                                        Function 00488A00 Relevance: 7.6, APIs: 5, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindResourceW.KERNEL32(00000000,0047AE1E,00000006,?,0047AE1E), ref: 00488A3B
                                                                                        • GetLastError.KERNEL32(?,0047AE1E), ref: 00488A4A
                                                                                        • SizeofResource.KERNEL32(00000000,00000000,?,0047AE1E), ref: 00488A5A
                                                                                        • GetLastError.KERNEL32(?,0047AE1E), ref: 00488A67
                                                                                        • GetLastError.KERNEL32(000000FF,00000000,00000000,00000000,00000000,00000000,?,0047AE1E), ref: 00488AA8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorLast$Resource$FindSizeof
                                                                                        • String ID:
                                                                                        • API String ID: 1187693681-0
                                                                                        • Opcode ID: 65827e7e1ba533ac49771d736c66928104eedf98d9c70884fcfb5a62a0082481
                                                                                        • Instruction ID: c0cef2afab0bd7fe4f68a4e2e270c34d254ae90ade39b42375e279ad05fcd0b3
                                                                                        • Opcode Fuzzy Hash: 65827e7e1ba533ac49771d736c66928104eedf98d9c70884fcfb5a62a0082481
                                                                                        • Instruction Fuzzy Hash: 13215EB490410CAFDF04EFA8C894AAEBBB5AF58304F50855EF516E7380DB349A40DBA5
                                                                                        Function 016F65F0 Relevance: 7.2, APIs: 4, Instructions: 1230COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: __alloca_probe_16
                                                                                        • String ID:
                                                                                        • API String ID: 1700504859-0
                                                                                        • Opcode ID: 0ba12113f121f9893d7210d21dd3528ef664d464f3a36d7178b0f199c50cc113
                                                                                        • Instruction ID: e25bbb8ad361530210caab834c3fd8148d23795892b98d9d9a6c2d2b741da63d
                                                                                        • Opcode Fuzzy Hash: 0ba12113f121f9893d7210d21dd3528ef664d464f3a36d7178b0f199c50cc113
                                                                                        • Instruction Fuzzy Hash: 49B27B72E01209DFCB05CF58D9946ECBBB2FF88354F268658D505A7329E731AA65CF80
                                                                                        Function 004B7920 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 35windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetLastError.KERNEL32(?,0050F176,00000000,?,?,?,?,?,?,D8A7CFFC), ref: 004B7929
                                                                                        • FormatMessageW.KERNEL32(00001100,00000000,00000000,00000400,00000000,00000000,00000000), ref: 004B7951
                                                                                          • Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
                                                                                          • Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852
                                                                                        • GlobalFree.KERNEL32(00000000), ref: 004B797D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFormatFreeGlobalLastMessagefflushfwprintf
                                                                                        • String ID: Error %lu(%XH): %s
                                                                                        • API String ID: 800684769-2225916613
                                                                                        • Opcode ID: 9c25a239c4296b40a1aac8e3427c21774919ee94bcf497bff91ff5139ac85dd7
                                                                                        • Instruction ID: 92133e916cea4efcc1403b83aedde9febef4d0811e6201f309352de0de206619
                                                                                        • Opcode Fuzzy Hash: 9c25a239c4296b40a1aac8e3427c21774919ee94bcf497bff91ff5139ac85dd7
                                                                                        • Instruction Fuzzy Hash: 42F0AFB9E40208BBE714DBD4DC46F9EBB78AB58701F104159FB04A7280D7B06A45DBA5
                                                                                        Function 004164A0 Relevance: 6.1, APIs: 4, Instructions: 97filestringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00416650: FindClose.KERNEL32(55C35DE5,00000000,?,004164B1,00000000,000001E2,-0000012B), ref: 00416686
                                                                                        • lstrlenW.KERNEL32(00000000,00000000,000001E2), ref: 004164C4
                                                                                        • FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                                        • GetFullPathNameW.KERNEL32(00000000,00000104,?,00000000), ref: 0041652C
                                                                                        • SetLastError.KERNEL32(0000007B), ref: 0041654D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Find$CloseErrorFileFirstFullLastNamePathlstrlen
                                                                                        • String ID:
                                                                                        • API String ID: 333540133-0
                                                                                        • Opcode ID: 171f62d7d2e46f7442e9afe65942f367c9dc7a9140c3c81f7060891864299191
                                                                                        • Instruction ID: f4e42fcc4f8ec7ae6713741ac17fac935eec9a5453ba0a6ca1ec1d98cf041219
                                                                                        • Opcode Fuzzy Hash: 171f62d7d2e46f7442e9afe65942f367c9dc7a9140c3c81f7060891864299191
                                                                                        • Instruction Fuzzy Hash: 8E413AB0A00219AFDB00DFA4DC84BEE77B2BF44305F11856AE515AB385C778D984CB98
                                                                                        Function 016F04F0 Relevance: 5.7, APIs: 3, Instructions: 1200COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: __alloca_probe_16
                                                                                        • String ID:
                                                                                        • API String ID: 1700504859-0
                                                                                        • Opcode ID: 9c7a92bfd98b1e6da2f168c7a2ae9a6692d4e609e941387a6eba4ca2569c500a
                                                                                        • Instruction ID: 1693be6ca0e5a1ab067110506fbacfd74dc22bc9abc43303cb7f8c1dd6c9b648
                                                                                        • Opcode Fuzzy Hash: 9c7a92bfd98b1e6da2f168c7a2ae9a6692d4e609e941387a6eba4ca2569c500a
                                                                                        • Instruction Fuzzy Hash: 17C233B1E00219DFCB00CF99D8946EDBBB1FF48314F26859AD905A7315E735AAA5CF80
                                                                                        Function 004170D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Versionmemset
                                                                                        • String ID: Z
                                                                                        • API String ID: 3136939366-1505515367
                                                                                        • Opcode ID: 516b4f2a042728e0f0f59f6a94ebabed824618c26df89cb6cf625fad9862a033
                                                                                        • Instruction ID: 947a03641c50d36fa0e939df1043f0996d18235827ec97ca73ee9231d218b9cc
                                                                                        • Opcode Fuzzy Hash: 516b4f2a042728e0f0f59f6a94ebabed824618c26df89cb6cf625fad9862a033
                                                                                        • Instruction Fuzzy Hash: 63017C7094522C9BDF28CF60DD0A7D8B7B4AB0A305F0001EAD54926381DB785BD8CF89
                                                                                        Function 0050EC90 Relevance: 4.0, APIs: 3, Instructions: 229COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a7a71dcc478b47e40df8151f770de63c075e4e3c067fe5a625892b148f8ef34b
                                                                                        • Instruction ID: b9a8476a3ded02214ffd1c961f0993893401f5a1c5ac13666dc1643a7a7c18ad
                                                                                        • Opcode Fuzzy Hash: a7a71dcc478b47e40df8151f770de63c075e4e3c067fe5a625892b148f8ef34b
                                                                                        • Instruction Fuzzy Hash: 5DB1FA7460424ADFCB04CF44C5959AEBBB2FF45344F248A99E8595B392C332EE52DF90
                                                                                        Function 004B2100 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 104comCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                          • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                          • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                        • CoCreateInstance.OLE32(?,00000000,00000001,00571980,00000000,?,?,0056F520,D8A7CFFC,?,?,?,?,00000000,005334CC,000000FF), ref: 004B21C6
                                                                                        Strings
                                                                                        • CGraphMgr::AddFilterByCLSID name=%s, xrefs: 004B214A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$CreateInstanceclock
                                                                                        • String ID: CGraphMgr::AddFilterByCLSID name=%s
                                                                                        • API String ID: 918117742-3942708501
                                                                                        • Opcode ID: 80f2d3ddaa8d4aa783709a640ee3d22423abe0e31a3af0e214f939dcddfe5315
                                                                                        • Instruction ID: 6627f4356a5c181cec56012d4899b026b21b0b7ca21db5bf76fe668c849b38a9
                                                                                        • Opcode Fuzzy Hash: 80f2d3ddaa8d4aa783709a640ee3d22423abe0e31a3af0e214f939dcddfe5315
                                                                                        • Instruction Fuzzy Hash: C2411C75900209EFDB08DF98D984BEEB7B4FB08314F10865EE815A7390DB74AA01CB64
                                                                                        Function 01739090 Relevance: 3.0, APIs: 2, Instructions: 518COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: memset
                                                                                        • String ID:
                                                                                        • API String ID: 2221118986-0
                                                                                        • Opcode ID: be7cc7ad090ee772bd5c1b9df2592d6ae76190be129e9ca73217eeecf0f865db
                                                                                        • Instruction ID: 6e249788ff3ea7d55c31684827488f2637b062b0df74b152a51c0e9bdc6f8838
                                                                                        • Opcode Fuzzy Hash: be7cc7ad090ee772bd5c1b9df2592d6ae76190be129e9ca73217eeecf0f865db
                                                                                        • Instruction Fuzzy Hash: C222E172A04A09CBC711DF18D98866DF7F4FFC8314F12099CE58297269EB71E969CB81
                                                                                        Function 016FD160 Relevance: 2.6, APIs: 1, Instructions: 1062COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: __alloca_probe_16
                                                                                        • String ID:
                                                                                        • API String ID: 1700504859-0
                                                                                        • Opcode ID: 30cdf546afa00eb1e18f20e4ce6aef98f34c137279191768a5c820490c3a3d29
                                                                                        • Instruction ID: ba25742c00f81062609b655729a55d1a96e9e365d0df7dcc456143a853c2be19
                                                                                        • Opcode Fuzzy Hash: 30cdf546afa00eb1e18f20e4ce6aef98f34c137279191768a5c820490c3a3d29
                                                                                        • Instruction Fuzzy Hash: C1925EB3E11509A7C706BE44D5191C87BB0FB48794B725D88D88AF627AFE339D648BC0
                                                                                        Function 00523077 Relevance: 2.5, APIs: 2, Instructions: 12memoryCOMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetProcessHeap.KERNEL32(00000000,00416AB4,00523168,00416AB4,0041507C,00415062,?,00415062,00416AB4,?,00416AB4,?,?,?,?), ref: 00523087
                                                                                        • HeapFree.KERNEL32(00000000,?,00415062,00416AB4,?,00416AB4,?,?,?,?), ref: 0052308E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Heap$FreeProcess
                                                                                        • String ID:
                                                                                        • API String ID: 3859560861-0
                                                                                        • Opcode ID: 441a53b93ebf16eed188891ea13d12f94a6ae03e7d81ddeafca47d4340301828
                                                                                        • Instruction ID: f319b3c51e495ac70aa74a2a88efa86c29433e891e0bee9a04cda8eb8d13ba05
                                                                                        • Opcode Fuzzy Hash: 441a53b93ebf16eed188891ea13d12f94a6ae03e7d81ddeafca47d4340301828
                                                                                        • Instruction Fuzzy Hash: D1D00274914214AFDE11ABA8AE8EA493B7ABF65702F504840F216D61A1D7399848FA21
                                                                                        Function 016DE120 Relevance: .5, Instructions: 506COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: aab16ce2c3db185fdd7fbd049f4828fb638d000d0f4949e917ae29bfa617c2bd
                                                                                        • Instruction ID: d766a8cf76a2127536c91b51f50d42d46d277d73c1a8481c2e55ee10a1c0d2e3
                                                                                        • Opcode Fuzzy Hash: aab16ce2c3db185fdd7fbd049f4828fb638d000d0f4949e917ae29bfa617c2bd
                                                                                        • Instruction Fuzzy Hash: 4D1219B7E0461597C316AE14D4151997BB4FB887A0F234E6DE885A23BDFF328D188BC1
                                                                                        Function 016E0180 Relevance: .4, Instructions: 384COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d81c3227b5cf1ef9d16a775bca163ec96d60734e12b61bb785696eaef3e0b66d
                                                                                        • Instruction ID: c9d6d0dcaa891f6ec048181bbbd705e16f18145a9a6fa6e8594574a7c05debb4
                                                                                        • Opcode Fuzzy Hash: d81c3227b5cf1ef9d16a775bca163ec96d60734e12b61bb785696eaef3e0b66d
                                                                                        • Instruction Fuzzy Hash: 55D10573F096059BC3019E68D844159BBE5FBC5394F628E6DF482E2269FF32C9148BC6
                                                                                        Function 016BD430 Relevance: .3, Instructions: 338COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5679c2e7861cf87a1b5172456ce33160e32285f697dfd790b91074d43ffca4ee
                                                                                        • Instruction ID: bcff26ea647fb77af292ad0b2ba6f226688b1e02be05319b733cab3b8c15a9b7
                                                                                        • Opcode Fuzzy Hash: 5679c2e7861cf87a1b5172456ce33160e32285f697dfd790b91074d43ffca4ee
                                                                                        • Instruction Fuzzy Hash: 9EC1C072601B278BDB188E7CCCA03BA77A0FF50308F09463DE9569B399D7719959CB84
                                                                                        Function 016BD422 Relevance: .3, Instructions: 326COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5c0604362d31509736918f76aa38d052e34dcdd4ee755d38747f33e60fec0d20
                                                                                        • Instruction ID: 250d00fda9d050c77f904ead85e1e5eeb0d7d3afa3e4b1788d108a136e491897
                                                                                        • Opcode Fuzzy Hash: 5c0604362d31509736918f76aa38d052e34dcdd4ee755d38747f33e60fec0d20
                                                                                        • Instruction Fuzzy Hash: 9BC1AE72501B178BDB29CE6CCCE03AA77A0FF50308F09463CE9569B399D7319959CB84
                                                                                        Function 0172E5A0 Relevance: .3, Instructions: 274COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 06d6263df1ed89ec59fedd77ec08d62d5e41fdd4f7e1a9b51843889322b73e64
                                                                                        • Instruction ID: 007a967b58f0487dc41937300d3441a80c1d82590c3aa02a1c8e7584a164fcf4
                                                                                        • Opcode Fuzzy Hash: 06d6263df1ed89ec59fedd77ec08d62d5e41fdd4f7e1a9b51843889322b73e64
                                                                                        • Instruction Fuzzy Hash: E1A16A76905B028BD315CE29C84035AFBE2FFC4614F5DCA2CE8854779DE7B4AA468B81
                                                                                        Function 016AE5A0 Relevance: .3, Instructions: 258COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 35e183c680c9d9e6663acedc847e9a06bb611b285ed50051dd1df25604c35233
                                                                                        • Instruction ID: 6456db795022a0245973773b8ebdbea283bc35c15039fb77f92d73bc42c7d1e8
                                                                                        • Opcode Fuzzy Hash: 35e183c680c9d9e6663acedc847e9a06bb611b285ed50051dd1df25604c35233
                                                                                        • Instruction Fuzzy Hash: B6819072912A234BD728CE3DCE44266BAA2BFC4600F4AC738ED589779CD336DD058785
                                                                                        Function 016AC0D0 Relevance: .2, Instructions: 186COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d3a27be765601d9d032c3765255d91a3e09f9e06584459f9a07c9b0396e01592
                                                                                        • Instruction ID: a84a4842ea7e7cc5b6e11e8eef0736c6cbfc0c4e744e65084c367b3e87c90013
                                                                                        • Opcode Fuzzy Hash: d3a27be765601d9d032c3765255d91a3e09f9e06584459f9a07c9b0396e01592
                                                                                        • Instruction Fuzzy Hash: 07519173E166118B8718CE7ECD8021BBAD7FFC8221B1EC73CE864576CCDA319A068644
                                                                                        Function 016AB4C0 Relevance: .1, Instructions: 142COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7df1779b2fadf6e334c2cc11460a9d4014b885aaa22c2dd699add037b86ef28d
                                                                                        • Instruction ID: 82e4b8444c11f0f1584da8bade773713d286d5d210cbd965828530d9158e934b
                                                                                        • Opcode Fuzzy Hash: 7df1779b2fadf6e334c2cc11460a9d4014b885aaa22c2dd699add037b86ef28d
                                                                                        • Instruction Fuzzy Hash: 7D514976A093118FC314CF29C98451BFBE2FFC8214F5A8A6DE884A7359D671ED05CB82
                                                                                        Function 0171A523 Relevance: .1, Instructions: 136COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ae9bd8c0bcdd8bced28dcaccca08f82816ead3290d4357fa44d72c07625ed05f
                                                                                        • Instruction ID: 3f711c8790c573875145bb37d30d59f3c46b92c7ac8e40ec92e6518aee93c0eb
                                                                                        • Opcode Fuzzy Hash: ae9bd8c0bcdd8bced28dcaccca08f82816ead3290d4357fa44d72c07625ed05f
                                                                                        • Instruction Fuzzy Hash: 3E5158716093518FC348CF6CC98466FF7E2BBC8710F558A2DE98587208E738DA49CB92
                                                                                        Function 016AB1A0 Relevance: .1, Instructions: 121COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a846d91c6ebd470a74b86a5cb3bf71738a33fa9da7d2ce6dde044619a8ed10fb
                                                                                        • Instruction ID: 8d2cbe0163554f9a024ca2348000513c9a83c17624b0975dee107000b4c72d85
                                                                                        • Opcode Fuzzy Hash: a846d91c6ebd470a74b86a5cb3bf71738a33fa9da7d2ce6dde044619a8ed10fb
                                                                                        • Instruction Fuzzy Hash: EB413A726083018BC314DF75C8845ABF7E3FFE8315F0A852DE98457254E772A94ACA52
                                                                                        Function 016AB030 Relevance: .1, Instructions: 121COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: acf8ef67f44c4979eb0d722553b3c5a6ac7e931eef99219df7cc9d676aaa8ab0
                                                                                        • Instruction ID: 26bc1d500a9ef721d52a1fa0a1f56fd6e33ecfff0a6567330c8bdcbf160ada29
                                                                                        • Opcode Fuzzy Hash: acf8ef67f44c4979eb0d722553b3c5a6ac7e931eef99219df7cc9d676aaa8ab0
                                                                                        • Instruction Fuzzy Hash: 40416F726083018FC314DF79C88459BF3E3FFE8316F0A862DE99457254E772A94ACA42
                                                                                        Function 01713520 Relevance: .1, Instructions: 91COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3ee0e9a44078b369aa694afc294660fbdc952f34cf11b4924111a6fe68c6260d
                                                                                        • Instruction ID: 3f412b2f9c4a20b3f78f59f181979fbd9d4f4402fc294c6aff705c0306d188f3
                                                                                        • Opcode Fuzzy Hash: 3ee0e9a44078b369aa694afc294660fbdc952f34cf11b4924111a6fe68c6260d
                                                                                        • Instruction Fuzzy Hash: 253108716293128F8304CF7DC98081AFBE5BBD8624F298A7EF4A5C7294DA31D9458B46
                                                                                        Function 016DD000 Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b298ac5a80cb161cc544f437d3e124d2c001cdf748d312386ae6f48bff8cf710
                                                                                        • Instruction ID: b3eb96a6e2f04f126ddbe427c4efc1a42e01b39bcb14299558177116b9e2898c
                                                                                        • Opcode Fuzzy Hash: b298ac5a80cb161cc544f437d3e124d2c001cdf748d312386ae6f48bff8cf710
                                                                                        • Instruction Fuzzy Hash: F811E273B166118B9318DE39DD1425BBBD6EBC8760F2BCA2EE4D1D219CEF3088158781
                                                                                        Function 00419920 Relevance: 88.0, APIs: 45, Strings: 5, Instructions: 463COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1696 419920-419a21 call 415f80 call 4078e0 call 412680 call 418b20 call 418b80 call 418b70 call 416900 FillRect 1712 419a27-419df6 ?GetHeight@CxImage@@QBEKXZ ?GetWidth@CxImage@@QBEKXZ call 416900 ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z call 415fd0 ?GetHeight@CxImage@@QBEKXZ ?GetWidth@CxImage@@QBEKXZ ?GetHeight@CxImage@@QBEKXZ call 416900 ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z ?GetHeight@CxImage@@QBEKXZ ?GetWidth@CxImage@@QBEKXZ ?GetHeight@CxImage@@QBEKXZ call 416900 ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z ?GetHeight@CxImage@@QBEKXZ call 415fb0 ?GetWidth@CxImage@@QBEKXZ * 2 call 416900 ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z ?GetHeight@CxImage@@QBEKXZ call 415fb0 ?GetWidth@CxImage@@QBEKXZ ?GetHeight@CxImage@@QBEKXZ ?GetWidth@CxImage@@QBEKXZ call 416900 ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z ?GetHeight@CxImage@@QBEKXZ ?GetWidth@CxImage@@QBEKXZ * 2 call 416900 ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z call 415fd0 ?GetHeight@CxImage@@QBEKXZ ?GetWidth@CxImage@@QBEKXZ ?GetHeight@CxImage@@QBEKXZ ?GetWidth@CxImage@@QBEKXZ call 416900 ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z ?GetHeight@CxImage@@QBEKXZ ?GetWidth@CxImage@@QBEKXZ ?GetHeight@CxImage@@QBEKXZ ?GetWidth@CxImage@@QBEKXZ call 416900 ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z 1696->1712 1713 419dfe-419ffc call 416900 SetBkMode call 416900 GetTextColor call 416900 SetTextColor memset call 4171e0 call 417240 call 417230 call 416900 SelectObject memset * 2 1696->1713 1712->1713 1743 41a007-41a00b 1713->1743 1745 41a057-41a0b6 call 416900 SelectObject call 417200 call 418b40 call 412790 1743->1745 1746 41a00d-41a055 wcslen call 416900 DrawTextW 1743->1746 1766 41a0b8 call 523722 1745->1766 1746->1743 1767 41a0bd-41a0c0 1766->1767
                                                                                        APIs
                                                                                          • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                                          • Part of subcall function 00418B80: CreateSolidBrush.GDI32(D8A7CFFC), ref: 00418B8B
                                                                                        • FillRect.USER32(00000000,?,00000000), ref: 004199CF
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000), ref: 00419A41
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000), ref: 00419A5D
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419A8A
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419AA9
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419ABD
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419AD9
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419AFB
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419B10
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00419B22
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00419B34
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00419B58
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419B7A
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00419B96
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00419BB8
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 00419BE3
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00419BF8
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00419C14
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00419C28
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00419C3F
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00419C5D
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419C7F
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00419C9E
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00419CC1
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?), ref: 00419CEE
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00419D0D
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00419D21
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 00419D40
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00419D55
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00419D75
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000), ref: 00419D8A
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000), ref: 00419D9C
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 00419DAE
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00419DC5
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00419DE5
                                                                                        • SetBkMode.GDI32(00000000,00000001), ref: 00419E09
                                                                                        • GetTextColor.GDI32(00000000), ref: 00419E18
                                                                                        • SetTextColor.GDI32(00000000,0096681D), ref: 00419E2C
                                                                                        • memset.MSVCR80 ref: 00419ED8
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00419F18
                                                                                        • memset.MSVCR80 ref: 00419F6A
                                                                                        • memset.MSVCR80 ref: 00419FB1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Image@@$Height@Width@$C__@@Draw@T@@_Utag$memset$ColorRectText$BrushClientCreateFillModeObjectSelectSolid
                                                                                        • String ID: %$Border$Clip Line$F$Tahoma
                                                                                        • API String ID: 2569125150-2632024743
                                                                                        • Opcode ID: fbd3d37cbcfb4a5d345145a4449552b179033964231fac46975376ef3b4c5788
                                                                                        • Instruction ID: 6acad93585106d0d29ca26f9a2d8656a706cc7dc15e340c93166a7cfeebd7e9c
                                                                                        • Opcode Fuzzy Hash: fbd3d37cbcfb4a5d345145a4449552b179033964231fac46975376ef3b4c5788
                                                                                        • Instruction Fuzzy Hash: 5F226E709041199FEF18EB68CCA9BEEB7B8FF54304F1441ADE10AA7291DB742A85CF54
                                                                                        Function 00512040 Relevance: 67.0, APIs: 29, Strings: 9, Instructions: 499memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 2873 512040-5123b0 call 416740 call 454c40 call 416740 * 3 call 4cb0f0 call 514880 * 2 call 5149f0 call 4487e0 call 4cb5f0 call 40ee30 call 406880 call 4068a0 CreateDirectoryW call 40ea00 call 416740 call 4167e0 call 4cc140 call 4068a0 CreateDirectoryW call 40ee30 * 2 call 4068a0 CreateDirectoryW call 406880 * 2 call 40ee30 * 2 call 4068a0 CreateDirectoryW call 406880 * 2 ??0CxImage@@QAE@K@Z ?SetFrame@CxImage@@QAEXJ@Z ?SetRetreiveAllFrames@CxImage@@QAEX_N@Z call 4068a0 ?Load@CxImage@@QAE_NPB_WK@Z 2934 5123f0-51247b ?GetNumFrames@CxImage@@QBEJXZ call 40ee30 * 2 call 406880 ?GetNumFrames@CxImage@@QBEJXZ 2873->2934 2935 5123b2-5123eb call 4cc140 call 4166c0 call 406880 * 2 2873->2935 2948 512481-5124c5 call 5234dc 2934->2948 2949 512579-5125a5 call 4a7f40 call 514480 2934->2949 2956 512885-5128aa call 523722 2935->2956 2958 5124d6-5124e2 2948->2958 2960 5125aa-51262f ?GetHeight@CxImage@@QBEKXZ ?GetWidth@CxImage@@QBEKXZ call 4a80f0 ?IncreaseBpp@CxImage@@QAE_NK@Z ?Resample@CxImage@@QAE_NJJHPAV1@@Z call 4068a0 ?Save@CxImage@@QAE_NPB_WK@Z 2949->2960 2961 512577 2958->2961 2962 5124e8-512528 ?SetFrame@CxImage@@QAEXJ@Z call 4068a0 ?Load@CxImage@@QAE_NPB_WK@Z ?GetFrameDelay@CxImage@@QBEKXZ 2958->2962 2974 512631-51264b 2960->2974 2975 51264d 2960->2975 2961->2960 2969 512539-512572 call 514480 2962->2969 2970 51252a-512536 call 4a7f40 2962->2970 2969->2958 2970->2969 2978 512657-51281c call 40ee30 * 2 call 406880 call 4068a0 call 46bd70 call 46bdd0 strcpy call 46bda0 _snprintf call 4068a0 CreateFileW strlen WriteFile CloseHandle call 406880 call 416720 call 4a8520 call 4cc140 call 40ee30 call 4cb300 call 50dc80 call 406880 2974->2978 2975->2978 3013 51283e-512880 call 512c50 call 406880 call 4166c0 call 406880 * 2 2978->3013 3014 51281e-512839 call 4cb300 call 50f480 2978->3014 3013->2956 3014->3013
                                                                                        APIs
                                                                                          • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                          • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                                          • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                                          • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                                          • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                                          • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                                          • Part of subcall function 004CB5F0: SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004CB626
                                                                                          • Part of subcall function 004CB5F0: _wmkdir.MSVCR80 ref: 004CB633
                                                                                          • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                          • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                        • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,?,00000001,\ManyCam,00000000,00569E94,?,00569E90,?,00569E8C,?,00000000,00000000), ref: 0051221A
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0051222B
                                                                                          • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 00512251
                                                                                          • Part of subcall function 004167E0: _DebugHeapAllocator.LIBCPMTD ref: 004167EE
                                                                                          • Part of subcall function 004CC140: wcscpy_s.MSVCR80 ref: 004CC168
                                                                                          • Part of subcall function 004CC140: SHFileOperationW.SHELL32(00000000), ref: 004CC1BD
                                                                                        • CreateDirectoryW.KERNEL32(00000000,00000000,?,?,NewEffect,00569EAC,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,D8A7CFFC), ref: 00512270
                                                                                        • CreateDirectoryW.KERNEL32(00000000,?,?,?,?,00569ED4,640x480,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002), ref: 005122D0
                                                                                        • CreateDirectoryW.KERNEL32(00000000,?,?,?,?,00569EE8,352x288,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002), ref: 0051234A
                                                                                        • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,D8A7CFFC), ref: 00512372
                                                                                        • ?SetFrame@CxImage@@QAEXJ@Z.CXIMAGECRT(00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,D8A7CFFC), ref: 00512383
                                                                                        • ?SetRetreiveAllFrames@CxImage@@QAEX_N@Z.CXIMAGECRT(00000001,00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,D8A7CFFC), ref: 00512390
                                                                                        • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,00000001,00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,D8A7CFFC), ref: 005123A6
                                                                                        • ~_Mpunct.LIBCPMTD ref: 005123C8
                                                                                          • Part of subcall function 004166C0: ?DestroyFrames@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166D3
                                                                                          • Part of subcall function 004166C0: ?Destroy@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166DB
                                                                                        • ?GetNumFrames@CxImage@@QBEJXZ.CXIMAGECRT(00000000,00000000,00000001,00000000,00000000,?,00569E90,?,00569E8C,?,00000000,00000000,00000002,D8A7CFFC), ref: 005123F6
                                                                                        • ?GetNumFrames@CxImage@@QBEJXZ.CXIMAGECRT(?,?,?,?,00569F04,preview.jpg,00000000,00000000,00000001,00000000,00000000,?,00569E90,?,00569E8C), ref: 00512474
                                                                                        • ?SetFrame@CxImage@@QAEXJ@Z.CXIMAGECRT(00000000,00000000,00000002,D8A7CFFC), ref: 005124F5
                                                                                        • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,00000000,00000000,00000002,D8A7CFFC), ref: 0051250B
                                                                                        • ?GetFrameDelay@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000002,D8A7CFFC), ref: 00512516
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000,00000000,00000001,00000000,00000000), ref: 005125AD
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000,00000000,00000001,00000000), ref: 005125B6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Image@@$AllocatorDebugHeap$CreateDirectoryFrames@$Frame@Load@$Delay@DestroyDestroy@FileFolderFrameHeight@MpunctOperationPathRetreiveSpecialWidth@_wmkdirwcscpy_s
                                                                                        • String ID: .mce$352x288$640x480$InternalProperties$NewEffect$\ManyCam$blocked=0type_id=%dcategory_name=%screator_info=preview=%s$preview.jpg$preview.jpg
                                                                                        • API String ID: 2719232945-3254136489
                                                                                        • Opcode ID: edb56aa18bfe84e8b2a6fcb1c4672e86fafff6400bd075d5d8bb305b2034b014
                                                                                        • Instruction ID: 9b3459efdfe137e0bd21340dd663e66a4f958181f4942486322fc66185ab85f6
                                                                                        • Opcode Fuzzy Hash: edb56aa18bfe84e8b2a6fcb1c4672e86fafff6400bd075d5d8bb305b2034b014
                                                                                        • Instruction Fuzzy Hash: D43219B19002599BDB24EB65CC95BEEBBB8BF44304F0041EDE509A7282DB746F84CF95
                                                                                        Function 00409060 Relevance: 54.7, APIs: 22, Strings: 9, Instructions: 435COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                                          • Part of subcall function 00418B80: CreateSolidBrush.GDI32(D8A7CFFC), ref: 00418B8B
                                                                                        • FillRect.USER32(00000000,?,00000000), ref: 0040910F
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000), ref: 00409152
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040917C
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409191
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004091BC
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004091DB
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(000000E8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409212
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409231
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0040924D
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000006,?,000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00409269
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,-00000006,00000006,?,000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000,00000000,00000000,00000000), ref: 00409287
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(000000E8,00000000,00000000,00000000,-00000006,00000006,?,000000E8,00000000,00000000,00000000,00000006,00000006,00000000,000000E8,00000000), ref: 004092A3
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,00000006,00000000,000000E8,00000000,00000000,00000000,-00000006,00000006,?,000000E8,00000000,00000000,00000000,00000006), ref: 004092C4
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,005952B0,00000000,00000000,00000000,?,00000006,00000000,000000E8,00000000,00000000,00000000,-00000006,00000006,?,000000E8), ref: 004092E7
                                                                                        • memset.MSVCR80 ref: 00409647
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 00409676
                                                                                        • SetTextColor.GDI32(00000000,00945121), ref: 0040968D
                                                                                          • Part of subcall function 00415F90: CopyRect.USER32(?,004093A8), ref: 00415F9F
                                                                                        • DrawTextW.USER32(00000000,00000000,00000000,00000018,00000020), ref: 004096E4
                                                                                        • SelectObject.GDI32(00000000,?), ref: 004096F9
                                                                                        • GetWindowRect.USER32(00000000,?), ref: 0040971D
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,000000FF,000000FF,00000000,00000000,?), ref: 0040974D
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@_N@Z.CXIMAGECRT(00000000,?,?,000000FF,000000FF,00000000,00000000,?), ref: 00409770
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Image@@$C__@@Draw@Utag$T@@_$Width@$Rect$Height@$ObjectSelectText$BrushClientColorCopyCreateDrawFillSolidU3@_Windowmemset
                                                                                        • String ID: ,$Category:$Created by:$Name:$Select Resource File:$Tahoma$Type:$]$k
                                                                                        • API String ID: 333958392-4118964679
                                                                                        • Opcode ID: 57c0907e371b0e5315c579a3b0ab3a5d9bb1bc661649efe18dc397683e395b28
                                                                                        • Instruction ID: c7ad2873c58e454c86f9403bdf801017c004aeaca137986ed775093af6690a25
                                                                                        • Opcode Fuzzy Hash: 57c0907e371b0e5315c579a3b0ab3a5d9bb1bc661649efe18dc397683e395b28
                                                                                        • Instruction Fuzzy Hash: 1712F970900258DFEB24EB64CC59BEEBB74AF55308F1081E9E10A7B291DB746E88CF55
                                                                                        Function 004DFB90 Relevance: 53.0, APIs: 17, Strings: 13, Instructions: 467memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004DFBF8
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004DFCA8
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004DFD09
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004DFD20
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004DFD4C
                                                                                        • ??2@YAPAXI@Z.MSVCR80(00000730,Objects,?,00000000,?,00000001,mce;png;gif;bmp;jpg,00000000,00000000,Avatars,Objects,?,Objects,00000000,?,?), ref: 004DFDA6
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004DFDDA
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$??2@
                                                                                        • String ID: Avatars$Avatars$Backgrounds$Backgrounds$Backgrounds$Face accessories$Face accessories$Face accessories$Objects$Objects$Objects$Text over video$mce;png;gif;bmp;jpg
                                                                                        • API String ID: 1120120259-206835408
                                                                                        • Opcode ID: d03f7ad0f4026a635888b16adfd0c88c78ab99df69ea574cede163314c466ec1
                                                                                        • Instruction ID: 863c393ab99b281b1a89dc60ed5188a45fcf53b181839f16f77b3e1b5f5f418e
                                                                                        • Opcode Fuzzy Hash: d03f7ad0f4026a635888b16adfd0c88c78ab99df69ea574cede163314c466ec1
                                                                                        • Instruction Fuzzy Hash: B5222BB0D023589ADB64DB69CD45BDEBBB5AB49304F0041DEE009B7282DB745F84CF96
                                                                                        Function 016C8430 Relevance: 52.9, APIs: 23, Strings: 7, Instructions: 419COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvMakeSeqHeaderForArray.CXCORE099(00000000,00000038,?,?,?,?,?), ref: 016C84ED
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016C84F9
                                                                                        • cvError.CXCORE099(000000FF,cvSeqInsertSlice,Inner function failed.,.\cxdatastructs.cpp,000007E4), ref: 016C8518
                                                                                        • cvError.CXCORE099(FFFFFF2F,cvSeqInsertSlice,Sizes of source and destination sequences' elements are different,.\cxdatastructs.cpp,000007E9), ref: 016C854F
                                                                                        • cvError.CXCORE099(FFFFFF2D,cvSeqInsertSlice,0174124F,.\cxdatastructs.cpp,000007F5), ref: 016C85B7
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvSeqPushMulti.CXCORE099(?,00000000,?,00000001), ref: 016C85DC
                                                                                        • cvStartReadSeq.CXCORE099(?,?,00000000,?,00000000,?,00000001), ref: 016C85E9
                                                                                        • cvStartReadSeq.CXCORE099(?,?,00000000,?,?,00000000,?,00000000,?,00000001), ref: 016C85F6
                                                                                        • cvSetSeqReaderPos.CXCORE099(?,?,00000000,?,?,00000000,?,?,00000000,?,00000000,?,00000001), ref: 016C8607
                                                                                        • cvChangeSeqBlock.CXCORE099(?,00000001), ref: 016C8690
                                                                                        • cvChangeSeqBlock.CXCORE099(?,00000001), ref: 016C86AF
                                                                                        • cvStartReadSeq.CXCORE099(?,?,00000000), ref: 016C87DB
                                                                                        • cvSetSeqReaderPos.CXCORE099(?,?,00000000,?,?,00000000), ref: 016C87E8
                                                                                        • cvError.CXCORE099(000000FB,cvSeqInsertSlice,The source array must be 1d coninuous vector,.\cxdatastructs.cpp,000007DF), ref: 016C88D7
                                                                                        • cvError.CXCORE099(000000FB,cvSeqInsertSlice,Source is not a sequence nor matrix,.\cxdatastructs.cpp,000007DC), ref: 016C88FF
                                                                                        • cvError.CXCORE099(000000FB,cvSeqInsertSlice,Invalid destination sequence header,.\cxdatastructs.cpp,000007D6), ref: 016C8927
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$ReadStart$BlockChangeReaderStatus$ArrayHeaderMakeMultiPush
                                                                                        • String ID: .\cxdatastructs.cpp$Inner function failed.$Invalid destination sequence header$Sizes of source and destination sequences' elements are different$Source is not a sequence nor matrix$The source array must be 1d coninuous vector$cvSeqInsertSlice
                                                                                        • API String ID: 2355013540-3609423843
                                                                                        • Opcode ID: c0db26740591fd530e58f5686c60f296bd24dc75da81383601e39642b127a089
                                                                                        • Instruction ID: 5dbce31da8cbf0e12923bb5bc24b608cde760448bc7262edba076989f84c56ff
                                                                                        • Opcode Fuzzy Hash: c0db26740591fd530e58f5686c60f296bd24dc75da81383601e39642b127a089
                                                                                        • Instruction Fuzzy Hash: 90D11972A083019BD620DE29DC81B7FB7AAEFD4F10F09052DFA5157386D7B1E90587A2
                                                                                        Function 016C0370 Relevance: 49.5, APIs: 14, Strings: 14, Instructions: 483COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,cvMixChannels,The input array of arrays is NULL,.\cxconvert.cpp,000002F3), ref: 016C0430
                                                                                        • cvErrorFromIppStatus.CXCORE099(00000000,cvMixChannels,OpenCV function failed,.\cxconvert.cpp,0000037C), ref: 016C097C
                                                                                        • cvError.CXCORE099(000000E5,cvMixChannels,The output array of arrays is NULL,.\cxconvert.cpp,000002F6), ref: 016C0457
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvError.CXCORE099(000000E5,cvMixChannels,The array of copied channel indices is NULL,.\cxconvert.cpp,000002FD), ref: 016C0495
                                                                                        • cvError.CXCORE099(FFFFFF2E,cvMixChannels,The data type is not supported by the function,.\cxconvert.cpp,00000379), ref: 016C07F9
                                                                                        • cvFree_.CXCORE099(?), ref: 016C080F
                                                                                        • sprintf.MSVCR80 ref: 016C0911
                                                                                        • cvError.CXCORE099(FFFFFF2D,cvMixChannels,?,.\cxconvert.cpp,00000361), ref: 016C092F
                                                                                        • cvError.CXCORE099(FFFFFF2D,cvMixChannels,The number of output arrays and the number of copied channels must be positive,.\cxconvert.cpp,000002FA), ref: 016C09A3
                                                                                          • Part of subcall function 016D6DF0: malloc.MSVCR80 ref: 016D6E17
                                                                                          • Part of subcall function 016D6DF0: exit.MSVCR80 ref: 016D6E9B
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status$Free_Fromexitmallocsprintf
                                                                                        • String ID: .\cxconvert.cpp$All the arrays must have the same bit depth$All the arrays must have the same size$Inner function failed.$OpenCV function failed$The array of copied channel indices is NULL$The data type is not supported by the function$The input array of arrays is NULL$The number of output arrays and the number of copied channels must be positive$The output array of arrays is NULL$channel index #%d in the array of pairs is negative or exceeds the total number of channels in all the %s arrays$cvMixChannels$input$output
                                                                                        • API String ID: 1748436998-3821610722
                                                                                        • Opcode ID: 7e8d1aede1e992d2a79df4430b85ac773a17874ef7a38789c692fd08a4d1c93e
                                                                                        • Instruction ID: e19e65de3aac09e864d1057dc37e1c4dbfb71a939213ddda29ae94ed1788cd28
                                                                                        • Opcode Fuzzy Hash: 7e8d1aede1e992d2a79df4430b85ac773a17874ef7a38789c692fd08a4d1c93e
                                                                                        • Instruction Fuzzy Hash: 641247B5E0020ADFCF24CF99D890AAEB7B5FB58714F25812EE515A7342D770A941CF90
                                                                                        Function 01726060 Relevance: 49.3, APIs: 19, Strings: 9, Instructions: 269COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvGetFileNodeByName.CXCORE099(?,?,sizes), ref: 01726087
                                                                                          • Part of subcall function 01722FC0: cvError.CXCORE099(000000E5,cvGetFileNodeByName,Null element name,.\cxpersistence.cpp,0000023E), ref: 0172300D
                                                                                        • cvGetErrStatus.CXCORE099 ref: 01726091
                                                                                          • Part of subcall function 016D6D60: malloc.MSVCR80 ref: 016D6D6E
                                                                                        • cvGetFileNodeByName.CXCORE099(?,?,0175CBB8), ref: 017260BC
                                                                                        • __alloca_probe_16.LIBCMT ref: 01726129
                                                                                        • cvReadRawData.CXCORE099(?,00000000,?,0175CBFC), ref: 01726138
                                                                                        • cvGetErrStatus.CXCORE099 ref: 01726140
                                                                                        • cvError.CXCORE099(000000FE,icvReadSparseMat,Some of essential matrix attributes are absent,.\cxpersistence.cpp,00000ED4), ref: 01726399
                                                                                          • Part of subcall function 01725320: cvGetErrStatus.CXCORE099(?,?,00000000), ref: 01725340
                                                                                          • Part of subcall function 01725320: cvError.CXCORE099(00000000,icvDecodeSimpleFormat,Inner function failed.,.\cxpersistence.cpp,00000BD7,?,?,00000000), ref: 0172535E
                                                                                        • cvGetErrStatus.CXCORE099 ref: 0172615D
                                                                                        • cvGetFileNodeByName.CXCORE099(?,?,data), ref: 0172617A
                                                                                        • cvCreateSparseMat.CXCORE099(?,?,00000000), ref: 017261A0
                                                                                        • cvGetErrStatus.CXCORE099 ref: 017261AB
                                                                                        • __alloca_probe_16.LIBCMT ref: 017261D1
                                                                                        • cvStartReadRawData.CXCORE099(?,00000000,?), ref: 017261E7
                                                                                          • Part of subcall function 017253C0: cvStartReadSeq.CXCORE099(?,?,00000000), ref: 0172540F
                                                                                          • Part of subcall function 017253C0: cvGetErrStatus.CXCORE099 ref: 01725417
                                                                                          • Part of subcall function 017253C0: cvError.CXCORE099(000000FF,cvStartReadRawData,Inner function failed.,.\cxpersistence.cpp,00000C61), ref: 0172543A
                                                                                        • cvChangeSeqBlock.CXCORE099(?,00000001), ref: 0172625D
                                                                                        • cvChangeSeqBlock.CXCORE099(?,00000001), ref: 017262A7
                                                                                        • cvPtrND.CXCORE099(?,?,00000000,00000001,00000000), ref: 017262BA
                                                                                        • cvGetErrStatus.CXCORE099 ref: 017262C4
                                                                                        • cvReadRawDataSlice.CXCORE099(?,?,?,00000000,?), ref: 017262DE
                                                                                        • cvGetErrStatus.CXCORE099 ref: 017262E6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Status$ErrorRead$DataFileNameNode$BlockChangeStart__alloca_probe_16$CreateSliceSparsemalloc
                                                                                        • String ID: .\cxpersistence.cpp$Could not determine sparse matrix dimensionality$Inner function failed.$Some of essential matrix attributes are absent$Sparse matrix data is corrupted$The matrix data is not found in file storage$data$icvReadSparseMat$sizes
                                                                                        • API String ID: 3906617704-2829007588
                                                                                        • Opcode ID: 7e45fd326c7a49843ecd100fecbffe068012a75ab871a438e2fb242868e2cba8
                                                                                        • Instruction ID: 5bcf2ca9da4401336ad66922b729285fde213a594cf03a6cb39886146125c21f
                                                                                        • Opcode Fuzzy Hash: 7e45fd326c7a49843ecd100fecbffe068012a75ab871a438e2fb242868e2cba8
                                                                                        • Instruction Fuzzy Hash: C191FCB1E4032AABDF10DB94DC91FAEF7B9EB04710F14455AFD05BB282D3B4A9428791
                                                                                        Function 0169F110 Relevance: 44.1, APIs: 12, Strings: 13, Instructions: 370COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,cvInitArrayOp,Iterator pointer is NULL,.\cxarray.cpp,000001F3,?,?,?,?,00000000,?,?,00000000), ref: 0169F16C
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvError.CXCORE099(FFFFFF33,cvInitArrayOp,Depth is not the same for all arrays,.\cxarray.cpp,00000224), ref: 0169F271
                                                                                        • cvError.CXCORE099(FFFFFF2D,cvInitArrayOp,Incorrect number of arrays,.\cxarray.cpp,000001ED,?,?,?,?,00000000,?,?,00000000), ref: 0169F597
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status
                                                                                        • String ID: .\cxarray.cpp$COI set is not allowed here$Data type is not the same for all arrays$Depth is not the same for all arrays$Dimension sizes are the same for all arrays$Incorrect number of arrays$Inner function failed.$Iterator pointer is NULL$Mask should have 8uC1 or 8sC1 data type$Number of channels is not the same for all arrays$Number of dimensions is the same for all arrays$Some of required array pointers is NULL$cvInitArrayOp
                                                                                        • API String ID: 483703942-3861063226
                                                                                        • Opcode ID: 7037f40d48ab7a6a0b6f78505369971dce9f010fe0a2590bbbe65853b0304699
                                                                                        • Instruction ID: 24469f089475fcda7f3e36daac93e75cca77433f744a7cd9b9c4b13846d8b448
                                                                                        • Opcode Fuzzy Hash: 7037f40d48ab7a6a0b6f78505369971dce9f010fe0a2590bbbe65853b0304699
                                                                                        • Instruction Fuzzy Hash: 9DC186B27443029BCF00EE1DDC91A6ABBD5FBC0664F8506ADF905D7382D370E5458B92
                                                                                        Function 0172A470 Relevance: 44.0, APIs: 13, Strings: 12, Instructions: 259COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 01723F40: fgets.MSVCR80 ref: 0172403F
                                                                                          • Part of subcall function 01723F40: feof.MSVCR80 ref: 0172406C
                                                                                        • cvGetErrStatus.CXCORE099(00000000), ref: 0172A4B7
                                                                                          • Part of subcall function 016D6D60: malloc.MSVCR80 ref: 016D6D6E
                                                                                        • cvError.CXCORE099(000000FF,icvXMLParse,Inner function failed.,.\cxpersistence.cpp,00000867,00000000), ref: 0172A4D6
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • sprintf.MSVCR80 ref: 0172A595
                                                                                        • cvError.CXCORE099(FFFFFF2C,icvXMLParse,?,.\cxpersistence.cpp,0000086A), ref: 0172A5B4
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorStatus$feoffgetsmallocsprintf
                                                                                        • String ID: %s(%d): %s$.\cxpersistence.cpp$</opencv_storage> tag is missing$<?xml$<opencv_storage> tag is missing$ASCII$Inner function failed.$Unsupported encoding$Valid XML should start with '<?xml ...?>'$encoding$icvXMLParse$opencv_storage
                                                                                        • API String ID: 1750464417-4093695646
                                                                                        • Opcode ID: 885ca482a51380b12b36fdb41fc5ad1c78a26e0ca323661e3d5d1a6cdc24a078
                                                                                        • Instruction ID: f740484544bdb4ee01af6f2e463acb7a51cdf567de9aa225f361020060a21bfb
                                                                                        • Opcode Fuzzy Hash: 885ca482a51380b12b36fdb41fc5ad1c78a26e0ca323661e3d5d1a6cdc24a078
                                                                                        • Instruction Fuzzy Hash: FD81AFB2E043211FD721DA39CC44B3BF7E9EBD0200F48466DFA42A7685FA70D9468396
                                                                                        Function 0172B440 Relevance: 43.9, APIs: 17, Strings: 8, Instructions: 139COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvStartWriteStruct.CXCORE099(?,?,00000006,opencv-nd-matrix,00000000,00000000), ref: 0172B47D
                                                                                          • Part of subcall function 01724C10: cvError.CXCORE099(000000FE,cvStartWriteStruct,The file storage is opened for reading,.\cxpersistence.cpp,00000B08), ref: 01724C3C
                                                                                        • cvGetErrStatus.CXCORE099 ref: 0172B485
                                                                                          • Part of subcall function 016D6D60: malloc.MSVCR80 ref: 016D6D6E
                                                                                        • cvGetDims.CXCORE099(?,?), ref: 0172B4A6
                                                                                        • cvStartWriteStruct.CXCORE099(?,sizes,0000000D,00000000,00000000,00000000,?,?), ref: 0172B4BC
                                                                                        • cvWriteRawData.CXCORE099(?,?,00000000,0175CBFC,?,sizes,0000000D,00000000,00000000,00000000,?,?), ref: 0172B4D0
                                                                                        • cvEndWriteStruct.CXCORE099(?,?,?,00000000,0175CBFC,?,sizes,0000000D,00000000,00000000,00000000,?,?), ref: 0172B4D6
                                                                                        • cvGetElemType.CXCORE099(?,?,?,?,00000000,0175CBFC,?,sizes,0000000D,00000000,00000000,00000000,?,?), ref: 0172B4E0
                                                                                        • sprintf.MSVCR80 ref: 0172B509
                                                                                        • cvWriteString.CXCORE099(?,0175CBB8,?,00000000), ref: 0172B540
                                                                                        • cvStartWriteStruct.CXCORE099(?,data,0000000D,00000000,00000000,00000000,?,0175CBB8,?,00000000), ref: 0172B554
                                                                                        • cvInitNArrayIterator.CXCORE099(00000001,?,00000000,?,?,00000000,?,data,0000000D,00000000,00000000,00000000,?,0175CBB8,?,00000000), ref: 0172B571
                                                                                        • cvGetErrStatus.CXCORE099 ref: 0172B579
                                                                                        • cvError.CXCORE099(000000FF,icvWriteMatND,Inner function failed.,.\cxpersistence.cpp,00000E15), ref: 0172B598
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Write$Struct$Start$ErrorStatus$ArrayDataDimsElemInitIteratorStringTypemallocsprintf
                                                                                        • String ID: %d%c$.\cxpersistence.cpp$1$Inner function failed.$data$icvWriteMatND$opencv-nd-matrix$sizes
                                                                                        • API String ID: 28600999-2589282724
                                                                                        • Opcode ID: 82f4fda42105391eb600e7e84a219f74f8f1099c3341ac19bfda5660585507dd
                                                                                        • Instruction ID: 00370ba7c613ebb661b0bfdee7bc24ce2ee3069aa88e027baf4032510b76824d
                                                                                        • Opcode Fuzzy Hash: 82f4fda42105391eb600e7e84a219f74f8f1099c3341ac19bfda5660585507dd
                                                                                        • Instruction Fuzzy Hash: 394102B26083113BE765E764DC1AFBFB3ED9F94600F04481DF80997181EAB4A94287A7
                                                                                        Function 0172A080 Relevance: 42.3, APIs: 13, Strings: 11, Instructions: 299COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • isalnum.MSVCR80 ref: 0172A0DA
                                                                                        • isalpha.MSVCR80 ref: 0172A155
                                                                                        • isalnum.MSVCR80 ref: 0172A17A
                                                                                        • cvGetHashedKey.CXCORE099(?,?,?,00000001,?,?,?,?,?,0172A5DB,?,?,?,?,?,00000000), ref: 0172A19A
                                                                                        • cvGetErrStatus.CXCORE099(?,?,?,?,?,?,?,?,?,0172A5DB,?,?,?,?,?,00000000), ref: 0172A1A8
                                                                                        • cvGetErrStatus.CXCORE099 ref: 0172A260
                                                                                        • cvGetErrStatus.CXCORE099 ref: 0172A297
                                                                                          • Part of subcall function 01722D40: sprintf.MSVCR80 ref: 01722D6E
                                                                                          • Part of subcall function 01722D40: cvError.CXCORE099(FFFFFF2C,icvYMLSkipSpaces,?,.\cxpersistence.cpp,?), ref: 01722D88
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Status$isalnum$ErrorHashedisalphasprintf
                                                                                        • String ID: .\cxpersistence.cpp$Attribute name should be followed by '='$Attribute value should be put into single or double quotes$Closing tag should not contain any attributes$Inner function failed.$Invalid closing tag for <?xml ...$Name should start with a letter or underscore$Tag should start with '<'$There should be space between attributes$Unknown tag type$icvXMLParseTag
                                                                                        • API String ID: 2689614709-3535608320
                                                                                        • Opcode ID: 73201d9cccd921410fa238d81c4f34ef3eb2e521619a6d7c158bd02d0f4ac465
                                                                                        • Instruction ID: d40ce795e73dc18313e29c52c06bfaa027550bd87a395e3869a07923aef83fa7
                                                                                        • Opcode Fuzzy Hash: 73201d9cccd921410fa238d81c4f34ef3eb2e521619a6d7c158bd02d0f4ac465
                                                                                        • Instruction Fuzzy Hash: B5A135B0A483659BE7219E1CDC0472BFBE5AB85300F44486DFA859B743E3B5D5878B83
                                                                                        Function 016BF170 Relevance: 40.7, APIs: 19, Strings: 4, Instructions: 489COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvGetMat.CXCORE099(?,?,?,00000000), ref: 016BF1F9
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016BF203
                                                                                        • cvError.CXCORE099(000000FF,cvConvertScale,Inner function failed.,.\cxconvert.cpp,000005FE,?,?,?,00000000), ref: 016BF222
                                                                                        • cvError.CXCORE099(000000E8,cvConvertScale,0174124F,.\cxconvert.cpp,00000601), ref: 016BF24D
                                                                                        • cvGetMat.CXCORE099 ref: 016BF2AB
                                                                                        • cvGetErrStatus.CXCORE099(?,?,?,00000000), ref: 016BF2B5
                                                                                        • cvInitNArrayIterator.CXCORE099(00000002,?,00000000,?,?,00000001), ref: 016BF30B
                                                                                        • cvGetErrStatus.CXCORE099(?,?,?,?,?,?,?,?,?,00000000), ref: 016BF313
                                                                                        • cvError.CXCORE099(FFFFFF2E,cvConvertScale,0174124F,.\cxconvert.cpp,0000061D), ref: 016BF3A5
                                                                                        • cvNextNArraySlice.CXCORE099(?), ref: 016BF3DA
                                                                                        • cvErrorFromIppStatus.CXCORE099(00000000,cvConvertScale,OpenCV function failed,.\cxconvert.cpp,00000632,?,?,?,?,?,?,?,?,?,?,?), ref: 016BF405
                                                                                        • cvError.CXCORE099(00000000,00000632,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 016BF40E
                                                                                        • cvError.CXCORE099(FFFFFF2E,cvConvertScale,0174124F,.\cxconvert.cpp,0000062C), ref: 016BF441
                                                                                        • cvNextNArraySlice.CXCORE099(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 016BF486
                                                                                        • cvCopy.CXCORE099(00000000,00000000,00000000), ref: 016BF4C0
                                                                                          • Part of subcall function 016C2910: memcpy.MSVCR80(?,?,?,00000000,?), ref: 016C2997
                                                                                          • Part of subcall function 016C2910: cvClearSet.CXCORE099(00000000,?,?,?,00000000,?), ref: 016C29AC
                                                                                          • Part of subcall function 016C2910: cvFree_.CXCORE099(00000000,00000000,?), ref: 016C29C6
                                                                                          • Part of subcall function 016C2910: cvGetErrStatus.CXCORE099(?,00000000,?), ref: 016C29D1
                                                                                          • Part of subcall function 016C2910: cvError.CXCORE099(000000FF,cvCopy,Inner function failed.,.\cxcopy.cpp,00000140,?,?,00000000,?), ref: 016C29F0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status$Array$NextSlice$ClearCopyFree_FromInitIteratormemcpy
                                                                                        • String ID: .\cxconvert.cpp$Inner function failed.$OpenCV function failed$cvConvertScale
                                                                                        • API String ID: 1556764228-701151955
                                                                                        • Opcode ID: 7fee02214d4038eea5aae127d402cf582adb099dcc7148ad1c2dccae2b95cb90
                                                                                        • Instruction ID: 7f963e5ce3807570b45617f5b3ddfe8a64c1d3c0e0c545f390c46920bbe16906
                                                                                        • Opcode Fuzzy Hash: 7fee02214d4038eea5aae127d402cf582adb099dcc7148ad1c2dccae2b95cb90
                                                                                        • Instruction Fuzzy Hash: 43E146B2B44302ABD7119E5DECC0BA6B7E9EB85310F140AADFA45C33A1E771E4908795
                                                                                        Function 00473AC0 Relevance: 40.5, APIs: 8, Strings: 15, Instructions: 263memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • wcsncpy.MSVCR80 ref: 00473B72
                                                                                          • Part of subcall function 004749C0: List.LIBCMTD ref: 004749CA
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 00473BDF
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 00473BF7
                                                                                        • wcsncpy.MSVCR80 ref: 00473C23
                                                                                        • _wtoi.MSVCR80(00000000,font-size,font-family,-00000004,00000000,00000000,?,?), ref: 00473C46
                                                                                        • _wtoi.MSVCR80(00000000,bold,normal,font-weight,font-size,font-family,-00000004,00000000,00000000,?,?), ref: 00473CA8
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 00473CE4
                                                                                        • memcpy.MSVCR80(00000000,?,00000004,?,?,?,color,font-weight,font-size,font-family,-00000004,00000000,00000000,?,?), ref: 00473D09
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$_wtoiwcsncpy$Listmemcpy
                                                                                        • String ID: Tahoma$bold$bottom$center$color$font-family$font-size$font-weight$left$middle$normal$right$text-align$top$vertical-align
                                                                                        • API String ID: 2887013889-1516497678
                                                                                        • Opcode ID: 788e32562ee1b3e60529b53916602aee49f0928f9813a148764b4366f98aa258
                                                                                        • Instruction ID: 2ca92ed9edc0e43fd755dbe637c67a1d90932da1e7afedfaae36012b12e5aafe
                                                                                        • Opcode Fuzzy Hash: 788e32562ee1b3e60529b53916602aee49f0928f9813a148764b4366f98aa258
                                                                                        • Instruction Fuzzy Hash: 8DB17470600109DFDB04DF65D991AEEBBB4BF14305F10845EE80577392EB38EA59CB65
                                                                                        Function 004F6BD0 Relevance: 38.7, APIs: 15, Strings: 7, Instructions: 165fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateFileW.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,?,Dynamic), ref: 004F6C39
                                                                                        • GetFileSize.KERNEL32(000000FF,00000000), ref: 004F6C72
                                                                                        • CloseHandle.KERNEL32(000000FF), ref: 004F6C83
                                                                                          • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                        • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,?,Dynamic), ref: 004F6CD4
                                                                                        Strings
                                                                                        • The Resource File is corrupted. Please select another., xrefs: 004F6C48
                                                                                        • The Resource File is corrupted. Please select another., xrefs: 004F6D81
                                                                                        • The file size is larger than the maximum allowed (10 Mb)., xrefs: 004F6C89
                                                                                        • Dynamic, xrefs: 004F6C05
                                                                                        • You have selected a file with the size larger than 3Mb., xrefs: 004F6D24
                                                                                        • The Resource File is corrupted. Please select another., xrefs: 004F6CE3
                                                                                        • You have selected an image with the dimension larger than 3000x2000., xrefs: 004F6DDB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$Create$AllocatorCloseDebugHandleHeapSize
                                                                                        • String ID: Dynamic$The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$The file size is larger than the maximum allowed (10 Mb).$You have selected a file with the size larger than 3Mb.$You have selected an image with the dimension larger than 3000x2000.
                                                                                        • API String ID: 1944681888-4013501048
                                                                                        • Opcode ID: db53ed9e86c52f9cf1fd276464b43294e0c4f6e7b9bf3ea5ce6500d8ea47b909
                                                                                        • Instruction ID: 602c555bb4c1e2a523d70d8c740280473e2c328c7d9138f782ffa9abfa287272
                                                                                        • Opcode Fuzzy Hash: db53ed9e86c52f9cf1fd276464b43294e0c4f6e7b9bf3ea5ce6500d8ea47b909
                                                                                        • Instruction Fuzzy Hash: 27613C70A00258ABDB14EF54DC96BEEBB75FB40314F50465AF91AAB2D0CB34AF81DB44
                                                                                        Function 016974F0 Relevance: 37.2, APIs: 17, Strings: 4, Instructions: 408COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvGetMat.CXCORE099(?,?,?,00000000), ref: 01697624
                                                                                        • cvGetErrStatus.CXCORE099 ref: 01697630
                                                                                        • cvGetMat.CXCORE099(?,?,?,00000000), ref: 01697653
                                                                                          • Part of subcall function 0169E130: cvError.CXCORE099(000000E5,cvGetMat,NULL array pointer is passed,.\cxarray.cpp,00000ADB,?,?,?,?), ref: 0169E4BC
                                                                                        • cvGetErrStatus.CXCORE099 ref: 0169765F
                                                                                          • Part of subcall function 016D6D60: malloc.MSVCR80 ref: 016D6D6E
                                                                                        • cvError.CXCORE099(000000FF,cvMul,Inner function failed.,.\cxarithm.cpp,0000055F), ref: 0169767E
                                                                                        • cvError.CXCORE099(000000E8,cvMul,0174124F,.\cxarithm.cpp,00000555), ref: 016976AE
                                                                                        • cvGetMat.CXCORE099(?,?,?,00000000), ref: 016976CD
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016976DB
                                                                                        • cvInitNArrayIterator.CXCORE099(00000003,?,00000000,?,?,00000000), ref: 01697742
                                                                                        • cvGetErrStatus.CXCORE099 ref: 0169774A
                                                                                        • cvError.CXCORE099(FFFFFF2E,cvMul,0174124F,.\cxarithm.cpp,00000566), ref: 016977A1
                                                                                        • cvNextNArraySlice.CXCORE099(?), ref: 016977E8
                                                                                        • cvErrorFromIppStatus.CXCORE099(00000000,cvMul,OpenCV function failed,.\cxarithm.cpp,0000056D), ref: 01697813
                                                                                        • cvError.CXCORE099(00000000,0000056D), ref: 0169781C
                                                                                        • cvError.CXCORE099(FFFFFF2E,cvMul,0174124F,.\cxarithm.cpp,000005B3), ref: 016979AF
                                                                                        • cvError.CXCORE099(FFFFFF2F,cvMul,0174124F,.\cxarithm.cpp,00000577), ref: 01697A0A
                                                                                        • cvError.CXCORE099(FFFFFF33,cvMul,0174124F,.\cxarithm.cpp,00000574), ref: 01697A32
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status$Array$FromInitIteratorNextSlicemalloc
                                                                                        • String ID: .\cxarithm.cpp$Inner function failed.$OpenCV function failed$cvMul
                                                                                        • API String ID: 2213240858-2665756637
                                                                                        • Opcode ID: 1d300c580c7c18e680c6bece8332c695d22c8ffb5afd2a438d071aa3a617fdee
                                                                                        • Instruction ID: b1f285facbfdbc2d27457b03ed7a2843174c1adef66eeb69a3bdd3631cf15fc1
                                                                                        • Opcode Fuzzy Hash: 1d300c580c7c18e680c6bece8332c695d22c8ffb5afd2a438d071aa3a617fdee
                                                                                        • Instruction Fuzzy Hash: 8CD1FEB2A18301AFDB25DE5CEC91A6BB7A9FBC4710F404A6DF9459B351D370E8408F92
                                                                                        Function 004DF9D0 Relevance: 36.8, APIs: 11, Strings: 10, Instructions: 100COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Backgrounds$Dynamic$Eyebrow$Eyeglasses$Face$Face accessories$Hair$Hats$Objects$Static
                                                                                        • API String ID: 0-1997589367
                                                                                        • Opcode ID: 901aaf5dd029739a1d3c8ae11e8e018cde442a6ffa83023b5c9d53f9021075d0
                                                                                        • Instruction ID: 0d5221454f0c8e7e8b894d99aff3531fa54f2736b105361686d27a0df3d4384b
                                                                                        • Opcode Fuzzy Hash: 901aaf5dd029739a1d3c8ae11e8e018cde442a6ffa83023b5c9d53f9021075d0
                                                                                        • Instruction Fuzzy Hash: AC413B30A042199BCB25DF14D8A5BAB7761BB41708F1405BBB41A5B3D0CB79AEC9CB89
                                                                                        Function 01738160 Relevance: 35.4, APIs: 14, Strings: 6, Instructions: 398COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvInitNArrayIterator.CXCORE099(00000001,?,00000000,?,?,00000000,?,00000000,?), ref: 01738233
                                                                                        • cvGetErrStatus.CXCORE099(?,?,?,?,00000000,?), ref: 0173823B
                                                                                        • cvError.CXCORE099(000000FF,cvSum,Inner function failed.,.\cxsumpixels.cpp,000001A4,?,?,?,?,00000000,?), ref: 0173825A
                                                                                        • cvError.CXCORE099(FFFFFF2D,cvSum,The input array must have at most 4 channels,.\cxsumpixels.cpp,000001A8,?,?,?,?,00000000,?), ref: 017382A2
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvError.CXCORE099(FFFFFF2E,cvSum,0174124F,.\cxsumpixels.cpp,000001B0,?,?,?,?,00000000,?), ref: 017382E5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status$ArrayInitIterator
                                                                                        • String ID: .\cxsumpixels.cpp$Inner function failed.$OpenCV function failed$The input array must have at most 4 channels$Unsupported format$cvSum
                                                                                        • API String ID: 2429443112-1319435761
                                                                                        • Opcode ID: 85251ada0c33c90956cdede5d9ccc56a649cbf3d8f1934a434d2d4cea9078b34
                                                                                        • Instruction ID: 2a9eb3571f184422b9e95621458510b28b3902b085e01f0ed6d6a4864db8f22f
                                                                                        • Opcode Fuzzy Hash: 85251ada0c33c90956cdede5d9ccc56a649cbf3d8f1934a434d2d4cea9078b34
                                                                                        • Instruction Fuzzy Hash: 6FC127B2704702A7D720DE99EC8196BF3A4FBC4714F104A6DFA95D3286DB71E4608793
                                                                                        Function 0169F5B0 Relevance: 35.2, APIs: 13, Strings: 7, Instructions: 165COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(FFFFFF2D,cvCreateSparseMat,bad number of dimensions,.\cxarray.cpp,00000290), ref: 0169F7A2
                                                                                        • cvGetErrStatus.CXCORE099 ref: 0169F7AA
                                                                                        • cvReleaseSparseMat.CXCORE099(?), ref: 0169F7B8
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorReleaseSparseStatus
                                                                                        • String ID: .\cxarray.cpp$Inner function failed.$NULL <sizes> pointer$bad number of dimensions$cvCreateSparseMat$invalid array data type$one of dimesion sizes is non-positive
                                                                                        • API String ID: 4161171278-1695894728
                                                                                        • Opcode ID: 5bd30d45b75aa86553f4bc8345320e934e451898fb0df6d729c164cd5ca6550d
                                                                                        • Instruction ID: 601870088f4838ac0fc0ad6c85f6954d475ce821c969432da29456945f192658
                                                                                        • Opcode Fuzzy Hash: 5bd30d45b75aa86553f4bc8345320e934e451898fb0df6d729c164cd5ca6550d
                                                                                        • Instruction Fuzzy Hash: 985199B2B443066BDB10AF69EC92F2AB7DCAB50B58F11066DF552EA1C1F7B0E1044685
                                                                                        Function 017275D0 Relevance: 35.2, APIs: 10, Strings: 10, Instructions: 150memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • isalpha.MSVCR80 ref: 01727619
                                                                                        • cvError.CXCORE099(000000FB,cvRegisterType,Type name should start with a letter or _,.\cxpersistence.cpp,000012F6), ref: 01727641
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • isalnum.MSVCR80 ref: 0172767A
                                                                                        • cvAlloc.CXCORE099(?), ref: 0172769C
                                                                                        • cvGetErrStatus.CXCORE099 ref: 017276A6
                                                                                        • cvError.CXCORE099(000000FF,cvRegisterType,Inner function failed.,.\cxpersistence.cpp,00001302), ref: 017276C5
                                                                                        • cvError.CXCORE099(000000E5,cvRegisterType,Some of required function pointers (is_instance, release, read or write) are NULL,.\cxpersistence.cpp,000012F2), ref: 0172776E
                                                                                        • cvError.CXCORE099(FFFFFF37,cvRegisterType,Invalid type info,.\cxpersistence.cpp,000012EC), ref: 01727791
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status$Allocisalnumisalpha
                                                                                        • String ID: -$.\cxpersistence.cpp$Inner function failed.$Invalid type info$Some of required function pointers (is_instance, release, read or write) are NULL$Type name should contain only letters, digits, - and _$Type name should start with a letter or _$_$_$cvRegisterType
                                                                                        • API String ID: 1547913256-22553919
                                                                                        • Opcode ID: 732908a63a607a091095e1669559d080b0dfc01f81b149abcd2add07542ae568
                                                                                        • Instruction ID: 0e50a22659104ee2f1acc41614fe2cad2941af40d1883137defa383159bfb01a
                                                                                        • Opcode Fuzzy Hash: 732908a63a607a091095e1669559d080b0dfc01f81b149abcd2add07542ae568
                                                                                        • Instruction Fuzzy Hash: 10415BB2A803165BDF249F1DFD51BA6F798AB50324F08427EED0C97292D2B19462C752
                                                                                        Function 016C91B0 Relevance: 35.1, APIs: 15, Strings: 5, Instructions: 122COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,cvCreateGraphScanner,Null graph pointer,.\cxdatastructs.cpp,00000D74), ref: 016C91D7
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvError.CXCORE099(000000FD,cvCreateGraphScanner,Assertion: graph->storage != 0 failed,.\cxdatastructs.cpp,00000D76), ref: 016C91FF
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016C9306
                                                                                        • cvReleaseMemStorage.CXCORE099(?), ref: 016C9314
                                                                                        • cvFree_.CXCORE099(00000000,?), ref: 016C931A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorStatus$Free_ReleaseStorage
                                                                                        • String ID: .\cxdatastructs.cpp$Assertion: graph->storage != 0 failed$Inner function failed.$Null graph pointer$cvCreateGraphScanner
                                                                                        • API String ID: 4082972338-2878698368
                                                                                        • Opcode ID: 353fd100b49bb1f086a7dd6cfd0bd9b88d528a188814828d6960b426fd603d8e
                                                                                        • Instruction ID: d57a09f6c1d4bf56a022c35f74335104f77669b5c22e4fd8d4d874222bf332ef
                                                                                        • Opcode Fuzzy Hash: 353fd100b49bb1f086a7dd6cfd0bd9b88d528a188814828d6960b426fd603d8e
                                                                                        • Instruction Fuzzy Hash: AE31E9F2F4430377D700BA7AEC51A2676D6DF60F28F00462DF919D6282FB60D05146AA
                                                                                        Function 00402130 Relevance: 33.7, APIs: 16, Strings: 3, Instructions: 433COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000FB,cvCylDrawCylinder,Invalid parameter.,.\src\cylaux.cpp,0000009A), ref: 00402670
                                                                                          • Part of subcall function 00405340: cvSet.CXCORE099(?,?,?,?,00000000,0040217B), ref: 0040535D
                                                                                        • cvGEMM.CXCORE099(?,?), ref: 004021A7
                                                                                        • _CIcos.MSVCR80 ref: 004021DD
                                                                                        • _CIsin.MSVCR80 ref: 004021EA
                                                                                        • cvGEMM.CXCORE099(?,?), ref: 0040225F
                                                                                        • cvGEMM.CXCORE099(?,?), ref: 004022C4
                                                                                        • cvGEMM.CXCORE099(?,?), ref: 00402325
                                                                                        • _CIsqrt.MSVCR80 ref: 004023DC
                                                                                        • _CIsqrt.MSVCR80 ref: 004023F7
                                                                                        • _CIacos.MSVCR80 ref: 00402431
                                                                                        • cvSet2D.CXCORE099(?,?,?), ref: 00402488
                                                                                        • _CIcos.MSVCR80 ref: 004024E9
                                                                                        • _CIsin.MSVCR80 ref: 00402517
                                                                                        • cvGEMM.CXCORE099(?,?), ref: 00402559
                                                                                        • cvGEMM.CXCORE099(?,?), ref: 004025DA
                                                                                        • cvLine.CXCORE099(?,?,?,?,?), ref: 0040264C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: IcosIsinIsqrt$ErrorIacosLineSet2
                                                                                        • String ID: .\src\cylaux.cpp$Invalid parameter.$cvCylDrawCylinder
                                                                                        • API String ID: 3689646513-1738803442
                                                                                        • Opcode ID: 8deb28bca9f0b0be666a0c88b69cf3ae356be30c15ac8f98f76c123cc54bb843
                                                                                        • Instruction ID: ee0604925432baceefbd38c3e5584ac40f80a2529fa49fd9d4d055b72c52293a
                                                                                        • Opcode Fuzzy Hash: 8deb28bca9f0b0be666a0c88b69cf3ae356be30c15ac8f98f76c123cc54bb843
                                                                                        • Instruction Fuzzy Hash: C8F1A171A05601DBD304AF60D989696BFF0FF84780F614D88E5D4672A9EB3198B4CFC6
                                                                                        Function 0173E020 Relevance: 33.6, APIs: 12, Strings: 7, Instructions: 395COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(FFFFFF2E,cvSolveCubic,Both matrices should be floating-point (single or double precision),.\cxutils.cpp,0000011F), ref: 0173E0E8
                                                                                        • cvError.CXCORE099(FFFFFF37,cvSolveCubic,The matrix of roots must be 1-dimensional vector of 3 elements,.\cxutils.cpp,0000012A), ref: 0173E13A
                                                                                        • cvError.CXCORE099(?,cvSolveCubic,Input parameter is not a valid matrix,.\cxutils.cpp,00000117), ref: 0173E4B6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error
                                                                                        • String ID: .\cxutils.cpp$Both matrices should be floating-point (single or double precision)$Input parameter is not a valid matrix$Output parameter is not a valid matrix$The matrix of coefficients must be 1-dimensional vector of 3 or 4 elements$The matrix of roots must be 1-dimensional vector of 3 elements$cvSolveCubic
                                                                                        • API String ID: 2619118453-785790621
                                                                                        • Opcode ID: 728b67bfdefe95d09472ea16da11ad995f778f4380ee7b842688aa9b688197a4
                                                                                        • Instruction ID: 92140e4998d737943dce8d7a302c59c778c7a5856dca479292a8247649ab303d
                                                                                        • Opcode Fuzzy Hash: 728b67bfdefe95d09472ea16da11ad995f778f4380ee7b842688aa9b688197a4
                                                                                        • Instruction Fuzzy Hash: 68D107B2F0470297D7166E14D845199FBB4FBC47A0F210E8CF5C6662BAEF3289658BC1
                                                                                        Function 004018D0 Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 298COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000FB,cvCylGetModelPosition,Null pointer to tracker context.,.\src\cyltracker.cpp,00000223,?,?,?), ref: 004018F9
                                                                                        • cvError.CXCORE099(000000FB,cvCylGetModelPosition,Null pointer to head config structure.,.\src\cyltracker.cpp,00000226,?,?,?), ref: 00401925
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error
                                                                                        • String ID: .\src\cyltracker.cpp$Null pointer to head config structure.$Null pointer to tracker context.$cvCylGetModelPosition
                                                                                        • API String ID: 2619118453-1894096719
                                                                                        • Opcode ID: 94b001c55bfdf0bd65362a55d97ec9160b4cac4fd4508785464b6c2c950edd66
                                                                                        • Instruction ID: 9f04fb016eb92f5e31f0ef4e1e4ba15881229676976377827f4aa03fecfd0c42
                                                                                        • Opcode Fuzzy Hash: 94b001c55bfdf0bd65362a55d97ec9160b4cac4fd4508785464b6c2c950edd66
                                                                                        • Instruction Fuzzy Hash: 95C12770609210EFC354AF14D58996ABFB0FF84340F929D98F4E5672A9D730E971CB86
                                                                                        Function 0169E130 Relevance: 33.5, APIs: 7, Strings: 12, Instructions: 284COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,cvGetMat,NULL array pointer is passed,.\cxarray.cpp,00000ADB,?,?,?,?), ref: 0169E4BC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error
                                                                                        • String ID: .\cxarray.cpp$Images with planar data layout should be used with COI selected$Inner function failed.$Input array has NULL data pointer$NULL array pointer is passed$Only continuous nD arrays are supported here$Pixel order should be used with coi == 0$The image has NULL data pointer$The image is interleaved and has over CV_CN_MAX channels$The matrix has NULL data pointer$Unrecognized or unsupported array type$cvGetMat
                                                                                        • API String ID: 2619118453-2064294148
                                                                                        • Opcode ID: 110b7c1ca997578a7d881d609e2c65754fe4268f426ba68381f5d83219749108
                                                                                        • Instruction ID: 109b107df504b36857ab8971b1055826b007e09a25be5f2d2233aa83a4f7ee46
                                                                                        • Opcode Fuzzy Hash: 110b7c1ca997578a7d881d609e2c65754fe4268f426ba68381f5d83219749108
                                                                                        • Instruction Fuzzy Hash: EC9123B1B44301AFCB18DE09CCA2E3AB79AFB94B10F09826DF5125B3D1D7B2E9418645
                                                                                        Function 0041EFD0 Relevance: 33.5, APIs: 15, Strings: 4, Instructions: 268windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 0041F03F
                                                                                        • FillRect.USER32(00000000,000000FF,00000000), ref: 0041F053
                                                                                        • LoadIconW.USER32(00000000,00000087), ref: 0041F0A1
                                                                                        • DrawIconEx.USER32(00000000,0000000A,0000000A,00529873,0000000A,0000000A,00000000,00000000,00000003), ref: 0041F0D3
                                                                                        • DeleteObject.GDI32(00529873), ref: 0041F0DD
                                                                                        • SetBkMode.GDI32(00000000,00000001), ref: 0041F110
                                                                                        • GetTextColor.GDI32(00000000), ref: 0041F11F
                                                                                        • SetTextColor.GDI32(00000000,00000000), ref: 0041F130
                                                                                        • memset.MSVCR80 ref: 0041F1DA
                                                                                          • Part of subcall function 00417240: CreateFontIndirectW.GDI32(00409661), ref: 0041724B
                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 0041F21A
                                                                                        • memset.MSVCR80 ref: 0041F293
                                                                                        • memset.MSVCR80 ref: 0041F2BA
                                                                                        • wcslen.MSVCR80 ref: 0041F35E
                                                                                        • DrawTextW.USER32(00000000,?,00000000), ref: 0041F385
                                                                                        • SelectObject.GDI32(00000000,?), ref: 0041F39D
                                                                                        Strings
                                                                                        • this codec doesn, xrefs: 0041F27B
                                                                                        • This feature requires a special video codec to function properly. Unfortunately, xrefs: 0041F22B
                                                                                        • Verdana, xrefs: 0041F1A0
                                                                                        • visit the ManyCam website help page , xrefs: 0041F2A0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ColorObjectTextmemset$DrawIconRectSelect$BrushClientCreateDeleteFillFontIndirectLoadModewcslen
                                                                                        • String ID: This feature requires a special video codec to function properly. Unfortunately$Verdana$this codec doesn$visit the ManyCam website help page
                                                                                        • API String ID: 923866622-1098169901
                                                                                        • Opcode ID: 3f31620da8421e62cd21c6cfa0caa7031ff0a88d6dc715023633d5f283328bfa
                                                                                        • Instruction ID: 6f95be4a3cc1c25362b5af6b12462e5a34df96a0e09e544e1f1783aa57f49324
                                                                                        • Opcode Fuzzy Hash: 3f31620da8421e62cd21c6cfa0caa7031ff0a88d6dc715023633d5f283328bfa
                                                                                        • Instruction Fuzzy Hash: 83D1F7B0D002189FDB14DF99DC54BDEBBB8BF58304F1081AAE509AB391DB746A89CF54
                                                                                        Function 016C3080 Relevance: 33.5, APIs: 14, Strings: 5, Instructions: 201COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvInitNArrayIterator.CXCORE099(00000001,?,00000000,?,?,00000000), ref: 016C30DE
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016C30E6
                                                                                        • memset.MSVCR80 ref: 016C313C
                                                                                        • cvNextNArraySlice.CXCORE099(?,?,00000000,?), ref: 016C3146
                                                                                        • cvNextNArraySlice.CXCORE099(?,?,40000000,?,?), ref: 016C317E
                                                                                        • cvGetMat.CXCORE099 ref: 016C31E3
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016C31ED
                                                                                        • cvError.CXCORE099(000000FF,cvSetZero,Inner function failed.,.\cxcopy.cpp,000002D0), ref: 016C320C
                                                                                        • cvError.CXCORE099(000000E8,cvSetZero,coi is not supported,.\cxcopy.cpp,000002D2), ref: 016C3239
                                                                                        • memset.MSVCR80 ref: 016C3297
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Array$ErrorNextSliceStatusmemset$InitIterator
                                                                                        • String ID: .\cxcopy.cpp$Inner function failed.$OpenCV function failed$coi is not supported$cvSetZero
                                                                                        • API String ID: 1474594845-3837322588
                                                                                        • Opcode ID: 894981d22fd69bd1c38717c887bdab5573ad4d8c639f589f7d6fb6069ef59984
                                                                                        • Instruction ID: 66e17dcc911889db5aebf7e46955e4e0399d12b486fd9f4dbfa4a8131560edcf
                                                                                        • Opcode Fuzzy Hash: 894981d22fd69bd1c38717c887bdab5573ad4d8c639f589f7d6fb6069ef59984
                                                                                        • Instruction Fuzzy Hash: 14516BB7B403011BE724EA18EC51FBBB2E9EBE4B04F048A2DF505C7381E765E9048696
                                                                                        Function 01715050 Relevance: 32.0, APIs: 13, Strings: 5, Instructions: 475COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvGetMat.CXCORE099(?,?,?,00000000,?,01703518), ref: 017151D9
                                                                                        • cvGetErrStatus.CXCORE099(?,?,?,01703518), ref: 017151E3
                                                                                        • cvError.CXCORE099(000000FF,cvMinMaxLoc,Inner function failed.,.\cxminmaxloc.cpp,0000013D,?,?,?,01703518), ref: 01715202
                                                                                        • cvError.CXCORE099(000000FB,cvMinMaxLoc,0174124F,.\cxminmaxloc.cpp,00000145,?,?,?,?,?,01703518), ref: 01715263
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvGetMat.CXCORE099(?,?,00000000,00000000,?,?,?,?,?,01703518), ref: 017152B5
                                                                                        • cvGetErrStatus.CXCORE099(?,?,?,?,?,?,?,01703518), ref: 017152C1
                                                                                        • cvError.CXCORE099(000000FF,cvMinMaxLoc,Inner function failed.,.\cxminmaxloc.cpp,0000014F,?,?,?,?,?,?,?,01703518), ref: 017152E0
                                                                                        • cvError.CXCORE099(FFFFFF30,cvMinMaxLoc,0174124F,.\cxminmaxloc.cpp,00000152,?,?,?,?,?,?,?,01703518), ref: 0171531A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status
                                                                                        • String ID: .\cxminmaxloc.cpp$Inner function failed.$OpenCV function failed$Unsupported format$cvMinMaxLoc
                                                                                        • API String ID: 483703942-3269360779
                                                                                        • Opcode ID: 1cd619bb8821a6f052c510eb0f73be082dc5ff697345f3d3b7e1a66109568acf
                                                                                        • Instruction ID: 62eb284269ee4574c3cb20c1b8cff94b9459a4122f8912d926736281e64c5016
                                                                                        • Opcode Fuzzy Hash: 1cd619bb8821a6f052c510eb0f73be082dc5ff697345f3d3b7e1a66109568acf
                                                                                        • Instruction Fuzzy Hash: ED02CEB16483019BD728DF1DE890A6BF7E5FBC9728F948A2DF18587249D731E444CB82
                                                                                        Function 004D1F20 Relevance: 31.9, APIs: 15, Strings: 3, Instructions: 394windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                          • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                        • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D2030
                                                                                        • GetTickCount.KERNEL32 ref: 004D2076
                                                                                        • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D20A0
                                                                                        • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D212D
                                                                                        • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D21FB
                                                                                        • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D228A
                                                                                        • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D22EE
                                                                                        • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D2358
                                                                                        • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D23CB
                                                                                        • GetTickCount.KERNEL32 ref: 004D23FB
                                                                                        • IsWindow.USER32(?), ref: 004D243D
                                                                                        • PostMessageW.USER32(?,00008190,000000FF,FFFFFFFF), ref: 004D245E
                                                                                        • SendMessageW.USER32(00000000,00008194,00000000,?), ref: 004D249E
                                                                                        • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D24B5
                                                                                        • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D24E2
                                                                                          • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                        Strings
                                                                                        • Couldn't activate item., xrefs: 004D221C
                                                                                        • fUS, xrefs: 004D2447
                                                                                        • CPlayList::ActivateItem (%s) pos=%d reset=%d, xrefs: 004D1F6A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancellation_token_source::~cancellation_token_source$CountMessageTickclock$AllocatorDebugHeapPostSendWindow
                                                                                        • String ID: CPlayList::ActivateItem (%s) pos=%d reset=%d$Couldn't activate item.$fUS
                                                                                        • API String ID: 2714024287-817954826
                                                                                        • Opcode ID: 72d5d28fb81e9cb43a23bfa0ae115a46047e039f4e0d0dee57b90eda3ef89231
                                                                                        • Instruction ID: cd11fd919a321e88f285589761f8251e1514877f7c039c8d1d7105039d16572d
                                                                                        • Opcode Fuzzy Hash: 72d5d28fb81e9cb43a23bfa0ae115a46047e039f4e0d0dee57b90eda3ef89231
                                                                                        • Instruction Fuzzy Hash: FA027970A00218DFDB14DBA4CD61BEEBBB1AF55308F14819EE5096B382CB746E89CF55
                                                                                        Function 004C8720 Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 318COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                          • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                        • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C878C
                                                                                        • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C879B
                                                                                        • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C87D2
                                                                                        • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004C87E1
                                                                                          • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                        Strings
                                                                                        • CManyCamModel::UpdateGraphTopologyOnSourceChange, xrefs: 004C8755
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancellation_token_source::~cancellation_token_source$clock$AllocatorDebugHeap
                                                                                        • String ID: CManyCamModel::UpdateGraphTopologyOnSourceChange
                                                                                        • API String ID: 952932671-1321120180
                                                                                        • Opcode ID: 0b90ff5f2a21a3f5109c721d4de8bebc9373ba52e13293d6d0797d08fd4d5099
                                                                                        • Instruction ID: 10940e179f8bca40d99c735d3df1e6ff842ee16e2e5db1de052c77a05b9f2183
                                                                                        • Opcode Fuzzy Hash: 0b90ff5f2a21a3f5109c721d4de8bebc9373ba52e13293d6d0797d08fd4d5099
                                                                                        • Instruction Fuzzy Hash: 5BE13E70D04248DECB04EFA5D961BEEBBB0AF15308F10815FF4166B282EF785A45DB99
                                                                                        Function 0169E4E0 Relevance: 31.7, APIs: 10, Strings: 8, Instructions: 236COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,cvReshape,0174124F,.\cxarray.cpp,00000C25), ref: 0169E50C
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvGetMat.CXCORE099(?,?,?,00000001), ref: 0169E53F
                                                                                        • cvGetErrStatus.CXCORE099 ref: 0169E549
                                                                                        • cvError.CXCORE099(000000FF,cvReshape,Inner function failed.,.\cxarray.cpp,00000C2A), ref: 0169E568
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorStatus
                                                                                        • String ID: .\cxarray.cpp$Bad new number of rows$COI is not supported$Inner function failed.$The matrix is not continuous, thus its number of rows can not be changed$The total number of matrix elements is not divisible by the new number of rows$The total width is not divisible by the new number of channels$cvReshape
                                                                                        • API String ID: 1596131371-1083640735
                                                                                        • Opcode ID: 6bb5cf28bb20fb3d1ec59e36cd5898b5bba0d452058e83d649bd8525eaeba1d3
                                                                                        • Instruction ID: f81b399952e356a08f9243e090b6e47ba55fc08e3998097b3dc27b1cde4b64fb
                                                                                        • Opcode Fuzzy Hash: 6bb5cf28bb20fb3d1ec59e36cd5898b5bba0d452058e83d649bd8525eaeba1d3
                                                                                        • Instruction Fuzzy Hash: B46179B2B443105BCB04EB5EECA1D1AF7C4EB94B61F14026EF506EB782E772E94086D5
                                                                                        Function 004B2A80 Relevance: 31.7, APIs: 3, Strings: 15, Instructions: 169COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 004B76D0: fwprintf.MSVCR80 ref: 004B7764
                                                                                          • Part of subcall function 004B76D0: fflush.MSVCR80 ref: 004B7774
                                                                                        • StringFromGUID2.OLE32()K,?,00000040,)K,0056F910,)K,00574DDC), ref: 004B2C30
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: FromStringfflushfwprintf
                                                                                        • String ID: Bit count = %d$Format type = %s$Format type = FORMAT_VideoInfo$Format type = GUID_NULL$Frame size = %dx%d$Major type = %s$Major type = GUID_NULL$Major type = MEDIATYPE_Video$Mediatype info:$Subtype = %s$Subtype = GUID_NULL$Subtype = MEDIASUBTYPE_RGB24$Subtype = MEDIASUBTYPE_RGB32$vids$)K
                                                                                        • API String ID: 2684700382-3987823964
                                                                                        • Opcode ID: e2d8f3dbb539b25badfc673ac368b6ee49d21c1c39eb2143ec57eff8d32f1992
                                                                                        • Instruction ID: 0a30e523ff0296b33be7bff9fb0a9039800934aade4f4bd872009a2dad4e24fd
                                                                                        • Opcode Fuzzy Hash: e2d8f3dbb539b25badfc673ac368b6ee49d21c1c39eb2143ec57eff8d32f1992
                                                                                        • Instruction Fuzzy Hash: A951C870E5420867DB10AF19DC57EDE3B34BF44705F00841AB908A6283EFB4EA59D7BA
                                                                                        Function 016D6160 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 494memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvGetMat.CXCORE099(?,?,?,00000000), ref: 016D6218
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016D6222
                                                                                        • cvGetMat.CXCORE099(?,?,?,00000000), ref: 016D6292
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016D629D
                                                                                        • cvFree_.CXCORE099(?), ref: 016D6573
                                                                                        • __alloca_probe_16.LIBCMT ref: 016D658F
                                                                                        • cvAlloc.CXCORE099(?), ref: 016D65AC
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016D65B7
                                                                                        • cvErrorFromIppStatus.CXCORE099(00000000,cvDCT,OpenCV function failed,.\cxdxt.cpp,00000A8B), ref: 016D66E5
                                                                                        • cvError.CXCORE099(FFFFFF2E,cvDCT,Only 32fC1 and 64fC1 formats are supported,.\cxdxt.cpp,00000A47), ref: 016D672F
                                                                                        • cvFree_.CXCORE099(?), ref: 016D6761
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Status$ErrorFree_$AllocFrom__alloca_probe_16
                                                                                        • String ID: .\cxdxt.cpp$Inner function failed.$Odd-size DCT's are not implemented$Only 32fC1 and 64fC1 formats are supported$OpenCV function failed$cvDCT
                                                                                        • API String ID: 2153135076-221668188
                                                                                        • Opcode ID: f83bbdd0bc63a02921c8188d1798624a9fdec388389f134b6a1d67a374bafb89
                                                                                        • Instruction ID: 9d69a34797a46914456fa9ad57a0f513456de06c471bbdd67a945f62175985b3
                                                                                        • Opcode Fuzzy Hash: f83bbdd0bc63a02921c8188d1798624a9fdec388389f134b6a1d67a374bafb89
                                                                                        • Instruction Fuzzy Hash: 9E126CB1E002199BDF14CFA9CC90AAEBBB5BF58714F14812EE915E7344E770A981CF91
                                                                                        Function 00402C80 Relevance: 30.2, APIs: 20, Instructions: 174COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00403140: cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,0040120F), ref: 00403198
                                                                                          • Part of subcall function 00403140: cvCreateImage.CXCORE099(?,?,80000010,00000001,?,00000000,?,0040120F), ref: 004031AF
                                                                                          • Part of subcall function 00403140: cvCreateImage.CXCORE099(?,?,80000010,00000001,?,?,?,?,?,00000000,?,0040120F), ref: 004031C7
                                                                                        • cvCreateMat.CXCORE099(00000004,00000004,00000005,0040120F), ref: 00402C98
                                                                                        • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,0040120F), ref: 00402CB4
                                                                                        • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,0040120F), ref: 00402CD0
                                                                                        • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,0040120F), ref: 00402CEC
                                                                                        • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,?,?,?,0040120F), ref: 00402D08
                                                                                        • cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00402D24
                                                                                        • cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00402D40
                                                                                        • cvCreateMat.CXCORE099(00000003,00000004,00000005), ref: 00402D5C
                                                                                        • cvCreateMat.CXCORE099(00000003,00000004,00000005), ref: 00402D78
                                                                                        • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402D94
                                                                                        • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402DB0
                                                                                        • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402DCC
                                                                                        • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402DE8
                                                                                        • cvCreateMat.CXCORE099(00000003,00000001,00000005), ref: 00402E04
                                                                                        • cvCreateMat.CXCORE099(00000006,00000006,00000005), ref: 00402E20
                                                                                        • cvCreateMat.CXCORE099(00000006,00000001,00000005), ref: 00402E38
                                                                                        • cvCreateMat.CXCORE099(00000006,00000001,00000005), ref: 00402E50
                                                                                        • cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00402E68
                                                                                        • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402E80
                                                                                        • cvCreateMat.CXCORE099(00000004,00000001,00000005), ref: 00402E98
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Create$Image
                                                                                        • String ID:
                                                                                        • API String ID: 1237808576-0
                                                                                        • Opcode ID: ae6bf935b923b4879af12b20d1e7ba834aac778abf3f025c7bd5bd2a014dc142
                                                                                        • Instruction ID: 61334a59a6328505146fa154266dd27d5a2e39e93b606410563eabcbac9550f4
                                                                                        • Opcode Fuzzy Hash: ae6bf935b923b4879af12b20d1e7ba834aac778abf3f025c7bd5bd2a014dc142
                                                                                        • Instruction Fuzzy Hash: 225106B0A81B027AF67057719E0BB9326912B26B01F050539BB4DB83C6FBF59521CA99
                                                                                        Function 004B8960 Relevance: 30.1, APIs: 7, Strings: 10, Instructions: 397COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • CManyCamGraphMgr::AddCameraInput, xrefs: 004B8995
                                                                                        • Graph creation failed with hr=%X, xrefs: 004B8E3F
                                                                                        • Failed to create the graph with hr=%X, xrefs: 004B8C85
                                                                                        • Destroy the graph for camera %s, xrefs: 004B8B94
                                                                                        • Moniker is NULL., xrefs: 004B89FF
                                                                                        • Creating the graph for camera %s, xrefs: 004B8C3E
                                                                                        • Such camera is already in the list: %s, xrefs: 004B8AC7
                                                                                        • Error: camera name is empty., xrefs: 004B89BB
                                                                                        • Desired frame size is invalid., xrefs: 004B8A49
                                                                                        • Creating new entry for camera %s, xrefs: 004B8D86
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: clock$AllocatorDebugHeapfflushfwprintf
                                                                                        • String ID: CManyCamGraphMgr::AddCameraInput$Creating new entry for camera %s$Creating the graph for camera %s$Desired frame size is invalid.$Destroy the graph for camera %s$Error: camera name is empty.$Failed to create the graph with hr=%X$Graph creation failed with hr=%X$Moniker is NULL.$Such camera is already in the list: %s
                                                                                        • API String ID: 2739697835-1067953073
                                                                                        • Opcode ID: 8320536623643fb9a82ccd93883c4b51503a044c0bfe6443a3796fe1dcf3ba29
                                                                                        • Instruction ID: 0c2db78db8441f90a5655b608386306daf3177cd87543fca05d57ae7838a8fe2
                                                                                        • Opcode Fuzzy Hash: 8320536623643fb9a82ccd93883c4b51503a044c0bfe6443a3796fe1dcf3ba29
                                                                                        • Instruction Fuzzy Hash: F5024C70900208EFDB14EF95CC92BEEBBB5BF54304F10415EE5066B2D2DB786A45CBA9
                                                                                        Function 00402EC0 Relevance: 30.1, APIs: 20, Instructions: 126COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012A4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032CA
                                                                                          • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012A8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032DC
                                                                                          • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012AC,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032EA
                                                                                          • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012C0,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403302
                                                                                          • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012C4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403314
                                                                                          • Part of subcall function 004032A0: cvReleaseImage.CXCORE099(004012C8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403326
                                                                                        • cvReleaseMat.CXCORE099(00000118,?), ref: 00402ED9
                                                                                        • cvReleaseMat.CXCORE099(00000114), ref: 00402EEB
                                                                                        • cvReleaseMat.CXCORE099(0000011C), ref: 00402EFD
                                                                                        • cvReleaseMat.CXCORE099(00000120), ref: 00402F0F
                                                                                        • cvReleaseMat.CXCORE099(00000124), ref: 00402F21
                                                                                        • cvReleaseMat.CXCORE099(00000128), ref: 00402F33
                                                                                        • cvReleaseMat.CXCORE099(0000012C), ref: 00402F45
                                                                                        • cvReleaseMat.CXCORE099(00000130), ref: 00402F57
                                                                                        • cvReleaseMat.CXCORE099(00000134), ref: 00402F69
                                                                                        • cvReleaseMat.CXCORE099(00000100), ref: 00402F77
                                                                                        • cvReleaseMat.CXCORE099(00000104), ref: 00402F89
                                                                                        • cvReleaseMat.CXCORE099(00000110), ref: 00402F9B
                                                                                        • cvReleaseMat.CXCORE099(00000108), ref: 00402FAD
                                                                                        • cvReleaseMat.CXCORE099(0000010C), ref: 00402FBF
                                                                                        • cvReleaseMat.CXCORE099(00000138), ref: 00402FD1
                                                                                        • cvReleaseMat.CXCORE099(0000013C), ref: 00402FE3
                                                                                        • cvReleaseMat.CXCORE099(00000140), ref: 00402FF5
                                                                                        • cvReleaseMat.CXCORE099(00000144), ref: 00403007
                                                                                        • cvReleaseMat.CXCORE099(00000148), ref: 00403019
                                                                                        • cvReleaseMat.CXCORE099(0000014C), ref: 0040302C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Release$Image
                                                                                        • String ID:
                                                                                        • API String ID: 1442443227-0
                                                                                        • Opcode ID: 18739cc84c4e819f13137b706e7aec6c30c3c301381e9e13cdbf496b20ef20f3
                                                                                        • Instruction ID: e9e9c9bdbcc23bd9ce4fc92c64f6ef92138ef717c9158f18fb2c09d524048864
                                                                                        • Opcode Fuzzy Hash: 18739cc84c4e819f13137b706e7aec6c30c3c301381e9e13cdbf496b20ef20f3
                                                                                        • Instruction Fuzzy Hash: 3A415AB1C01B11ABDA70DB60D94EB97B6EC7F01300F44493E914B929D0EB79F658CAA3
                                                                                        Function 004AF1A0 Relevance: 30.0, APIs: 2, Strings: 15, Instructions: 270comCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                          • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                        • CoCreateInstance.OLE32(0056F320,00000000,00000001,00571B10,00000000,?,00000000,?,?,D8A7CFFC), ref: 004AF229
                                                                                          • Part of subcall function 004B76D0: fwprintf.MSVCR80 ref: 004B7764
                                                                                          • Part of subcall function 004B76D0: fflush.MSVCR80 ref: 004B7774
                                                                                        • CoCreateInstance.OLE32(0056F2E0,00000000,00000001,00571B40,00000000,00000000,00000000,?,?,D8A7CFFC), ref: 004AF297
                                                                                        Strings
                                                                                        • CGraphMgr::InitInternalInterfaces, xrefs: 004AF1C8
                                                                                        • Creating cature graph builder., xrefs: 004AF26B
                                                                                        • Failed with hr = %X., xrefs: 004AF4DD
                                                                                        • Getting IMediaEventEx interface., xrefs: 004AF41F
                                                                                        • Failed with hr = %X., xrefs: 004AF308
                                                                                        • Creating an instance of IGraphBuilder., xrefs: 004AF1FD
                                                                                        • Failed with hr = %X., xrefs: 004AF3F4
                                                                                        • Failed with hr = %X., xrefs: 004AF23C
                                                                                        • Init cap graph builder., xrefs: 004AF2C1
                                                                                        • Getting IMediaControlInterface., xrefs: 004AF333
                                                                                        • Getting IMediaFilter interface., xrefs: 004AF492
                                                                                        • Failed with hr = %X., xrefs: 004AF46A
                                                                                        • Failed with hr = %X., xrefs: 004AF2AA
                                                                                        • Failed with hr = %X., xrefs: 004AF37E
                                                                                        • Getting IMediaSeeking Interface., xrefs: 004AF3A9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateInstance$AllocatorDebugHeapclockfflushfwprintf
                                                                                        • String ID: CGraphMgr::InitInternalInterfaces$Creating an instance of IGraphBuilder.$Creating cature graph builder.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Failed with hr = %X.$Getting IMediaControlInterface.$Getting IMediaEventEx interface.$Getting IMediaFilter interface.$Getting IMediaSeeking Interface.$Init cap graph builder.
                                                                                        • API String ID: 3340919952-3253057602
                                                                                        • Opcode ID: 9b086fe0cb3031e3bc22e440be552398c93d060f0653d1dd36aa5157d34c403a
                                                                                        • Instruction ID: 91a63dad0f67e3e0232ba0b1807ee47d54ee56e4fdf06e0acade68bce617adf4
                                                                                        • Opcode Fuzzy Hash: 9b086fe0cb3031e3bc22e440be552398c93d060f0653d1dd36aa5157d34c403a
                                                                                        • Instruction Fuzzy Hash: 10A18270E402099BDB04EBD9DC62BBE77B0BF99719F10402EF80677282DB796905C769
                                                                                        Function 004A8E90 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 328memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004A8F0A
                                                                                          • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                          • Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                                        • wcscmp.MSVCR80 ref: 004A8F3A
                                                                                        • wcscmp.MSVCR80 ref: 004A8F53
                                                                                        • wcscmp.MSVCR80 ref: 004A8F80
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004A92EC
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004A9304
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004A9324
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$wcscmp$FileFindFirst
                                                                                        • String ID: InternalProperties
                                                                                        • API String ID: 1222566788-1350816593
                                                                                        • Opcode ID: c6da74deea4d9cd51fd66fbdb8e43503fd6c04aced2bb07cda00fcb46decaaae
                                                                                        • Instruction ID: d461dac8b76a5e630202117bde1037354cd356562fc5738dbdf76f67a61ac83d
                                                                                        • Opcode Fuzzy Hash: c6da74deea4d9cd51fd66fbdb8e43503fd6c04aced2bb07cda00fcb46decaaae
                                                                                        • Instruction Fuzzy Hash: 30F13AB49001199FDB14DF54CC94BAEB7B5BF55304F1085DAEA0AA7381DB34AE88CF68
                                                                                        Function 017254E0 Relevance: 28.3, APIs: 7, Strings: 9, Instructions: 311COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvGetErrStatus.CXCORE099 ref: 01725555
                                                                                        • cvError.CXCORE099(000000FF,cvReadRawDataSlice,Inner function failed.,.\cxpersistence.cpp,00000C82), ref: 01725574
                                                                                        • cvError.CXCORE099(FFFFFF37,cvReadRawDataSlice,The sequence slice does not fit an integer number of records,.\cxpersistence.cpp,00000CFE), ref: 01725831
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvError.CXCORE099(000000E5,cvReadRawDataSlice,Null pointer to reader or destination array,.\cxpersistence.cpp,00000C7D), ref: 0172587B
                                                                                        • cvError.CXCORE099(?,cvReadRawDataSlice,Invalid pointer to file storage,.\cxpersistence.cpp,00000C7A), ref: 017258A9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status
                                                                                        • String ID: .\cxpersistence.cpp$Inner function failed.$Invalid pointer to file storage$Null pointer to reader or destination array$The readed sequence is a scalar, thus len must be 1$The sequence element is not a numerical scalar$The sequence slice does not fit an integer number of records$YAML$cvReadRawDataSlice
                                                                                        • API String ID: 483703942-3949638684
                                                                                        • Opcode ID: 657a92d9fab8de2335ec18e2e1d4f80aa4c362e5091ccb5cac4355151ae3e42e
                                                                                        • Instruction ID: 5703a4a7b2d29a5efe489010918bbcd047487bce96430ab2ae932f66fef8e210
                                                                                        • Opcode Fuzzy Hash: 657a92d9fab8de2335ec18e2e1d4f80aa4c362e5091ccb5cac4355151ae3e42e
                                                                                        • Instruction Fuzzy Hash: DAA12472B49316CBD7108E2DDC516AAF7A5EF80720F240AADFC9AD7381D771C5518B82
                                                                                        Function 017240D0 Relevance: 28.3, APIs: 9, Strings: 7, Instructions: 260COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000FB,icvXMLWriteTag,An attempt to add element without a key to a map, or add element with key to sequence,.\cxpersistence.cpp,000008AE,00000000,?,00000000,-00000001,0172B0FB,00000000,00000000), ref: 01724133
                                                                                        • cvError.CXCORE099(000000FB,icvXMLWriteTag,Closing tag should not include any attributes,.\cxpersistence.cpp,000008C4), ref: 017241AE
                                                                                        • cvError.CXCORE099(000000FB,icvXMLWriteTag,A single _ is a reserved tag name,.\cxpersistence.cpp,000008BD,00000000,?,00000000,-00000001,0172B0FB,00000000,00000000), ref: 017241DF
                                                                                        • isalpha.MSVCR80 ref: 017241FA
                                                                                        • cvError.CXCORE099(000000FB,icvXMLWriteTag,Key should start with a letter or _,.\cxpersistence.cpp,000008C9,-00000001,0172B0FB,00000000,00000000), ref: 01724222
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • isalnum.MSVCR80 ref: 0172426B
                                                                                        • memcpy.MSVCR80(?,00000003,-00000001), ref: 0172430E
                                                                                        • memcpy.MSVCR80(?,00000000,-00000001,?,00000003,-00000001), ref: 01724329
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$memcpy$Statusisalnumisalpha
                                                                                        • String ID: .\cxpersistence.cpp$A single _ is a reserved tag name$An attempt to add element without a key to a map, or add element with key to sequence$Closing tag should not include any attributes$Invalid character in the key$Key should start with a letter or _$icvXMLWriteTag
                                                                                        • API String ID: 687291174-4149322074
                                                                                        • Opcode ID: 718fcbc100cf74b5ca2e0847412fb5b631a7b62930556c2a6b2d69be7bdef4e5
                                                                                        • Instruction ID: d8ca0428aabad81ba55579dd853af92978a03a66f5c874f1a5e9b9d7c4f1003b
                                                                                        • Opcode Fuzzy Hash: 718fcbc100cf74b5ca2e0847412fb5b631a7b62930556c2a6b2d69be7bdef4e5
                                                                                        • Instruction Fuzzy Hash: 6181CBB2B443566BDB01CE2DEC80B16FBD4AB81214F18467CED459B343E775E60AC792
                                                                                        Function 004010A0 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 187COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000FB,cvCylCreateTrackerContext,Invalid frame size.,.\src\cyltracker.cpp,00000064), ref: 004012DF
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error
                                                                                        • String ID: .\src\cyltracker.cpp$Insufficient memory for initializing tracker$Insufficient memory.$Invalid frame size.$Invalid method.$Invalid model type.$Invalid pyramid type.$cvCylCreateTrackerContext
                                                                                        • API String ID: 2619118453-4185331338
                                                                                        • Opcode ID: 159e2c39b6469685c728ac88f41f5128306c1347d163a9cc52779d86d74ae199
                                                                                        • Instruction ID: 99194e5ea39f0bab6f8ac41c15566c549df518491d95b6df1d49c7cd51309a21
                                                                                        • Opcode Fuzzy Hash: 159e2c39b6469685c728ac88f41f5128306c1347d163a9cc52779d86d74ae199
                                                                                        • Instruction Fuzzy Hash: 6F51F5B6B4031157DB149E58AC82BA67790BB85710F0881BEFE0CBF3D2E6759904C7A6
                                                                                        Function 016CA470 Relevance: 28.2, APIs: 11, Strings: 5, Instructions: 169COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvGetMat.CXCORE099 ref: 016CA48D
                                                                                          • Part of subcall function 0169E130: cvError.CXCORE099(000000E5,cvGetMat,NULL array pointer is passed,.\cxarray.cpp,00000ADB,?,?,?,?), ref: 0169E4BC
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016CA49B
                                                                                          • Part of subcall function 016D6D60: malloc.MSVCR80 ref: 016D6D6E
                                                                                        • cvError.CXCORE099(000000FF,cvPolyLine,Inner function failed.,.\cxdrawing.cpp,000007EC), ref: 016CA4BA
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvError.CXCORE099(000000E8,cvPolyLine,Unsupported format,.\cxdrawing.cpp,000007F2), ref: 016CA503
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status$malloc
                                                                                        • String ID: .\cxdrawing.cpp$Inner function failed.$Unsupported format$cvPolyLine$shift must be between 0 and 16
                                                                                        • API String ID: 1345421445-3456789013
                                                                                        • Opcode ID: adabd3a6f6e2af2a67f797acaa2a27b2238e012f2750bfb1eccb0184fee83dd5
                                                                                        • Instruction ID: 2ff9036080d9d9bfdec0c47b46b9a6efd31a139dce123e7033eb0157eda5b093
                                                                                        • Opcode Fuzzy Hash: adabd3a6f6e2af2a67f797acaa2a27b2238e012f2750bfb1eccb0184fee83dd5
                                                                                        • Instruction Fuzzy Hash: 46418CF3B8830537D600A689EC22FB7F354F7D0E10F84422DF95AA7381F761A544429A
                                                                                        Function 0172C180 Relevance: 28.2, APIs: 9, Strings: 7, Instructions: 156COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvGetFileNodeByName.CXCORE099(?,?,sequences), ref: 0172C199
                                                                                          • Part of subcall function 01722FC0: cvError.CXCORE099(000000E5,cvGetFileNodeByName,Null element name,.\cxpersistence.cpp,0000023E), ref: 0172300D
                                                                                        • cvStartReadSeq.CXCORE099(?,?,00000000), ref: 0172C1D7
                                                                                        • cvRead.CXCORE099(?,?,00000000), ref: 0172C1FA
                                                                                          • Part of subcall function 017279F0: cvGetErrStatus.CXCORE099(?,?,?,?,?,?,00000000), ref: 01727A23
                                                                                          • Part of subcall function 017279F0: cvError.CXCORE099(?,cvRead,Invalid pointer to file storage,.\cxpersistence.cpp,00001398,?,0172CD2D,00000000,?,00000000), ref: 01727A7B
                                                                                        • cvGetErrStatus.CXCORE099 ref: 0172C204
                                                                                          • Part of subcall function 016D6D60: malloc.MSVCR80 ref: 016D6D6E
                                                                                        • cvError.CXCORE099(000000FF,icvReadSeqTree,Inner function failed.,.\cxpersistence.cpp,00001119), ref: 0172C2EB
                                                                                          • Part of subcall function 01723A30: cvGetFileNodeByName.CXCORE099(?,?,?), ref: 01723A42
                                                                                        • cvGetErrStatus.CXCORE099 ref: 0172C228
                                                                                        • cvChangeSeqBlock.CXCORE099(?,00000001), ref: 0172C2A1
                                                                                        • cvError.CXCORE099(FFFFFF2C,icvReadSeqTree,All the sequence tree nodes should contain "level" field,.\cxpersistence.cpp,0000111C), ref: 0172C316
                                                                                        • cvError.CXCORE099(FFFFFF2C,icvReadSeqTree,opencv-sequence-tree instance should contain a field "sequences" that should be a sequence,.\cxpersistence.cpp,0000110E), ref: 0172C341
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status$FileNameNodeRead$BlockChangeStartmalloc
                                                                                        • String ID: .\cxpersistence.cpp$All the sequence tree nodes should contain "level" field$Inner function failed.$icvReadSeqTree$level$opencv-sequence-tree instance should contain a field "sequences" that should be a sequence$sequences
                                                                                        • API String ID: 528128644-3956887381
                                                                                        • Opcode ID: f1c3755a8ebbd8c52f33f977bcb0f0b91b4ea9b7de3d99323a0f0b5918f89a73
                                                                                        • Instruction ID: 9c6b09ce186918cddcf35433bfa23c68e35da2050236cea42803494a6a9496e9
                                                                                        • Opcode Fuzzy Hash: f1c3755a8ebbd8c52f33f977bcb0f0b91b4ea9b7de3d99323a0f0b5918f89a73
                                                                                        • Instruction Fuzzy Hash: D54136B2A083116BC711DE98DC8195FFBD8EBA5620F440A2DFE58D3241D7B0E5468B93
                                                                                        Function 004735B0 Relevance: 26.6, APIs: 7, Strings: 8, Instructions: 324COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                          • Part of subcall function 00474150: _DebugHeapAllocator.LIBCPMTD ref: 00474184
                                                                                        • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 00473611
                                                                                          • Part of subcall function 0040EDB0: _DebugHeapAllocator.LIBCPMTD ref: 0040EDE7
                                                                                        • swscanf.MSVCR80 ref: 00473710
                                                                                        • swscanf.MSVCR80 ref: 0047372B
                                                                                        • swscanf.MSVCR80 ref: 00473746
                                                                                        Strings
                                                                                        • Error parsing color field: one of color components is not specified, xrefs: 00473891
                                                                                        • Error parsing color field: unexpected symbols '%s'., xrefs: 004739E1
                                                                                        • Unspecified error., xrefs: 004735EB
                                                                                        • Error parsing color field: one of color components is not specified, xrefs: 0047392B
                                                                                        • Success., xrefs: 00473A16
                                                                                        • Error parsing color field: one of color components is not specified, xrefs: 00473803
                                                                                        • Error parsing color field: wrong number of symbols after '#', xrefs: 00473689
                                                                                        • rgb(, xrefs: 0047378C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeapswscanf$Base::Concurrency::details::ContextIdentityQueueWork
                                                                                        • String ID: Error parsing color field: one of color components is not specified$Error parsing color field: one of color components is not specified$Error parsing color field: one of color components is not specified$Error parsing color field: unexpected symbols '%s'.$Error parsing color field: wrong number of symbols after '#'$Success.$Unspecified error.$rgb(
                                                                                        • API String ID: 1122337173-231897244
                                                                                        • Opcode ID: 683619098a5f14be788e1fbab1df8c809ac1bea4690c2859a926c6c666e65a2e
                                                                                        • Instruction ID: 514317ef524717ef2c7c16df4d54ca1b957cd51d0b51933f763c983e9b3e5875
                                                                                        • Opcode Fuzzy Hash: 683619098a5f14be788e1fbab1df8c809ac1bea4690c2859a926c6c666e65a2e
                                                                                        • Instruction Fuzzy Hash: 64D16F71901208EEDB04EBA5DC56BEEBB74AF10304F50816EF41AA72D1DB786B48CB95
                                                                                        Function 00401E00 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 165COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvCreateImage.CXCORE099(?,?,00000008,00000001), ref: 00401E39
                                                                                        • cvCreateImage.CXCORE099(?,?,00000008,00000001), ref: 00401E7D
                                                                                        • cvCvtColor.CV099(?,?,00000006,?,?,00000008,00000001), ref: 00401E8E
                                                                                        • cvResize.CV099(?,?,00000001), ref: 00401EA2
                                                                                        • cvEqualizeHist.CV099(?,?), ref: 00401EB0
                                                                                        • cvClearMemStorage.CXCORE099(?,?,?), ref: 00401EB6
                                                                                        • cvHaarDetectObjects.CV099(?,?,?,0000001E,0000001E), ref: 00401EDE
                                                                                        • cvReleaseImage.CXCORE099(?), ref: 00401EED
                                                                                        • cvReleaseImage.CXCORE099(?), ref: 00401EFA
                                                                                        • cvGetSeqElem.CXCORE099(00000000,00000000), ref: 00401F0F
                                                                                        • cvClearSeq.CXCORE099(00000000), ref: 00401FC9
                                                                                        • cvError.CXCORE099(000000FE,auxDetectFace,Invalid input data,.\src\cylaux.cpp,0000002C), ref: 00401FF0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Image$ClearCreateRelease$ColorDetectElemEqualizeErrorHaarHistObjectsResizeStorage
                                                                                        • String ID: .\src\cylaux.cpp$Invalid input data$auxDetectFace
                                                                                        • API String ID: 2437743724-1894629017
                                                                                        • Opcode ID: 2bb4529f379278a41ca53a7c36763ca3dde82cfa4019168cc177150fd70c6ded
                                                                                        • Instruction ID: ac98781828b75c9019f3c1cd100c5520617b492f8a1ed74b89b13fa435fe6163
                                                                                        • Opcode Fuzzy Hash: 2bb4529f379278a41ca53a7c36763ca3dde82cfa4019168cc177150fd70c6ded
                                                                                        • Instruction Fuzzy Hash: 0951B170608710ABD300AF14E84AA2BBBE4FFC8714F054E58F489672A5DA31D974CB56
                                                                                        Function 016CE120 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 158COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvGetMat.CXCORE099 ref: 016CE13D
                                                                                          • Part of subcall function 0169E130: cvError.CXCORE099(000000E5,cvGetMat,NULL array pointer is passed,.\cxarray.cpp,00000ADB,?,?,?,?), ref: 0169E4BC
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016CE147
                                                                                          • Part of subcall function 016D6D60: malloc.MSVCR80 ref: 016D6D6E
                                                                                        • cvError.CXCORE099(000000FF,01764BE4,Inner function failed.,.\cxdrawing.cpp,00000753), ref: 016CE166
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvError.CXCORE099(000000E8,01764BE4,Unsupported format,.\cxdrawing.cpp,00000759), ref: 016CE1AB
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status$malloc
                                                                                        • String ID: .\cxdrawing.cpp$Inner function failed.$Unsupported format$shift must be between 0 and 16
                                                                                        • API String ID: 1345421445-1630414593
                                                                                        • Opcode ID: d0a23e06213be5b39d1ab91db45a3e927ff08508974e85115840b3f820dcd6dd
                                                                                        • Instruction ID: a88972530fa9d4189293df51c43fe86f691daed5de187bea10a6c8dab3d62591
                                                                                        • Opcode Fuzzy Hash: d0a23e06213be5b39d1ab91db45a3e927ff08508974e85115840b3f820dcd6dd
                                                                                        • Instruction Fuzzy Hash: 65418BF3B4C3007BD6106649DC52FABB7A6EBD0E50F40052DFA49622C2E3B2B54487A7
                                                                                        Function 00506610 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 118fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 0050665D
                                                                                        • GetFileSize.KERNEL32(000000FF,00000000), ref: 0050669D
                                                                                        • CloseHandle.KERNEL32(000000FF), ref: 005066AE
                                                                                          • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                        Strings
                                                                                        • You have selected an image with the dimension larger than 3000x2000., xrefs: 0050676F
                                                                                        • The Resource File is corrupted. Please select another., xrefs: 00506718
                                                                                        • The Resource File is corrupted. Please select another., xrefs: 0050666C
                                                                                        • You have selected a file with the size larger than 3Mb., xrefs: 005066B4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$AllocatorCloseCreateDebugHandleHeapSize
                                                                                        • String ID: The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$You have selected a file with the size larger than 3Mb.$You have selected an image with the dimension larger than 3000x2000.
                                                                                        • API String ID: 1278540365-1045440647
                                                                                        • Opcode ID: a2995053e53532cd3cc61e84a4e3e243a16d3489957e33b38d496d8e3a878c98
                                                                                        • Instruction ID: bf2e516d7632956263a6d0b7edc6ab055445a249ca0629827ad9313cad8a857e
                                                                                        • Opcode Fuzzy Hash: a2995053e53532cd3cc61e84a4e3e243a16d3489957e33b38d496d8e3a878c98
                                                                                        • Instruction Fuzzy Hash: 3D513C70900259ABDB25EF14DC55BEDBBB0FF45704F1085AAF819AB2D0CB75AE84CB80
                                                                                        Function 00513E80 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 118fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00513ECD
                                                                                        • GetFileSize.KERNEL32(000000FF,00000000), ref: 00513F0D
                                                                                        • CloseHandle.KERNEL32(000000FF), ref: 00513F1E
                                                                                          • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                        Strings
                                                                                        • You have selected an image with the dimension larger than 3000x2000., xrefs: 00513FDF
                                                                                        • You have selected a file with the size larger than 3Mb., xrefs: 00513F24
                                                                                        • The Resource File is corrupted. Please select another., xrefs: 00513EDC
                                                                                        • The Resource File is corrupted. Please select another., xrefs: 00513F88
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: File$AllocatorCloseCreateDebugHandleHeapSize
                                                                                        • String ID: The Resource File is corrupted. Please select another.$The Resource File is corrupted. Please select another.$You have selected a file with the size larger than 3Mb.$You have selected an image with the dimension larger than 3000x2000.
                                                                                        • API String ID: 1278540365-1045440647
                                                                                        • Opcode ID: 31dae65b8d5032fe5dc687f767acb6db0229cd793d994c6b1de10459a5ee8fd9
                                                                                        • Instruction ID: 23f2238794eb66d98ba3da9ec40f43027c5041e0f5ff9c1f0f1834951436c019
                                                                                        • Opcode Fuzzy Hash: 31dae65b8d5032fe5dc687f767acb6db0229cd793d994c6b1de10459a5ee8fd9
                                                                                        • Instruction Fuzzy Hash: 27511970900259AFEB15EF14DC55BEDBB70BB45344F10859AE815AB2D0CB74AF84DF80
                                                                                        Function 004E5580 Relevance: 24.9, APIs: 11, Strings: 3, Instructions: 371memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                          • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                        • ??2@YAPAXI@Z.MSVCR80(000001F8,00000000,?,?,?,?,?,?,?,?,?,D8A7CFFC), ref: 004E56C0
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004E56E8
                                                                                          • Part of subcall function 004D7750: _DebugHeapAllocator.LIBCPMTD ref: 004D7791
                                                                                          • Part of subcall function 00418CB0: EnterCriticalSection.KERNEL32(xJ,00000001,?,004A78E3,?,004A7688,00000001,D8A7CFFC,?,?,00000000,005372A8,000000FF,?,004602DC), ref: 00418CBB
                                                                                        • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004E5761
                                                                                        • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004E57BA
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004E57A0
                                                                                          • Part of subcall function 00418D00: LeaveCriticalSection.KERNEL32(00000001,00000000,?,00418CE9,00000001,?,00418C7A,00417F19,?,00522EAF,?,005A2ECC,005A2ECC,?,00417F19), ref: 00418D0B
                                                                                        Strings
                                                                                        • SetVideoSource completed with bStatus = %d., xrefs: 004E5A61
                                                                                        • Changing source to type=%d, name=%s, xrefs: 004E5615
                                                                                        • CVideoLayer::SetVideoSource (%s), xrefs: 004E55B2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$Concurrency::cancellation_token_source::~cancellation_token_sourceCriticalSection$??2@EnterLeaveclock
                                                                                        • String ID: CVideoLayer::SetVideoSource (%s)$Changing source to type=%d, name=%s$SetVideoSource completed with bStatus = %d.
                                                                                        • API String ID: 940658134-2688229957
                                                                                        • Opcode ID: ed1a128956794bde5e5230a4d138cfadb2c5c7bc89fd5ac7b4d3999619687d38
                                                                                        • Instruction ID: dba240629de62da63940887bf9cd1e5b9116a74bbdd400ead28e10356bf54a65
                                                                                        • Opcode Fuzzy Hash: ed1a128956794bde5e5230a4d138cfadb2c5c7bc89fd5ac7b4d3999619687d38
                                                                                        • Instruction Fuzzy Hash: 0EF12B70E00248DFDB04DF95C8A1BEEB7B5AF48308F24816EE4196B392DB796D41CB95
                                                                                        Function 0040C220 Relevance: 24.8, APIs: 9, Strings: 5, Instructions: 308memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040FA80: List.LIBCMTD ref: 0040FA8A
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0040C2DC
                                                                                          • Part of subcall function 004DBD20: Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 004DBD89
                                                                                        • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 0040C305
                                                                                          • Part of subcall function 004DB530: _DebugHeapAllocator.LIBCPMTD ref: 004DB54A
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0040C35E
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0040C371
                                                                                          • Part of subcall function 004DAFB0: Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004DB014
                                                                                        • _snwprintf.MSVCR80 ref: 0040C591
                                                                                        • wcslen.MSVCR80 ref: 0040C59E
                                                                                        • wcscpy.MSVCR80 ref: 0040C5CE
                                                                                        • wcslen.MSVCR80 ref: 0040C5DB
                                                                                          • Part of subcall function 0040F760: _invalid_parameter_noinfo.MSVCR80(00000000,?,00409D5D,?,?,00000000,?,?,?,mce,?,?,?,?,?,?), ref: 0040F774
                                                                                        • wcscat.MSVCR80 ref: 0040C633
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$Base::Concurrency::details::$PolicySchedulerwcslen$ContextIdentityListQueueWork_invalid_parameter_noinfo_snwprintfwcscatwcscpy
                                                                                        • String ID: %s files (%s)$*.%s$*.%s$;*.%s$;*.%s
                                                                                        • API String ID: 3673500439-2222090975
                                                                                        • Opcode ID: 410b57a6a7f9a888242e909b12c55668fef034fc55ece74735e624549ad644eb
                                                                                        • Instruction ID: 0f1205feb10db953e557daecc0f66cfc6334ceda2ae244769a0a321528e6ad92
                                                                                        • Opcode Fuzzy Hash: 410b57a6a7f9a888242e909b12c55668fef034fc55ece74735e624549ad644eb
                                                                                        • Instruction Fuzzy Hash: 7BC12F71D00208DBDB14EBA5E892BEEB775AF54308F10417EF116B72D1DB385A48CB99
                                                                                        Function 0041A3B0 Relevance: 24.8, APIs: 6, Strings: 8, Instructions: 308memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                          • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                          • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                          • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0041A415
                                                                                          • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                          • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                          • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0041A437
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0041A455
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0041A47D
                                                                                          • Part of subcall function 00472C60: _wfopen_s.MSVCR80 ref: 00472CBE
                                                                                          • Part of subcall function 00472C60: fclose.MSVCR80 ref: 00472CDF
                                                                                          • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                          • Part of subcall function 004730D0: _DebugHeapAllocator.LIBCPMTD ref: 0047314B
                                                                                          • Part of subcall function 004730D0: _DebugHeapAllocator.LIBCPMTD ref: 0047316D
                                                                                        • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,?,00000000,?,0053E990,?,?,?,?,?,\class.xml,?,?,?,data\images\), ref: 0041A530
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$Image@@Load@_wfopen_sfclose
                                                                                        • String ID: 8S$P$\class.xml$data\images\$icon$icon_and_text$style$S
                                                                                        • API String ID: 255584289-693003568
                                                                                        • Opcode ID: 603b225bfe0989b9d3390ef585aae42c8b49bc1da2bbc25a9b3d303a95ec7668
                                                                                        • Instruction ID: 810976337b1479ad00da3f975604671f65968c870661c51cbc195e462080606e
                                                                                        • Opcode Fuzzy Hash: 603b225bfe0989b9d3390ef585aae42c8b49bc1da2bbc25a9b3d303a95ec7668
                                                                                        • Instruction Fuzzy Hash: 4BD16EB0D012189BDB14DB95CD92BEDBBB4BF18304F10819EE14A77281DB746E85CF9A
                                                                                        Function 00401690 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 176COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvCvtColor.CV099(?,?,00000007), ref: 004016FA
                                                                                        • cvGetImageROI.CXCORE099(?,?), ref: 0040170E
                                                                                        • cvSobel.CV099(?,?,00000001,00000000,00000003,?,?), ref: 00401742
                                                                                        • cvSobel.CV099(?,?,00000000,00000001,00000003), ref: 00401758
                                                                                        • cvGEMM.CXCORE099(?,?,?,00000000,?,00000000), ref: 004017D9
                                                                                        • cvCopy.CXCORE099(?,?,00000000), ref: 004017F1
                                                                                        • cvError.CXCORE099(000000FB,cvCylTrackModel,Invalid input frame.,.\src\cyltracker.cpp,000001A0), ref: 00401886
                                                                                        • cvSetImageROI.CXCORE099(?), ref: 004018B5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ImageSobel$ColorCopyError
                                                                                        • String ID: .\src\cyltracker.cpp$Invalid input frame.$Null pointer to the tracker context.$cvCylTrackModel
                                                                                        • API String ID: 3140367126-428952811
                                                                                        • Opcode ID: 3ec082688a0413c58711cd9b83bdb17f3b228cbd943129101cc4b4c10cf63d8e
                                                                                        • Instruction ID: 66ebd014f4a14a4e4a4a45a8ae43f3bc62eaeaf842471fa18c085293a8b48d64
                                                                                        • Opcode Fuzzy Hash: 3ec082688a0413c58711cd9b83bdb17f3b228cbd943129101cc4b4c10cf63d8e
                                                                                        • Instruction Fuzzy Hash: 5051A1B1B00601ABC608EB64DC86FA6F7A5BF89710F008229FA58573D1D774E924CBD6
                                                                                        Function 004B8420 Relevance: 23.0, APIs: 4, Strings: 9, Instructions: 284memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                          • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004B84DB
                                                                                        • ??2@YAPAXI@Z.MSVCR80(00000030,?,?,?,?,?,?,?,D8A7CFFC), ref: 004B84E2
                                                                                          • Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
                                                                                          • Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852
                                                                                          • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                        Strings
                                                                                        • AppModel pointer is NULL! Returning E_FAIL., xrefs: 004B8472
                                                                                        • Setting graph state %d, xrefs: 004B8655
                                                                                        • Creating frame grabbing graph for file %s, xrefs: 004B856B
                                                                                        • Destroying the graph., xrefs: 004B8725
                                                                                        • CManyCamGraphMgr::CreateGraph, xrefs: 004B8448
                                                                                        • Failed creating graph with hr=%X; preparing to clean up., xrefs: 004B8697
                                                                                        • Setting current pos for the graph %s, xrefs: 004B8616
                                                                                        • Couldn't find the graph %s!, xrefs: 004B86E7
                                                                                        • Creating frame grabbing graph for camera %s, xrefs: 004B84C0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeapclock$??2@fflushfwprintf
                                                                                        • String ID: AppModel pointer is NULL! Returning E_FAIL.$CManyCamGraphMgr::CreateGraph$Couldn't find the graph %s!$Creating frame grabbing graph for camera %s$Creating frame grabbing graph for file %s$Destroying the graph.$Failed creating graph with hr=%X; preparing to clean up.$Setting current pos for the graph %s$Setting graph state %d
                                                                                        • API String ID: 1778695617-1153812090
                                                                                        • Opcode ID: f1e7f66eff02cda7a9ed3db3bcb49d45f39b49662cdf193da7ba6901c3f1654f
                                                                                        • Instruction ID: f3cb85e83180b36cfd0b303413b5ba2857901d6173e86f69feec068597868732
                                                                                        • Opcode Fuzzy Hash: f1e7f66eff02cda7a9ed3db3bcb49d45f39b49662cdf193da7ba6901c3f1654f
                                                                                        • Instruction Fuzzy Hash: FBC11B75D00209AFDB04DF99CC92BEEB7B4AF48308F14411EF5167B292DB786A05CB69
                                                                                        Function 005062D0 Relevance: 23.0, APIs: 9, Strings: 4, Instructions: 206memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 00506312
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 00506336
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 00506352
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0050636E
                                                                                          • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                                          • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                                          • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                                          • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                                          • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                                        • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,000000FF,?,?,?,?,?,?,?,?,?,00000000,?,00000002,D8A7CFFC), ref: 005063A1
                                                                                        • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,00000000,000000FF,?,?,?,?,?,?,?,?,?,00000000,?,00000002,D8A7CFFC), ref: 005063B5
                                                                                          • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                          • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4E3
                                                                                          • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4FF
                                                                                        • memcpy.MSVCR80(?,?,?,D8A7CFFC), ref: 0050646C
                                                                                        • ??3@YAXPAX@Z.MSVCR80(?,?,anonymous_type,?,?,mask_reader_ver,?,?,mask_type,?,?,?,?,D8A7CFFC), ref: 0050652C
                                                                                        • ??3@YAXPAX@Z.MSVCR80(?,?,?,?,?,D8A7CFFC), ref: 0050653E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$??3@Image@@$memcpy
                                                                                        • String ID: anonymous_type$mask_reader_ver$mask_type$properties
                                                                                        • API String ID: 3418783136-1683271502
                                                                                        • Opcode ID: ea6c7d0e71fb220edab34224d6aa0e07e57cb9ccd2759369dc2a5b15c5864e21
                                                                                        • Instruction ID: 830ff7d4bb77275050dcf287e18c53aa9cee5c96830a24d37f20f8f55580aab9
                                                                                        • Opcode Fuzzy Hash: ea6c7d0e71fb220edab34224d6aa0e07e57cb9ccd2759369dc2a5b15c5864e21
                                                                                        • Instruction Fuzzy Hash: 8891F7B1E002489FDB04DFA8D896BEEBBB5BF88304F10816DE419A7381DB345A45CF91
                                                                                        Function 00514480 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 157memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(D8A7CFFC,000000FF,?,005125AA,?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000), ref: 005144AB
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(D8A7CFFC,000000FF,?,005125AA,?,?,?,00000000,?,?,?,?,?,00569F04,preview.jpg,00000000), ref: 005144B6
                                                                                        • ?Resample@CxImage@@QAE_NJJHPAV1@@Z.CXIMAGECRT(00000160,00000000,00000001,00000000,?,?,?,00000160,00000120,00000001,D8A7CFFC,000000FF,?,005125AA,?,?), ref: 00514559
                                                                                        • ?IncreaseBpp@CxImage@@QAE_NK@Z.CXIMAGECRT(00000018,00000160,00000000,00000001,00000000,?,?,?,00000160,00000120,00000001,D8A7CFFC,000000FF,?,005125AA,?), ref: 00514563
                                                                                        • ?AlphaCreate@CxImage@@QAE_NXZ.CXIMAGECRT(00000018,00000160,00000000,00000001,00000000,?,?,?,00000160,00000120,00000001,D8A7CFFC,000000FF,?,005125AA,?), ref: 0051456B
                                                                                        • ?Save@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000004,00000160,00000120,00000001,D8A7CFFC,000000FF,?,005125AA,?,?,?,00000000,?,?,?), ref: 005145B1
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 005145DC
                                                                                        • ?Resample@CxImage@@QAE_NJJHPAV1@@Z.CXIMAGECRT(?,00569E8C,00000001,00000000,00000000,0056A220,00000000,00000004,00000160,00000120,00000001,D8A7CFFC,000000FF,?,005125AA,?), ref: 0051463E
                                                                                        • ?Save@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000004,?,00569E8C,00000001,00000000,00000000,0056A220,00000000,00000004,00000160,00000120,00000001,D8A7CFFC,000000FF), ref: 00514651
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Image@@$Resample@Save@V1@@$AllocatorAlphaBpp@Create@DebugHeapHeight@IncreaseWidth@
                                                                                        • String ID: %s\%d.png$%s\%d.png$352x288$640x480
                                                                                        • API String ID: 2860891125-2440275166
                                                                                        • Opcode ID: a43d91bb6eb54d53ff6a1737a5b0fe56c092a8fccabc49aed94ca0378de78455
                                                                                        • Instruction ID: acc42daae56a842fc35e0990e2763de5810e809cf3d34599ed660b5ee8a323ea
                                                                                        • Opcode Fuzzy Hash: a43d91bb6eb54d53ff6a1737a5b0fe56c092a8fccabc49aed94ca0378de78455
                                                                                        • Instruction Fuzzy Hash: 5A6107B5E00209AFDB04EF99D892AEEBBB5FF88300F108529F515B7291DB746941CF94
                                                                                        Function 00472C60 Relevance: 21.3, APIs: 7, Strings: 5, Instructions: 270memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$_wfopen_sfclose
                                                                                        • String ID: base_class$class$name$prop$val
                                                                                        • API String ID: 1905607448-2961531382
                                                                                        • Opcode ID: 265c9ab7eb5baf22480eda760dc822cfc626c5c0d99404b903e2b5ff3dc1b93f
                                                                                        • Instruction ID: 751db2e67e60f486d96aaf90422ccf13f7de2e4e99e3856fc400571b524def08
                                                                                        • Opcode Fuzzy Hash: 265c9ab7eb5baf22480eda760dc822cfc626c5c0d99404b903e2b5ff3dc1b93f
                                                                                        • Instruction Fuzzy Hash: 47C14C70901258DEDB14EBA4CD55BEEBBB4BF50308F10819EE14A67292DB781F88CF95
                                                                                        Function 01704080 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 187COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvGetMat.CXCORE099 ref: 017040B6
                                                                                        • cvGetErrStatus.CXCORE099(?,?,00000000), ref: 017040C0
                                                                                        • cvError.CXCORE099(000000FF,cvSetIdentity,Inner function failed.,.\cxmatrix.cpp,00000041,?,?,00000000), ref: 017040DC
                                                                                        • cvError.CXCORE099(000000E8,cvSetIdentity,coi is not supported,.\cxmatrix.cpp,00000043), ref: 01704103
                                                                                        • cvErrorFromIppStatus.CXCORE099(00000000,cvSetIdentity,OpenCV function failed,.\cxmatrix.cpp,00000057,?,?,?,?), ref: 017041A3
                                                                                        • cvError.CXCORE099(00000000,?,?,?,00000000), ref: 017041AC
                                                                                        • cvScalarToRawData.CXCORE099(?,?,-00000001,00000000,?,?,?,?), ref: 01704233
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status$DataFromScalar
                                                                                        • String ID: .\cxmatrix.cpp$Inner function failed.$OpenCV function failed$coi is not supported$cvSetIdentity
                                                                                        • API String ID: 469994097-1910902401
                                                                                        • Opcode ID: ac9a65a84d5601dfac315c35f5210b670f1428ed1311cbbb90cac9f1aa171b73
                                                                                        • Instruction ID: 7508033599eead6178964f2b33c01f9010fa12de3a62249bb0aaf9f177a9e2c3
                                                                                        • Opcode Fuzzy Hash: ac9a65a84d5601dfac315c35f5210b670f1428ed1311cbbb90cac9f1aa171b73
                                                                                        • Instruction Fuzzy Hash: E65145B7B083079BDB15DE58DCA1B6FF3D8EBA4214F04093DEE0697381E2B0D5588696
                                                                                        Function 0042E150 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 171memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0042E198
                                                                                          • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0042E1D1
                                                                                          • Part of subcall function 004167E0: _DebugHeapAllocator.LIBCPMTD ref: 004167EE
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0042E203
                                                                                          • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0042E23C
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0042E258
                                                                                        • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000400), ref: 0042E295
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0042E2A5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$DateFormat
                                                                                        • String ID: Created by: $Creation date: $Name: $www.manycam.com$www.manycam.com
                                                                                        • API String ID: 393568584-1701023392
                                                                                        • Opcode ID: 6ae18c8123b619394136c12ce8f0d690e019f5e653af45ce7849ef6131bd0f08
                                                                                        • Instruction ID: cbadc1f5ef3ad51f7f35ce95d366eb704496e5c2bb1529dbc726db86d70e8f02
                                                                                        • Opcode Fuzzy Hash: 6ae18c8123b619394136c12ce8f0d690e019f5e653af45ce7849ef6131bd0f08
                                                                                        • Instruction Fuzzy Hash: 65711771A001199FCB14EB64CD91BEEB7B4BF48304F10869DE55AA7291DF34AE88CF94
                                                                                        Function 00406670 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 164COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00406840: GetWindowLongW.USER32(?,000000F0), ref: 0040684F
                                                                                        • GetParent.USER32 ref: 0040669A
                                                                                        • GetWindow.USER32(?,00000004), ref: 004066AD
                                                                                        • GetWindowRect.USER32(?,?), ref: 004066C0
                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D
                                                                                        • GetWindowRect.USER32(00000000,?), ref: 0040673B
                                                                                        • GetParent.USER32(?), ref: 00406749
                                                                                        • GetClientRect.USER32(?,?), ref: 0040675A
                                                                                        • GetClientRect.USER32(00000000,?), ref: 00406768
                                                                                        • MapWindowPoints.USER32(00000000,?,?,00000002), ref: 0040677C
                                                                                        • SetWindowPos.USER32(D8A7CFFC,00000000,00000000,D8A7CFFC,000000FF,000000FF,00000015,?,?), ref: 00406826
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$Rect$ClientLongParent$InfoParametersPointsSystem
                                                                                        • String ID: *b@
                                                                                        • API String ID: 2289592163-3951841937
                                                                                        • Opcode ID: 85e0b70c33394ba71c68aafcb1af9cf7bac2a856a7ed6dfd4d8bfa7c3afbd8a7
                                                                                        • Instruction ID: 1e1c0fd00856f1237eb481f10da8126670bc63b2ce16d521bf68457a350c038b
                                                                                        • Opcode Fuzzy Hash: 85e0b70c33394ba71c68aafcb1af9cf7bac2a856a7ed6dfd4d8bfa7c3afbd8a7
                                                                                        • Instruction Fuzzy Hash: BA611975E00209EFDB04CFE8C984AEEBBB5BF88304F148629E516BB394D734A945CB54
                                                                                        Function 00499CC0 Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 164windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetActiveWindow.USER32 ref: 00499D15
                                                                                        • GetLastActivePopup.USER32(00000000), ref: 00499D31
                                                                                        • SendMessageW.USER32(00000000,0000000D,00000104,?), ref: 00499D71
                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00499DEB
                                                                                        • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00499E0B
                                                                                        • wcscat.MSVCR80 ref: 00499E61
                                                                                        • GetPrivateProfileStringW.KERNEL32(DoNotAsk,00000000,00557E44,?,00000010,?), ref: 00499E9A
                                                                                        • wcstoul.MSVCR80 ref: 00499EAF
                                                                                        • MessageBeep.USER32(?), ref: 00499F1C
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ActiveMessageName$BeepFileFullLastModulePathPopupPrivateProfileSendStringWindowwcscatwcstoul
                                                                                        • String ID: %s%d$DoNotAsk$PPMessageBox.ini
                                                                                        • API String ID: 3999366269-2647165371
                                                                                        • Opcode ID: 88fe661ea0f20f6091777b59d426feaaedbdce2cd2330f005451ca6092a7d098
                                                                                        • Instruction ID: 52c43eb377399d7600db362d3f6ba6012730098c3eeec84a0b2b3f1ac4b66590
                                                                                        • Opcode Fuzzy Hash: 88fe661ea0f20f6091777b59d426feaaedbdce2cd2330f005451ca6092a7d098
                                                                                        • Instruction Fuzzy Hash: D571697190022A9BEF34DB54CD85BEAB7B8FB48305F0005EAE509A76D0DB742E84DF54
                                                                                        Function 016C8090 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 137COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,cvSeqPushMulti,NULL sequence pointer,.\cxdatastructs.cpp,0000068C), ref: 016C80B8
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvError.CXCORE099(FFFFFF37,cvSeqPushMulti,number of removed elements is negative,.\cxdatastructs.cpp,0000068E), ref: 016C80E5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status
                                                                                        • String ID: .\cxdatastructs.cpp$Inner function failed.$NULL sequence pointer$cvSeqPushMulti$number of removed elements is negative
                                                                                        • API String ID: 483703942-1158240429
                                                                                        • Opcode ID: 4da07d0ce75cc372996e6b60e418826264f13b78ae9315a665f515682234e16a
                                                                                        • Instruction ID: 806f9321ba1b2ce6dee4a18683720a6cd095d768cd6b1a5c1041d49726061088
                                                                                        • Opcode Fuzzy Hash: 4da07d0ce75cc372996e6b60e418826264f13b78ae9315a665f515682234e16a
                                                                                        • Instruction Fuzzy Hash: C64167B27003036BD3209E2EDC91A27B3E9FFD4A25F14423DF905D3A41E760E8548691
                                                                                        Function 016C75F0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 107memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,cvCreateSeq,0174124F,.\cxdatastructs.cpp,000001C6,00000000,?,016C8E10,00000000,00000040,00000000,00000000,00000000,0169F731,00000000,00000040), ref: 016C7612
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvMemStorageAlloc.CXCORE099(0169F731,00000000,?,00000000,00000000,?,016C8E10,00000000,00000040,00000000,00000000,00000000,0169F731,00000000,00000040,?), ref: 016C763C
                                                                                        • cvGetErrStatus.CXCORE099(?,00000000), ref: 016C7646
                                                                                        • cvError.CXCORE099(000000FF,cvCreateSeq,Inner function failed.,.\cxdatastructs.cpp,000001DD,?,?,?,?,?,?,00000000), ref: 016C7665
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorStatus$AllocStorage
                                                                                        • String ID: .\cxdatastructs.cpp$Inner function failed.$Specified element size doesn't match to the size of the specified element type (try to use 0 for element type)$cvCreateSeq
                                                                                        • API String ID: 2561662527-3290918493
                                                                                        • Opcode ID: 175e3a83fb4e9af5067d698ffed8df1e99d01e0a86ec59d3aa77f801fa150886
                                                                                        • Instruction ID: bb6c321c11bbc8a72304727b427e9f841f6cf574fea848228333a0f5b5ff2fa5
                                                                                        • Opcode Fuzzy Hash: 175e3a83fb4e9af5067d698ffed8df1e99d01e0a86ec59d3aa77f801fa150886
                                                                                        • Instruction Fuzzy Hash: 3E213AF3B8031623D610255FBC22E77B596DBA1F58F04013DFA16E7781E750D41146A9
                                                                                        Function 016C9570 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,cvTreeToNodeSeq,NULL storage pointer,.\cxdatastructs.cpp,00000EBB), ref: 016C9594
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvCreateSeq.CXCORE099(00000000,?,00000004,?), ref: 016C95AD
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016C95B7
                                                                                        • cvError.CXCORE099(000000FF,cvTreeToNodeSeq,Inner function failed.,.\cxdatastructs.cpp,00000EC1), ref: 016C95D6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorStatus$Create
                                                                                        • String ID: .\cxdatastructs.cpp$Inner function failed.$NULL storage pointer$cvTreeToNodeSeq
                                                                                        • API String ID: 2881495988-461573540
                                                                                        • Opcode ID: 82aa46f78de06562a5c44c099f474630b698defb6f75f47b677662594858f303
                                                                                        • Instruction ID: 5314a3eb97769cfd10d564df8f8f8388599ec8166e4ecb32c88d326ee4581794
                                                                                        • Opcode Fuzzy Hash: 82aa46f78de06562a5c44c099f474630b698defb6f75f47b677662594858f303
                                                                                        • Instruction Fuzzy Hash: 6911DAB1B043126BD700EA6AAC51F6B76D49F50F58F44452CFD18D2281F770C504879B
                                                                                        Function 016A21C0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 64COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvCreateMatHeader.CXCORE099(?,?), ref: 016A21EB
                                                                                          • Part of subcall function 016A2070: cvError.CXCORE099(FFFFFF37,cvCreateMatHeader,Non-positive width or height,.\cxarray.cpp,00000088), ref: 016A2188
                                                                                          • Part of subcall function 016A2070: cvGetErrStatus.CXCORE099 ref: 016A2190
                                                                                          • Part of subcall function 016A2070: cvReleaseMat.CXCORE099(?), ref: 016A219E
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016A21F5
                                                                                          • Part of subcall function 016D6D60: malloc.MSVCR80 ref: 016D6D6E
                                                                                        • cvError.CXCORE099(000000FF,cvCloneMat,Inner function failed.,.\cxarray.cpp,00000107), ref: 016A2214
                                                                                        • cvCreateData.CXCORE099(00000000), ref: 016A2228
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016A2230
                                                                                        • cvCopy.CXCORE099(?,00000000,00000000), ref: 016A2244
                                                                                          • Part of subcall function 016C2910: memcpy.MSVCR80(?,?,?,00000000,?), ref: 016C2997
                                                                                          • Part of subcall function 016C2910: cvClearSet.CXCORE099(00000000,?,?,?,00000000,?), ref: 016C29AC
                                                                                          • Part of subcall function 016C2910: cvFree_.CXCORE099(00000000,00000000,?), ref: 016C29C6
                                                                                          • Part of subcall function 016C2910: cvGetErrStatus.CXCORE099(?,00000000,?), ref: 016C29D1
                                                                                          • Part of subcall function 016C2910: cvError.CXCORE099(000000FF,cvCopy,Inner function failed.,.\cxcopy.cpp,00000140,?,?,00000000,?), ref: 016C29F0
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016A224C
                                                                                        • cvError.CXCORE099(000000FB,cvCloneMat,Bad CvMat header,.\cxarray.cpp,00000100), ref: 016A2272
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Status$Error$Create$ClearCopyDataFree_HeaderReleasemallocmemcpy
                                                                                        • String ID: .\cxarray.cpp$Bad CvMat header$Inner function failed.$cvCloneMat
                                                                                        • API String ID: 2397858851-239023815
                                                                                        • Opcode ID: 742606028c485c6ced6ed400297668f9e7e1778134b16c3b5faf51d274f15564
                                                                                        • Instruction ID: 9521a1da28dd9f0861931ed93eeac9276f87e44904c240d2a685054d36540f77
                                                                                        • Opcode Fuzzy Hash: 742606028c485c6ced6ed400297668f9e7e1778134b16c3b5faf51d274f15564
                                                                                        • Instruction Fuzzy Hash: 55010CB6B8430223DA2071AABC22F57219A4BE0B50F44412CFA11A6281E250ADC145AD
                                                                                        Function 0041C950 Relevance: 19.7, APIs: 13, Instructions: 185COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                                        • GetStockObject.GDI32(00000000), ref: 0041C9C4
                                                                                        • FillRect.USER32(?,?,00000000), ref: 0041C9D3
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT ref: 0041C9FF
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT ref: 0041CA2E
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000), ref: 0041CA56
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000), ref: 0041CA6D
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CA97
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CAC5
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB0E
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB36
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB4D
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CB77
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041CBA5
                                                                                          • Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Image@@$C__@@Draw@U3@_Utag$Width@$Rect$ClientFillHeight@ObjectStock
                                                                                        • String ID:
                                                                                        • API String ID: 1214153398-0
                                                                                        • Opcode ID: 1d1617abfc9fbb8697bfd5c8fbec6c435857e0e2642eb5cd6e205186f3222b68
                                                                                        • Instruction ID: 64adb8edbe6d6a745132db4a95317a47dd4f78eb1bf019a77eab89ed2a27929a
                                                                                        • Opcode Fuzzy Hash: 1d1617abfc9fbb8697bfd5c8fbec6c435857e0e2642eb5cd6e205186f3222b68
                                                                                        • Instruction Fuzzy Hash: 8A81C3B4D002099FDB58EF98D991BEEB7B5BF48304F20816AE519B7381DB342A45CF64
                                                                                        Function 00502A40 Relevance: 19.7, APIs: 13, Instructions: 160COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 898b4d837ae699b25311b23fbbf044c2f725344d7131efd26da484f397ae12a6
                                                                                        • Instruction ID: 12e37dd4abdcf4f70f14d239c3f2fb0002299592faa212dd5bf358f334e534ec
                                                                                        • Opcode Fuzzy Hash: 898b4d837ae699b25311b23fbbf044c2f725344d7131efd26da484f397ae12a6
                                                                                        • Instruction Fuzzy Hash: 20615470904308EFDB14DFA4D85AAEEBFB6BF55310F204A19E516AB2D1EB305A48DB50
                                                                                        Function 00434E60 Relevance: 19.5, APIs: 6, Strings: 5, Instructions: 254COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: #NC$Backgrounds$Date & Time$Drawing over video$Text over video
                                                                                        • API String ID: 0-745308588
                                                                                        • Opcode ID: e89cde5ceba465d579d9307fe3d900b605cbcdb901679e140c7094b8ba2244ab
                                                                                        • Instruction ID: 61b0055fb2e5cbe1d4e4773f87cdc9b928e12edc189f893c90bd2281fadebac5
                                                                                        • Opcode Fuzzy Hash: e89cde5ceba465d579d9307fe3d900b605cbcdb901679e140c7094b8ba2244ab
                                                                                        • Instruction Fuzzy Hash: D4B14271D052189FCF08EFE5D851BEEBBB5BF48308F14452EE10A6B282DB385945CB99
                                                                                        Function 00499F90 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 250windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00488640: ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP80(?,?,0049A02E,D8A7CFFC,?,?), ref: 0048864A
                                                                                          • Part of subcall function 00479BB0: GetSysColor.USER32(00000010), ref: 00479DFB
                                                                                        • GetModuleHandleW.KERNEL32(00000000,D8A7CFFC,?,?), ref: 0049A14F
                                                                                        • GetModuleHandleW.KERNEL32(00000000,D8A7CFFC,?,?), ref: 0049A16C
                                                                                        • memset.MSVCR80 ref: 0049A286
                                                                                        • SystemParametersInfoW.USER32(00000029,00000000,000001F8,00000000), ref: 0049A2A5
                                                                                        • CreateFontIndirectW.GDI32(?), ref: 0049A2AF
                                                                                        • LoadIconW.USER32(00000000,00007F01), ref: 0049A31D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: HandleModule$??0?$basic_string@_ColorCreateFontIconIndirectInfoLoadParametersSystemU?$char_traits@_V?$allocator@_W@2@@std@@W@std@@memset
                                                                                        • String ID: p
                                                                                        • API String ID: 89581510-2181537457
                                                                                        • Opcode ID: a881004d8c46297404a52378e96728856b1f8b23cb2602775ab0371babacd52b
                                                                                        • Instruction ID: 0b2ca985f61fbf1d9d73a94fc23b706029f1d57e4e767938025d9d6251a87b1b
                                                                                        • Opcode Fuzzy Hash: a881004d8c46297404a52378e96728856b1f8b23cb2602775ab0371babacd52b
                                                                                        • Instruction Fuzzy Hash: 46C13230901158EFDB24DFA4D859BADB7B1AF48304F2481DED50A6B382CB795E84CF55
                                                                                        Function 0050F480 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 216COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: _mAnnnYca@aM_
                                                                                        • API String ID: 0-3995523097
                                                                                        • Opcode ID: d785f2585446dacc2ea26e3cd8fc161da3962a7f22c1aaa8b953898c058bd1e2
                                                                                        • Instruction ID: 03f3f580957dd8d98fe766c3b08c4ea85ac32c8ace33bb22cf726ef2f4b4dfae
                                                                                        • Opcode Fuzzy Hash: d785f2585446dacc2ea26e3cd8fc161da3962a7f22c1aaa8b953898c058bd1e2
                                                                                        • Instruction Fuzzy Hash: 51A12CB1A4021A9FDB24DF54DC95FEEB775BF88304F1082E8E50967281DB31AA80CF91
                                                                                        Function 0050F080 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 129fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                          • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                        • SetFileAttributesW.KERNEL32(00000000,00000080,?,?,D8A7CFFC), ref: 0050F10D
                                                                                        • CreateFileW.KERNEL32(00000000,001F01FF,00000000,00000000,00000003,00000000,00000000,?,?,D8A7CFFC), ref: 0050F134
                                                                                          • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Fileclock$AllocatorAttributesCreateDebugHeap
                                                                                        • String ID: CMCEData::FlushToDisk()$Couldn't open a file to flush MCE data to disk: %s$_mAnnnYca@aM_$h-Z
                                                                                        • API String ID: 3526691834-3819927071
                                                                                        • Opcode ID: c250c6d348c6a577bac95d433ffd8b1c35fd8412c96bf1b7ac210eb878312dd3
                                                                                        • Instruction ID: 3fd365fe576ff881e40a2fa1f18d14bb5eaede2e8814e90bc3ea97a76a5821e3
                                                                                        • Opcode Fuzzy Hash: c250c6d348c6a577bac95d433ffd8b1c35fd8412c96bf1b7ac210eb878312dd3
                                                                                        • Instruction Fuzzy Hash: 62517C70E44318ABEB24DB64DC46BEAB774FB94700F0082ADE619672C1DF792A84CF54
                                                                                        Function 016D75E0 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 82COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvCreateImageHeader.CXCORE099(?,?,?,?,00000000,?,016D7709,00000000,?,00000000,?,00000000), ref: 016D7639
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016D7643
                                                                                        • cvError.CXCORE099(000000FF,icvRetrieveImage,Inner function failed.,.\cximage.cpp,00000059), ref: 016D765F
                                                                                        • cvSetData.CXCORE099(00000000,?,?), ref: 016D7679
                                                                                          • Part of subcall function 0169FEC0: cvReleaseData.CXCORE099(?), ref: 0169FEE5
                                                                                          • Part of subcall function 0169FEC0: cvError.CXCORE099(000000F3,cvSetData,0174124F,.\cxarray.cpp,0000042A), ref: 0169FF6B
                                                                                        • cvReleaseMat.CXCORE099(?,00000000,?,?), ref: 016D76A3
                                                                                          • Part of subcall function 0169EF00: cvError.CXCORE099(000000F7,cvReleaseMat,0174124F,.\cxarray.cpp,000000E3), ref: 0169EF1E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$DataRelease$CreateHeaderImageStatus
                                                                                        • String ID: .\cximage.cpp$Inner function failed.$The object is neither an image, nor a matrix$icvRetrieveImage
                                                                                        • API String ID: 2563584119-3219189431
                                                                                        • Opcode ID: 844cbcf527f37b39a24ca499b414c6a9b382d389ceef3b1f6e8bf09831cf4ba0
                                                                                        • Instruction ID: 37e0d79f6bf5b4537b9424492e2be299f68b76b459f0cec551a7415b5b5836eb
                                                                                        • Opcode Fuzzy Hash: 844cbcf527f37b39a24ca499b414c6a9b382d389ceef3b1f6e8bf09831cf4ba0
                                                                                        • Instruction Fuzzy Hash: 7C21F1F2E003216FD708DB58DC50E2AB795EB94710F054A9DFA159B391E730EC008BD6
                                                                                        Function 0041D3A0 Relevance: 18.2, APIs: 12, Instructions: 178COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(?,D8A7CFFC,D8A7CFFC,D8A7CFFC), ref: 0041D427
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(?,D8A7CFFC,D8A7CFFC,D8A7CFFC), ref: 0041D453
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,?,D8A7CFFC,D8A7CFFC,D8A7CFFC), ref: 0041D478
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,?,D8A7CFFC,D8A7CFFC,D8A7CFFC), ref: 0041D48C
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,D8A7CFFC,D8A7CFFC,D8A7CFFC), ref: 0041D4B3
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,D8A7CFFC,D8A7CFFC,D8A7CFFC), ref: 0041D4DE
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,D8A7CFFC,D8A7CFFC,D8A7CFFC), ref: 0041D506
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,?,D8A7CFFC,D8A7CFFC,D8A7CFFC), ref: 0041D532
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041D557
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041D56B
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041D592
                                                                                        • ?Draw@CxImage@@QAEJPAUHDC__@@ABUtagRECT@@PAU3@_N@Z.CXIMAGECRT(00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000,00000000,?,00000000,00000000), ref: 0041D5BD
                                                                                          • Part of subcall function 00412790: BitBlt.GDI32(FFFFFFFF,?,?,?,?,?,?,?,00CC0020), ref: 00412805
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Image@@$C__@@Draw@U3@_Utag$Width@$Height@$ClientRect
                                                                                        • String ID:
                                                                                        • API String ID: 800822957-0
                                                                                        • Opcode ID: 48e4cdac09fd2584f099d7bad379a9fdd4af48967efff26b200e1ab649f63517
                                                                                        • Instruction ID: 8b69319c21aec3ddee00cb00959702adc85bce415fb2168130725632d218664d
                                                                                        • Opcode Fuzzy Hash: 48e4cdac09fd2584f099d7bad379a9fdd4af48967efff26b200e1ab649f63517
                                                                                        • Instruction Fuzzy Hash: C671B3B5D002099FDB18EFA8D991BEEBBB5AF48304F20412EE515B7381DB342A45CF65
                                                                                        Function 00406B70 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 325stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetClassNameW.USER32(?,00000000,00000008), ref: 00406BCD
                                                                                        • lstrcmpiW.KERNEL32(00000000,static), ref: 00406BE4
                                                                                          • Part of subcall function 00407320: GetWindowLongW.USER32(-00000004,000000F0), ref: 00407331
                                                                                          • Part of subcall function 00406840: GetWindowLongW.USER32(?,000000F0), ref: 0040684F
                                                                                        • LoadCursorW.USER32(00000000,00007F89), ref: 00406C72
                                                                                        • GetStockObject.GDI32(0000000D), ref: 00406CC9
                                                                                        • memset.MSVCR80 ref: 00406D0D
                                                                                        • CreateFontIndirectW.GDI32(00000000), ref: 00406D7E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: LongWindow$ClassCreateCursorFontIndirectLoadNameObjectStocklstrcmpimemset
                                                                                        • String ID: Anchor Color$Anchor Color Visited$Software\Microsoft\Internet Explorer\Settings$static
                                                                                        • API String ID: 537339791-2739629574
                                                                                        • Opcode ID: 99ecedde21c05c3d22bbeafe7e2b67f4cdb7fe62b879cd42fd35616c0f2689b9
                                                                                        • Instruction ID: 199e44e7be4628ee2e688c610ba56af09b0a08d7a3a9a70c30624c5daa12086b
                                                                                        • Opcode Fuzzy Hash: 99ecedde21c05c3d22bbeafe7e2b67f4cdb7fe62b879cd42fd35616c0f2689b9
                                                                                        • Instruction Fuzzy Hash: 45E14970A042689FDB64DB65CC49BAEB7B1AF04304F1042EAE54A772D2DB346EC4CF59
                                                                                        Function 004AAFD0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 254COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: clock$AllocatorDebugHeapfflushfwprintf
                                                                                        • String ID: CEffectStack::SelectEffect$Effect pointer is NULL.$No such effect found in stack$AN
                                                                                        • API String ID: 2739697835-3664681806
                                                                                        • Opcode ID: 221cc7908e8e233be853d1dd1845420aec90c9ea438a58ddf34726c8fe8ac0e0
                                                                                        • Instruction ID: 60628f8e65fa033cdeac9a30f19292ee3b75e2ecbf0df95034a13fcf3e9652a5
                                                                                        • Opcode Fuzzy Hash: 221cc7908e8e233be853d1dd1845420aec90c9ea438a58ddf34726c8fe8ac0e0
                                                                                        • Instruction Fuzzy Hash: FEB13A70E00208DFDB14DFA9C895BEEBBB5FF59314F10811EE415AB292DB786905CB98
                                                                                        Function 016A2450 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 161COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvPtr2D.CXCORE099(?,00000000,00000000,00000000), ref: 016A24D7
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016A24E1
                                                                                        • cvError.CXCORE099(000000FF,cvGetRawData,Inner function failed.,.\cxarray.cpp,000004B6), ref: 016A2500
                                                                                        • cvError.CXCORE099(000000FB,cvGetRawData,unrecognized or unsupported array type,.\cxarray.cpp,000004E4), ref: 016A2600
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Ptr2Status
                                                                                        • String ID: .\cxarray.cpp$Inner function failed.$Only continuous nD arrays are supported here$cvGetRawData$unrecognized or unsupported array type
                                                                                        • API String ID: 3259787191-3229946207
                                                                                        • Opcode ID: 5140ca1276a08f8cb7d8a037ee8ff8ecd6c59a0e1a1adb94b2e207d3e6b1b8c0
                                                                                        • Instruction ID: b05840ba28162ff93bc885fc665cda8c5decd1a19a424d69f4e0ab61aa50497e
                                                                                        • Opcode Fuzzy Hash: 5140ca1276a08f8cb7d8a037ee8ff8ecd6c59a0e1a1adb94b2e207d3e6b1b8c0
                                                                                        • Instruction Fuzzy Hash: 3C519AB17443018BDB21CF2DEC70B26BBE5FF80620F59496DE99297791D330EC458A90
                                                                                        Function 005139F0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 149memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,?,?,D8A7CFFC), ref: 00513A57
                                                                                        • ~_Mpunct.LIBCPMTD ref: 00513AF1
                                                                                          • Part of subcall function 004166C0: ?DestroyFrames@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166D3
                                                                                          • Part of subcall function 004166C0: ?Destroy@CxImage@@QAE_NXZ.CXIMAGECRT(?,?,0050679A,You have selected an image with the dimension larger than 3000x2000.,00000000,00000000), ref: 004166DB
                                                                                        • ??2@YAPAXI@Z.MSVCR80(000001C4,352x288,?,?,?,?,00000000,?,?,D8A7CFFC), ref: 00513B1A
                                                                                        • ??0CxImage@@QAE@ABV0@_N11@Z.CXIMAGECRT(?,00000001,00000001,00000001,00000000,?,?,D8A7CFFC), ref: 00513B48
                                                                                        • ~_Mpunct.LIBCPMTD ref: 00513B85
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 00513A74
                                                                                          • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                          • Part of subcall function 0050DF50: _DebugHeapAllocator.LIBCPMTD ref: 0050DF91
                                                                                          • Part of subcall function 0050DF50: _DebugHeapAllocator.LIBCPMTD ref: 0050DFAD
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 00513BCC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$Image@@$Mpunct$??2@DestroyDestroy@Frames@N11@V0@_
                                                                                        • String ID: %d.png$352x288$352x288
                                                                                        • API String ID: 1128305235-4221946874
                                                                                        • Opcode ID: 3d3a3092ae457ba20b6bf654cef30ca65db4711d383323e92277891cfebd2fe8
                                                                                        • Instruction ID: 81933645b3eb8f3328e915e61d60693adeebe1464ca0442654379e8e1d16d656
                                                                                        • Opcode Fuzzy Hash: 3d3a3092ae457ba20b6bf654cef30ca65db4711d383323e92277891cfebd2fe8
                                                                                        • Instruction Fuzzy Hash: F07116B0D01259DADB24EB64D899BEEBBB4BB04304F1086EDE419A72C1DB745F84CF94
                                                                                        Function 017250B0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 135COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: .\cxpersistence.cpp$Invalid data type specification$Too long data type specification$icvDecodeFormat$ucwsifdr
                                                                                        • API String ID: 0-2730254172
                                                                                        • Opcode ID: 5bc5fdb753e771dcf026bc13886d11a4b061d70a72c86cc989e2b256f2613be8
                                                                                        • Instruction ID: 1daebd1c6c8c7d3c044c67fd2fcda239533f3cc2ec2592577634058d42796d51
                                                                                        • Opcode Fuzzy Hash: 5bc5fdb753e771dcf026bc13886d11a4b061d70a72c86cc989e2b256f2613be8
                                                                                        • Instruction Fuzzy Hash: 454137B2A0431A4FD7208F2CED057AAF7A4FBC1215F18456DED44D7285E771E60AC7A2
                                                                                        Function 016A2070 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 110memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvAlloc.CXCORE099(0000001C), ref: 016A20E4
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016A20F2
                                                                                        • cvError.CXCORE099(FFFFFF37,cvCreateMatHeader,Non-positive width or height,.\cxarray.cpp,00000088), ref: 016A2188
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016A2190
                                                                                        • cvReleaseMat.CXCORE099(?), ref: 016A219E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Status$AllocErrorRelease
                                                                                        • String ID: .\cxarray.cpp$Inner function failed.$Invalid matrix type$Non-positive width or height$cvCreateMatHeader
                                                                                        • API String ID: 3584650851-3203345803
                                                                                        • Opcode ID: 075e3e4f12959f74833f6ff518dea0ed65a1d7c112d0e81b5fb0b90b8cef944e
                                                                                        • Instruction ID: d82cf2a8270304bfadeea8d2559265e4aa5c4c996f96577337518ad3d9bf766b
                                                                                        • Opcode Fuzzy Hash: 075e3e4f12959f74833f6ff518dea0ed65a1d7c112d0e81b5fb0b90b8cef944e
                                                                                        • Instruction Fuzzy Hash: E33179B27847065BD720DE29EC61616F2D2ABA0722F544B2EF762D6AC0D7B0FC014B41
                                                                                        Function 016C7360 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 105memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,icvGoNextMemBlock,0174124F,.\cxdatastructs.cpp,0000010A,0169F731,00000000,?,00000000), ref: 016C7385
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvAlloc.CXCORE099(?,0169F731,00000040,0169F731,00000000,?,00000000), ref: 016C73B0
                                                                                        • cvGetErrStatus.CXCORE099(00000000,?,00000000), ref: 016C73BA
                                                                                        • cvError.CXCORE099(000000FF,icvGoNextMemBlock,Inner function failed.,.\cxdatastructs.cpp,0000011A,00000040,0169F731,00000000,?,00000000), ref: 016C73FD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorStatus$Alloc
                                                                                        • String ID: .\cxdatastructs.cpp$Inner function failed.$icvGoNextMemBlock
                                                                                        • API String ID: 3337846118-4078816260
                                                                                        • Opcode ID: 8e89eb43e2ce012a13104ea51ee914ae10de7be11628c9f1978e150f1844b353
                                                                                        • Instruction ID: dbd48d4ac5d084630832c514dd2b4e5140d9c536d96d0be2d7f47d65a30fe879
                                                                                        • Opcode Fuzzy Hash: 8e89eb43e2ce012a13104ea51ee914ae10de7be11628c9f1978e150f1844b353
                                                                                        • Instruction Fuzzy Hash: A031A0B2A413069BCB10EF19EC81836FBA5FB40E10758C56DE9588B706D731E895CBA5
                                                                                        Function 005047C0 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0_Lockit@std@@QAE@H@Z.MSVCP80(00000000,D8A7CFFC,?,?,?,00000000,00538D49,000000FF,?,0050405E,?), ref: 005047EA
                                                                                        • ??Bid@locale@std@@QAEIXZ.MSVCP80(?,?,?,00000000,00538D49,000000FF,?,0050405E), ref: 00504804
                                                                                        • ?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z.MSVCP80(00538D49,?,?,?,00000000,00538D49,000000FF,?,0050405E), ref: 00504814
                                                                                        • ??1_Lockit@std@@QAE@XZ.MSVCP80(00585C98,00585C98), ref: 00504898
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Getfacet@locale@std@@Vfacet@12@
                                                                                        • String ID: ^@P$bad cast
                                                                                        • API String ID: 2261832285-3230263104
                                                                                        • Opcode ID: 3b2a1131cef9067ba1ac1022581be8c82768a399d86bdfc45b63dcb7fc16c2e6
                                                                                        • Instruction ID: 824bbbae0ea1dedba38b35fd60e665a14d2ea96d15b6e9388a122e9d75c37290
                                                                                        • Opcode Fuzzy Hash: 3b2a1131cef9067ba1ac1022581be8c82768a399d86bdfc45b63dcb7fc16c2e6
                                                                                        • Instruction Fuzzy Hash: 4631F9B4D04209DFDB08DFA5E845AAEBBB5FF58310F108A2AE922A33D0DB745905DF50
                                                                                        Function 00499B60 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0_Lockit@std@@QAE@H@Z.MSVCP80(00000000,D8A7CFFC,?,00495099,00531878,000000FF,?,004968AA,00495099,?), ref: 00499B8A
                                                                                        • ??Bid@locale@std@@QAEIXZ.MSVCP80(?,00495099,00531878,000000FF,?,004968AA,00495099,?), ref: 00499BA5
                                                                                        • ?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z.MSVCP80(?,?,00495099,00531878,000000FF,?,004968AA,00495099,?), ref: 00499BB5
                                                                                        • ??1_Lockit@std@@QAE@XZ.MSVCP80(?,?,00495099), ref: 00499C3A
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Getfacet@locale@std@@Vfacet@12@
                                                                                        • String ID: bad cast
                                                                                        • API String ID: 2261832285-3145022300
                                                                                        • Opcode ID: e8d9317ff7b667e4345a0d9ab4755c0ed9f6fbdd2f1abd810e1704a9855df511
                                                                                        • Instruction ID: ac16ab481d142800d0c9b8599a912b67046f6ada141286fa39e373667d809841
                                                                                        • Opcode Fuzzy Hash: e8d9317ff7b667e4345a0d9ab4755c0ed9f6fbdd2f1abd810e1704a9855df511
                                                                                        • Instruction Fuzzy Hash: 9A31FDB4D04219DFDF04DF98EC44AAEBBB5FB58310F10862AE922A33A0D7785905DF55
                                                                                        Function 016D7190 Relevance: 17.6, APIs: 1, Strings: 9, Instructions: 69stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: strrchr
                                                                                        • String ID: .XML$.Xml$.YAML$.YML$.Yaml$.Yml$.xml$.yaml$.yml
                                                                                        • API String ID: 3418686817-136602290
                                                                                        • Opcode ID: f208787a0a7e845f1509456bd31139aa59159456d70c1e316dd9d385761873c1
                                                                                        • Instruction ID: 213fff87231ac6493868c25b7d4a6c98dd5c2351b74bb708521911c44f12021a
                                                                                        • Opcode Fuzzy Hash: f208787a0a7e845f1509456bd31139aa59159456d70c1e316dd9d385761873c1
                                                                                        • Instruction Fuzzy Hash: 4E11E827F0809817FBB4D02E5D643235887D3E936BF4ED1747609AB388FB258C426391
                                                                                        Function 0172B1F0 Relevance: 17.6, APIs: 4, Strings: 6, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvGetErrStatus.CXCORE099 ref: 0172B257
                                                                                        • cvError.CXCORE099(?,cvWriteFileNode,Invalid pointer to file storage,.\cxpersistence.cpp,00000D65), ref: 0172B2B6
                                                                                        • cvReleaseFileStorage.CXCORE099 ref: 0172B2C2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorFileReleaseStatusStorage
                                                                                        • String ID: .\cxpersistence.cpp$Inner function failed.$Invalid pointer to file storage$The file storage is opened for reading$YAML$cvWriteFileNode
                                                                                        • API String ID: 213452984-3870287194
                                                                                        • Opcode ID: 2a1a9b00fd893ba38e15cd4660afedb9e7946f1c0562334f7deec4a31e8db46d
                                                                                        • Instruction ID: e6aba7922a004b6e0a60a9737a3fe3ed9dc0ed466dd5f0d4a4ce076a48b7dfbf
                                                                                        • Opcode Fuzzy Hash: 2a1a9b00fd893ba38e15cd4660afedb9e7946f1c0562334f7deec4a31e8db46d
                                                                                        • Instruction Fuzzy Hash: C9115CF0A4C312A7DB25AA29DC66F3EF7CC9B12604F400A5CFD11A61C6E7B1A0468117
                                                                                        Function 00403D80 Relevance: 16.9, APIs: 11, Instructions: 407COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Image$Ipow
                                                                                        • String ID:
                                                                                        • API String ID: 2361920412-0
                                                                                        • Opcode ID: ae5365c12a2100a1903be52b5529a37c0f6dfca9bd181234086edb2fe99e62fb
                                                                                        • Instruction ID: 2a68433d30ada8fa05db26af022ad57aeecc5f41bf496e9e98d865bd8f4dde78
                                                                                        • Opcode Fuzzy Hash: ae5365c12a2100a1903be52b5529a37c0f6dfca9bd181234086edb2fe99e62fb
                                                                                        • Instruction Fuzzy Hash: 180255B0608301CFC314DF29D585A5ABBF1FF88304F11899DE9999B2A6D731E865CF86
                                                                                        Function 004087B0 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 464memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetSystemMetrics.USER32(00000004), ref: 004087E6
                                                                                          • Part of subcall function 0040DA70: SetWindowPos.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,0040880B,?,?,0040880B,00000000,00000000,00000000,000001E2,-0000012B), ref: 0040DA95
                                                                                          • Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD
                                                                                          • Part of subcall function 00406670: GetParent.USER32 ref: 0040669A
                                                                                          • Part of subcall function 00406670: GetWindowRect.USER32(?,?), ref: 004066C0
                                                                                          • Part of subcall function 00406670: GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
                                                                                          • Part of subcall function 00406670: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D
                                                                                          • Part of subcall function 004CB5F0: SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004CB626
                                                                                          • Part of subcall function 004CB5F0: _wmkdir.MSVCR80 ref: 004CB633
                                                                                          • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                          • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                                        • MoveWindow.USER32(00000000,?,00000485,00000015,0000002D,00000052,00000017,00000000,00000117,000000C6,000000AF,00000017,00000001,00000000,?,0000048A), ref: 00408C6C
                                                                                        • MoveWindow.USER32(00000000,?,0000048B,0000011C,00000104,00000058,00000017,00000000), ref: 00408CA4
                                                                                        • MoveWindow.USER32(00000000,?,0000048C,0000017A,00000104,00000058,00000017,00000000), ref: 00408CDC
                                                                                        • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00408D50
                                                                                        • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00408DF3
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 00408E57
                                                                                        Strings
                                                                                        • http://manycam.com/help/effects, xrefs: 00408A61
                                                                                        • \ManyCam\TempBackgroundPreview, xrefs: 00408853
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$AllocatorDebugHeapMove$ParentSystem$Base::Concurrency::details::Concurrency::task_options::get_schedulerFileFindFirstFolderInfoLongMetricsParametersPathPolicyRectSchedulerSpecial_wmkdir
                                                                                        • String ID: \ManyCam\TempBackgroundPreview$http://manycam.com/help/effects
                                                                                        • API String ID: 802195438-2992585156
                                                                                        • Opcode ID: ad0380625fa3cecf4b5e51684995b29088e82c278d6510ee7f53ab51bdbc22ca
                                                                                        • Instruction ID: 373e2faf4f294b9354e902988eb878b0a96774ffebd8d1961b2fcec7c08dd6c9
                                                                                        • Opcode Fuzzy Hash: ad0380625fa3cecf4b5e51684995b29088e82c278d6510ee7f53ab51bdbc22ca
                                                                                        • Instruction Fuzzy Hash: 11121F70A041189BEB24EB55CD91BED7775AF44308F0044EEA20E7B2C2DE796E94CF69
                                                                                        Function 004099E0 Relevance: 16.2, APIs: 7, Strings: 2, Instructions: 433memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • memset.MSVCR80 ref: 00409A4E
                                                                                          • Part of subcall function 0040F0F0: SendMessageW.USER32(-0000012F,00000147,00000000,00000000), ref: 0040F106
                                                                                        • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00409AD9
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 00409B1D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorBase::Concurrency::details::DebugHeapMessagePolicySchedulerSendmemset
                                                                                        • String ID: New category...$mce
                                                                                        • API String ID: 1679045135-800315401
                                                                                        • Opcode ID: 84cff37b60f26b6a8f6ffd572ec932ad64bfde54e516b5dd0315aff2655b6aaf
                                                                                        • Instruction ID: f62fc7b589a48f9eaf1a8544f81ff00b290309f3dd4f0067dcca3c15644f716f
                                                                                        • Opcode Fuzzy Hash: 84cff37b60f26b6a8f6ffd572ec932ad64bfde54e516b5dd0315aff2655b6aaf
                                                                                        • Instruction Fuzzy Hash: B5121D719012199BCB24EB65CC99BAEB7B5AF44304F1041EEE10AB72D1DB386F84CF59
                                                                                        Function 004D1350 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 253COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                          • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                        • GetTickCount.KERNEL32 ref: 004D1414
                                                                                        • GetTickCount.KERNEL32 ref: 004D1444
                                                                                        • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D14CE
                                                                                          • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                        Strings
                                                                                        • CPlayList::SetPlaybackMode (%s), xrefs: 004D1387
                                                                                        • Playback mode is now %s., xrefs: 004D165E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: CountTickclock$AllocatorConcurrency::cancellation_token_source::~cancellation_token_sourceDebugHeap
                                                                                        • String ID: CPlayList::SetPlaybackMode (%s)$Playback mode is now %s.
                                                                                        • API String ID: 1115989059-4040813284
                                                                                        • Opcode ID: 263e4469555b9ead60d827bbea961355ac1bf97b033ce6d991a803799773ecf7
                                                                                        • Instruction ID: 9d0510614a657932bc22ac5f2c18324a99722429085df9436aa323c14c0834bd
                                                                                        • Opcode Fuzzy Hash: 263e4469555b9ead60d827bbea961355ac1bf97b033ce6d991a803799773ecf7
                                                                                        • Instruction Fuzzy Hash: 66B14CB0E04218EFDB04DFD8C8A5BAEBBB1BF44308F10815EE8066B395DB789945CB55
                                                                                        Function 016A05B0 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 165COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvGetMat.CXCORE099(?,00000000,00000000,00000000), ref: 016A05DC
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016A05E6
                                                                                        • cvError.CXCORE099(000000FF,cvGetDiag,Inner function failed.,.\cxarray.cpp,00000661), ref: 016A0605
                                                                                        • cvError.CXCORE099(000000E5,cvGetDiag,0174124F,.\cxarray.cpp,00000664), ref: 016A0633
                                                                                        • cvError.CXCORE099(FFFFFF2D,cvGetDiag,0174124F,.\cxarray.cpp,00000676), ref: 016A068F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status
                                                                                        • String ID: .\cxarray.cpp$Inner function failed.$cvGetDiag
                                                                                        • API String ID: 483703942-1712979701
                                                                                        • Opcode ID: 19e7517710c95eca371f13cfbd8bc98781066b063e637e60c2a87f2eeca3a5a6
                                                                                        • Instruction ID: 15f9c19ef514f4bfa0928abe630c7a27b8085ae93fb7932804a5d54920b77ba5
                                                                                        • Opcode Fuzzy Hash: 19e7517710c95eca371f13cfbd8bc98781066b063e637e60c2a87f2eeca3a5a6
                                                                                        • Instruction Fuzzy Hash: 9E418CB3B407100BC7149F2EEC91A16F3D2FFD0624B9E427EE50597792E7B1B90449A4
                                                                                        Function 016E1120 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 130COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvGetMat.CXCORE099(?,?,00000000,00000001), ref: 016E1152
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016E115C
                                                                                        • cvError.CXCORE099(000000FF,cvCheckArr,Inner function failed.,.\cxmathfuncs.cpp,000007A2), ref: 016E117B
                                                                                        • cvError.CXCORE099(FFFFFF2D,cvCheckArr,CheckArray failed,.\cxmathfuncs.cpp,000007C1,?,?,?,?,?), ref: 016E1242
                                                                                        • cvError.CXCORE099(FFFFFF2E,cvCheckArr,0174124F,.\cxmathfuncs.cpp,000007BB), ref: 016E126D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status
                                                                                        • String ID: .\cxmathfuncs.cpp$CheckArray failed$Inner function failed.$cvCheckArr
                                                                                        • API String ID: 483703942-3389742276
                                                                                        • Opcode ID: 328c6bf426182613ea84af84b9daa131674c2cf1318560960b0c76347d697943
                                                                                        • Instruction ID: 224e17b5d8f65ddb333678ab8aa4c00190a8d20f41d4907c67c2da39d3c538f0
                                                                                        • Opcode Fuzzy Hash: 328c6bf426182613ea84af84b9daa131674c2cf1318560960b0c76347d697943
                                                                                        • Instruction Fuzzy Hash: 2131A0F2B087016BDB14691DDC85E7BF3E5EB89620F440B6DF995D3380D372E88542A2
                                                                                        Function 0050E050 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 116memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0050E09D
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0050E0C5
                                                                                          • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4E3
                                                                                          • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4FF
                                                                                        • ??0CxImage@@QAE@PAEKK@Z.CXIMAGECRT(&<Q,?,00000000,?,?,?,&<Q), ref: 0050E12E
                                                                                        • ?Encode2RGBA@CxImage@@QAE_NAAPAEAAJ_N@Z.CXIMAGECRT(00000000,00000000,00000000,&<Q,?,00000000,?,?,?,&<Q), ref: 0050E155
                                                                                        • ?GetHeight@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,&<Q,?,00000000,?,?,?,&<Q), ref: 0050E160
                                                                                        • ?GetWidth@CxImage@@QBEKXZ.CXIMAGECRT(00000000,00000000,00000000,00000000,&<Q,?,00000000,?,?,?,&<Q), ref: 0050E16C
                                                                                        • ??3@YAXPAX@Z.MSVCR80(?,00000000,?,?,00000008,00000004,00000000,00000004,00000000,00000000,00000000,00000000,00000000,&<Q,?,00000000), ref: 0050E1B7
                                                                                        • ~_Mpunct.LIBCPMTD ref: 0050E1D3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeapImage@@$??3@Encode2Height@MpunctWidth@
                                                                                        • String ID: &<Q
                                                                                        • API String ID: 2867035028-2887711709
                                                                                        • Opcode ID: fbbaa05d77a0a2c3aee7ba4de5523e50d8f2c9dc1e9e8a6a3e8fff9c4fd9968c
                                                                                        • Instruction ID: 4fa1d1e2ea6a526748637154a1db03ed3227427cf2602f353b57d12039db24cc
                                                                                        • Opcode Fuzzy Hash: fbbaa05d77a0a2c3aee7ba4de5523e50d8f2c9dc1e9e8a6a3e8fff9c4fd9968c
                                                                                        • Instruction Fuzzy Hash: 175137B1D00259AFDB14EF54CC46BEEBBB8AF54304F1082ADE519A7281DB746B84CF90
                                                                                        Function 004197E0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 80memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                          • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                          • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                          • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0041987F
                                                                                          • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                          • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                          • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004198BD
                                                                                        • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,0000047D,00000046,0053E730,data\images\backgroundControl\background\,00000046,?,?,D8A7CFFC,?,0000047D,00000023,00000046), ref: 004198E0
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$Image@@Load@
                                                                                        • String ID: .png$0S$LS$`S$data\images\backgroundControl\background\$S
                                                                                        • API String ID: 1315443971-3997788365
                                                                                        • Opcode ID: 02809580c12525f98958325a7bfa43803c747b7b9b7e3c1d56384f9c16ba48a1
                                                                                        • Instruction ID: c255484564948487ca09c12a6e8e79ec8d091f34d803f33d82e763e2732db065
                                                                                        • Opcode Fuzzy Hash: 02809580c12525f98958325a7bfa43803c747b7b9b7e3c1d56384f9c16ba48a1
                                                                                        • Instruction Fuzzy Hash: B13114B1D11288EBDB08EF95D886BDEBBF4FB05308F10452EE4117B281DB741949CB99
                                                                                        Function 00504470 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0_Lockit@std@@QAE@H@Z.MSVCP80(00000000,D8A7CFFC,?,00538D19,000000FF,?,005028F6,?,?,00000000,00000001), ref: 0050449A
                                                                                        • ??Bid@locale@std@@QAEIXZ.MSVCP80(?,005028F6,?,?,00000000), ref: 005044B4
                                                                                        • ?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z.MSVCP80(005028F6,?,005028F6,?,?,00000000), ref: 005044C4
                                                                                        • ??1_Lockit@std@@QAE@XZ.MSVCP80(00585C98,00585C98), ref: 00504548
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Lockit@std@@$??0_??1_Bid@locale@std@@Getfacet@locale@std@@Vfacet@12@
                                                                                        • String ID: bad cast
                                                                                        • API String ID: 2261832285-3145022300
                                                                                        • Opcode ID: 923687adefb6f0c19f08b85b92506c3169178af31264b40b8c27a0d15710eb83
                                                                                        • Instruction ID: daf008f5657916d2d0eedf94b6e793cb89aacae9b3ddac5973414a6306a2ac1a
                                                                                        • Opcode Fuzzy Hash: 923687adefb6f0c19f08b85b92506c3169178af31264b40b8c27a0d15710eb83
                                                                                        • Instruction Fuzzy Hash: CE31F7B5D04209DFDB18DFA4EC45AAEBBB4FB58310F10862AE922A33D0DB745945DF50
                                                                                        Function 01724500 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000FE,icvXMLStartWriteStruct,An extra closing tag,.\cxpersistence.cpp,00000934), ref: 01724527
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvGetErrStatus.CXCORE099 ref: 01724548
                                                                                        • cvError.CXCORE099(000000FF,icvXMLStartWriteStruct,Inner function failed.,.\cxpersistence.cpp,00000936), ref: 01724567
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorStatus
                                                                                        • String ID: .\cxpersistence.cpp$An extra closing tag$Inner function failed.$icvXMLStartWriteStruct
                                                                                        • API String ID: 1596131371-651475469
                                                                                        • Opcode ID: 3f9fec1c2ea8275af5e468369bbf650586322761ba292610c5cd41ac0409f56e
                                                                                        • Instruction ID: f397ac335810159548d7e9380b41e9ba532fa8ebcfe51314014c598e551031b5
                                                                                        • Opcode Fuzzy Hash: 3f9fec1c2ea8275af5e468369bbf650586322761ba292610c5cd41ac0409f56e
                                                                                        • Instruction Fuzzy Hash: BB1104B5A407016BD710FF2DDC52D57B3E4FF68614F804A5CF88953792E270F9418A96
                                                                                        Function 00402680 Relevance: 15.4, APIs: 10, Instructions: 409COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvSet.CXCORE099(?,?,?,?,?,?,00000000), ref: 004026F7
                                                                                        • cvGEMM.CXCORE099(?,?), ref: 00402755
                                                                                        • _CIsqrt.MSVCR80 ref: 004027F6
                                                                                        • cvGEMM.CXCORE099(?,?), ref: 00402852
                                                                                        • cvSet2D.CXCORE099(?,?,?), ref: 004028DB
                                                                                        • cvGEMM.CXCORE099(?,?,?,00000000,?,00000000), ref: 00402925
                                                                                        • cvSet2D.CXCORE099(?,?,?), ref: 0040299E
                                                                                        • cvGEMM.CXCORE099(?,?,?,00000000,?,00000000), ref: 00402A4D
                                                                                        • cvGEMM.CXCORE099(?,?), ref: 00402ADA
                                                                                        • cvLine.CXCORE099(?,?,?,?,?), ref: 00402B4D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Set2$IsqrtLine
                                                                                        • String ID:
                                                                                        • API String ID: 2296038289-0
                                                                                        • Opcode ID: 5380ecd6c58ae11980828ad1f4b84ea6df1e54ba14efa23bf64b0481e8ed7457
                                                                                        • Instruction ID: 98af563dca7e08dae4733c818569099b16958337ef14baff457f1a71e3476642
                                                                                        • Opcode Fuzzy Hash: 5380ecd6c58ae11980828ad1f4b84ea6df1e54ba14efa23bf64b0481e8ed7457
                                                                                        • Instruction Fuzzy Hash: C8F16CB1A05601DFC305AF60D589A6ABFF0FF84740F614D88E4D5262A9E731D8B5CF86
                                                                                        Function 004057D0 Relevance: 15.1, APIs: 10, Instructions: 88COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,00000000), ref: 004057DA
                                                                                        • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,00000000), ref: 004057EC
                                                                                        • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,00000000), ref: 004057FE
                                                                                        • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405810
                                                                                          • Part of subcall function 004053A0: cvSet.CXCORE099(?,?,?,?,00000000,?,FFFFFFFE,?,00405829), ref: 004053C2
                                                                                          • Part of subcall function 004055D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,FFFFFFFE,?,?,?,00405837,?), ref: 004055E2
                                                                                          • Part of subcall function 004055D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,FFFFFFFE,?,?,?,00405837,?), ref: 004055F4
                                                                                          • Part of subcall function 004055D0: cvGEMM.CXCORE099(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFE), ref: 00405639
                                                                                          • Part of subcall function 004055D0: cvSet.CXCORE099(?), ref: 00405662
                                                                                          • Part of subcall function 004055D0: _CIcos.MSVCR80 ref: 004056A5
                                                                                          • Part of subcall function 004055D0: _CIsin.MSVCR80 ref: 004056BA
                                                                                          • Part of subcall function 00405740: cvSet.CXCORE099(?,?,?,?,00000000,?,FFFFFFFE,?,00405847), ref: 00405762
                                                                                        • cvGEMM.CXCORE099(?,?), ref: 0040586A
                                                                                        • cvGEMM.CXCORE099(?,?), ref: 00405895
                                                                                        • cvReleaseMat.CXCORE099(?), ref: 004058A2
                                                                                        • cvReleaseMat.CXCORE099(?), ref: 004058AF
                                                                                        • cvReleaseMat.CXCORE099(?), ref: 004058BC
                                                                                        • cvReleaseMat.CXCORE099(?), ref: 004058C9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Create$Release$IcosIsin
                                                                                        • String ID:
                                                                                        • API String ID: 2101255812-0
                                                                                        • Opcode ID: ca56298a2f5984f68f116382747911cee6aa4628ff14558b2bd9ab42edaa6797
                                                                                        • Instruction ID: 0f02d04bed9878b01ec6eb7d24bee74ec2e50252446297c38aea4db588333580
                                                                                        • Opcode Fuzzy Hash: ca56298a2f5984f68f116382747911cee6aa4628ff14558b2bd9ab42edaa6797
                                                                                        • Instruction Fuzzy Hash: E5215CB0A05702ABD610FB649C4BB1BBBA0AFC4704F444D2CFA94662C1EA71D528CB97
                                                                                        Function 004888F0 Relevance: 15.1, APIs: 10, Instructions: 73COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(D8A7CFFC,?,?,?,?,?,?,00530C89,000000FF), ref: 00488924
                                                                                        • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 00488936
                                                                                        • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 00488941
                                                                                        • ?capacity@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 00488952
                                                                                        • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 0048895D
                                                                                        • ??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z.MSVCP80(00000000,00000000,?,?,?,?,00530C89,000000FF), ref: 0048897B
                                                                                        • ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z.MSVCP80(?,?,?,?,?,00530C89,000000FF), ref: 00488998
                                                                                        • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP80(?,?,?,?,00530C89,000000FF), ref: 004889A8
                                                                                        • ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z.MSVCP80(00000000,00000000,?,?,?,?,00530C89,000000FF), ref: 004889B7
                                                                                        • ?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z.MSVCP80(00000000,?,?,?,?,00530C89,000000FF), ref: 004889C6
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$?append@?$basic_string@_V12@$?size@?$basic_string@D@2@@std@@D@std@@Myptr@?$basic_string@_U?$char_traits@V?$allocator@$??0?$basic_string@_??1?$basic_string@_?capacity@?$basic_string@_V12@@
                                                                                        • String ID:
                                                                                        • API String ID: 2582929383-0
                                                                                        • Opcode ID: 99d232171a17d203477813e664fcae17ef49d5089341ea70655ec06df161d3e9
                                                                                        • Instruction ID: cf8cf326054b3b9829f24e0287d30cae8bbcd3a7b8d77b238681494193127ac1
                                                                                        • Opcode Fuzzy Hash: 99d232171a17d203477813e664fcae17ef49d5089341ea70655ec06df161d3e9
                                                                                        • Instruction Fuzzy Hash: 62316F75900118EFDB04EF64D844AADBBB6FF98350F00852AF91697390DB349D45CF84
                                                                                        Function 004013A0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 261COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvCvtColor.CV099(?,?,00000007), ref: 0040147C
                                                                                        • cvError.CXCORE099(000000FB,cvCylInitModel,Invalid input frame.,.\src\cyltracker.cpp,00000126), ref: 00401675
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ColorError
                                                                                        • String ID: .\src\cyltracker.cpp$Invalid input frame.$Invalid model parameters were specified.$Null pointer to tracker context.$cvCylInitModel
                                                                                        • API String ID: 4088650746-2904168572
                                                                                        • Opcode ID: 839d2cbad712c6fb12a95abb139124923537f8022364e14e69f8706239253386
                                                                                        • Instruction ID: 1c253823393e59d8f389e9ec3cb6c3af1bef9396372c058acdeb4534553bb085
                                                                                        • Opcode Fuzzy Hash: 839d2cbad712c6fb12a95abb139124923537f8022364e14e69f8706239253386
                                                                                        • Instruction Fuzzy Hash: 0D81E5B2F04202ABC7027E50D9457DA7BA4FB80794F214E99E9DA711F5F33588718EC9
                                                                                        Function 004F1030 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 220COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: fseek$ftell
                                                                                        • String ID: zS
                                                                                        • API String ID: 1687442226-3280143790
                                                                                        • Opcode ID: e640e00341aeb39dc5ad3ada3b11ef7366c8acaf58e60699a3a6dc06e33046a1
                                                                                        • Instruction ID: d51d2314559d3de73f7ebb59d383f0640d42414dd441d265d43309b2b2205bb6
                                                                                        • Opcode Fuzzy Hash: e640e00341aeb39dc5ad3ada3b11ef7366c8acaf58e60699a3a6dc06e33046a1
                                                                                        • Instruction Fuzzy Hash: 409126B1E00249ABDB04DFD4DC92BFFBB71BF44300F10455AE611AB291DB796901CB99
                                                                                        Function 004D1BE0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 215COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                          • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                        • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D1D02
                                                                                        • Concurrency::cancellation_token_source::~cancellation_token_source.LIBCPMTD ref: 004D1D45
                                                                                          • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                        Strings
                                                                                        • CPlayList::ActivatePlayList (%s), xrefs: 004D1C12
                                                                                        • Couldn't activate item., xrefs: 004D1E4F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Concurrency::cancellation_token_source::~cancellation_token_sourceclock$AllocatorDebugHeap
                                                                                        • String ID: CPlayList::ActivatePlayList (%s)$Couldn't activate item.
                                                                                        • API String ID: 666216686-3135489573
                                                                                        • Opcode ID: 86a6ea1d549f1e14cb2df91f30b70f8bdc6fa07100872fae78ce2dc3a5dbc7fd
                                                                                        • Instruction ID: e5225bd3be3d0e3e30ba9f0653f38cf39164d32131126bfff1481db119ea4a1f
                                                                                        • Opcode Fuzzy Hash: 86a6ea1d549f1e14cb2df91f30b70f8bdc6fa07100872fae78ce2dc3a5dbc7fd
                                                                                        • Instruction Fuzzy Hash: 02A1E770D00208DFDB14DFA9C995BEDBBB1BF09318F20815EE4196B392DB786A45CB94
                                                                                        Function 004B2740 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 210memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CoTaskMemFree.OLE32(00000000,00000000), ref: 004B2816
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004B280A
                                                                                          • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004B284D
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004B287B
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004B2926
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004B2938
                                                                                        Strings
                                                                                        • ConnectionMediaType:, xrefs: 004B29CD
                                                                                        • - PIN Id=%s Name=%s Dir=%s ConnectedTo=%s (%s), xrefs: 004B29AF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$FreeTask
                                                                                        • String ID: - PIN Id=%s Name=%s Dir=%s ConnectedTo=%s (%s)$ConnectionMediaType:
                                                                                        • API String ID: 2977454536-3767152877
                                                                                        • Opcode ID: 7365bd653b06ff7014c07b105e705209bc8ea7cbefe77dba3365ebff6c9963ec
                                                                                        • Instruction ID: 9de56078743278097fdae2ef512013b449c6826a7b1472736913757348bad0bc
                                                                                        • Opcode Fuzzy Hash: 7365bd653b06ff7014c07b105e705209bc8ea7cbefe77dba3365ebff6c9963ec
                                                                                        • Instruction Fuzzy Hash: 77A114719041189FCB29EB65CD84BDEB7B4AF49304F5081DAE00AA7291DB746F88CFA4
                                                                                        Function 016D502E Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 194COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: memcpymemset
                                                                                        • String ID: .\cxdxt.cpp$OpenCV function failed$cvDFT
                                                                                        • API String ID: 1297977491-919547944
                                                                                        • Opcode ID: bdf718befe001b862e6c5ac0e91f41e5bb0c8a7c781532739a47f3f5273c6963
                                                                                        • Instruction ID: 3566acdb28d2e7044d96fde510fc620b838fe3c22d5890dbac567c9a7f9e61b4
                                                                                        • Opcode Fuzzy Hash: bdf718befe001b862e6c5ac0e91f41e5bb0c8a7c781532739a47f3f5273c6963
                                                                                        • Instruction Fuzzy Hash: D7714A71E00249DBDF28CF58DD80AAE77B9BB98344F15812AF91A97610E731ED41CB90
                                                                                        Function 004B91B0 Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 152memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                          • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004B91FE
                                                                                          • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                                        • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004B921B
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004B9286
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004B9292
                                                                                        • Concurrency::details::_CriticalNonReentrantLock::_Scoped_lock::_Scoped_lock.LIBCMTD ref: 004B9346
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004B937C
                                                                                          • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$Concurrency::details::_CriticalLock::_ReentrantScoped_lockScoped_lock::_clock
                                                                                        • String ID: CManyCamGraphMgr::AddFileInput$FILE%d
                                                                                        • API String ID: 2060279746-2550898069
                                                                                        • Opcode ID: 554f504c3c04030db831f41dac86bb6fd15d60918f1d20abac47e38e3ad480d2
                                                                                        • Instruction ID: f87271521a58759e14b5fc00be8376ac9ef0cf63084c1a11c79c4c9345c79b8d
                                                                                        • Opcode Fuzzy Hash: 554f504c3c04030db831f41dac86bb6fd15d60918f1d20abac47e38e3ad480d2
                                                                                        • Instruction Fuzzy Hash: 97616D70901248EFCB04EF95C995BDEBBB4BF14308F10856EF4166B2D2DB786A09CB95
                                                                                        Function 016A0160 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 130COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvGetMat.CXCORE099(?,00000000,00000000,00000000), ref: 016A018C
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016A0196
                                                                                        • cvError.CXCORE099(000000FF,cvGetRect,Inner function failed.,.\cxarray.cpp,000005C2), ref: 016A01B5
                                                                                        • cvError.CXCORE099(000000E5,cvGetRect,0174124F,.\cxarray.cpp,000005C5), ref: 016A01E3
                                                                                        • cvError.CXCORE099(FFFFFF37,cvGetRect,0174124F,.\cxarray.cpp,000005CC), ref: 016A02CD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status
                                                                                        • String ID: .\cxarray.cpp$Inner function failed.$cvGetRect
                                                                                        • API String ID: 483703942-2902011022
                                                                                        • Opcode ID: 9fd6b0318430a6c4fddcb788aa9dc3a2d99aa95fd12ea4d262cd720dfce8c482
                                                                                        • Instruction ID: 35e8878019a56617537ecf7f4b57e3c21ec9c421b0f28eea29c6867f7027d4f9
                                                                                        • Opcode Fuzzy Hash: 9fd6b0318430a6c4fddcb788aa9dc3a2d99aa95fd12ea4d262cd720dfce8c482
                                                                                        • Instruction Fuzzy Hash: F1418DB3B417001FC704DE19DC92F66B3A2EBD0616F89836DF65197386E370B9008A95
                                                                                        Function 016A0450 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 128COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvGetMat.CXCORE099(?,00000000,00000000,00000000), ref: 016A047C
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016A0486
                                                                                        • cvError.CXCORE099(000000FF,cvGetCols,Inner function failed.,.\cxarray.cpp,00000630), ref: 016A04A5
                                                                                        • cvError.CXCORE099(000000E5,cvGetCols,0174124F,.\cxarray.cpp,00000633), ref: 016A04D3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status
                                                                                        • String ID: .\cxarray.cpp$Inner function failed.$cvGetCols
                                                                                        • API String ID: 483703942-1345786062
                                                                                        • Opcode ID: 5e1ac430fd6e471597a631838092ffc6e7dd83168374bbaadc7f9eebbf4a0d58
                                                                                        • Instruction ID: b230a91294ee2997e135038ddffb10ea25290f874148487d25f78173ed140a45
                                                                                        • Opcode Fuzzy Hash: 5e1ac430fd6e471597a631838092ffc6e7dd83168374bbaadc7f9eebbf4a0d58
                                                                                        • Instruction Fuzzy Hash: D63169B3F007004BC714EF1DEC51A65B3D5FB90620F99836EE90597792E3B1BA448A95
                                                                                        Function 004055D0 Relevance: 13.6, APIs: 9, Instructions: 127COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,FFFFFFFE,?,?,?,00405837,?), ref: 004055E2
                                                                                        • cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,FFFFFFFE,?,?,?,00405837,?), ref: 004055F4
                                                                                          • Part of subcall function 00405430: cvSet.CXCORE099(?,?,?,?,?,?,?,00000000,?,?,00405609,00000000,?,?,?,?), ref: 00405455
                                                                                          • Part of subcall function 00405430: _CIcos.MSVCR80 ref: 004054AB
                                                                                          • Part of subcall function 00405430: _CIsin.MSVCR80 ref: 004054C0
                                                                                          • Part of subcall function 00405430: _CIcos.MSVCR80 ref: 00405513
                                                                                          • Part of subcall function 00405430: _CIsin.MSVCR80 ref: 00405528
                                                                                        • cvGEMM.CXCORE099(?,?,?,?,?,?,?,?,?,?,?,?,?,FFFFFFFE), ref: 00405639
                                                                                        • cvSet.CXCORE099(?), ref: 00405662
                                                                                        • _CIcos.MSVCR80 ref: 004056A5
                                                                                        • _CIsin.MSVCR80 ref: 004056BA
                                                                                        • cvGEMM.CXCORE099(?,?), ref: 00405714
                                                                                        • cvReleaseMat.CXCORE099(?), ref: 00405721
                                                                                        • cvReleaseMat.CXCORE099(?), ref: 0040572E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: IcosIsin$CreateRelease
                                                                                        • String ID:
                                                                                        • API String ID: 2556766011-0
                                                                                        • Opcode ID: 19b278f26bd2affd4bf5088c6fcf34e39657aa1821ccb0a828da2a4a6fc568fd
                                                                                        • Instruction ID: f31050a243995d0c5443df83b4ae895e9b552899debfb7c8d2f859130b8e0e61
                                                                                        • Opcode Fuzzy Hash: 19b278f26bd2affd4bf5088c6fcf34e39657aa1821ccb0a828da2a4a6fc568fd
                                                                                        • Instruction Fuzzy Hash: 8F416AB0A05701DBD310EF24E98AA1ABBB0FF84704F814D98F5D557296DB31E839CB96
                                                                                        Function 004A7F40 Relevance: 13.6, APIs: 9, Instructions: 127COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Delete
                                                                                        • String ID:
                                                                                        • API String ID: 1035893169-0
                                                                                        • Opcode ID: 027381e0a8d9cc06f36ac8957b2692d02a27fb112fce139c5847b74b9e663b06
                                                                                        • Instruction ID: 84041e226b1c2fd87843b1158a64503d8b67fa0500779cb20a2bc36cc8881071
                                                                                        • Opcode Fuzzy Hash: 027381e0a8d9cc06f36ac8957b2692d02a27fb112fce139c5847b74b9e663b06
                                                                                        • Instruction Fuzzy Hash: 8D512FB0914209ABEB04EFA4CD56FEEBB74AF14314F20412AF511772D1DB786E44CB69
                                                                                        Function 00403140 Relevance: 13.6, APIs: 9, Instructions: 124COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00402BB0: cvCreateImage.CXCORE099(?,?,00000008,00000001,?,?,00403181,?,?), ref: 00402BC0
                                                                                          • Part of subcall function 00402BB0: cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,00000000,?,0040120F), ref: 00402BD4
                                                                                          • Part of subcall function 00402BB0: cvCreateImage.CXCORE099(?,?,00000020,00000003,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BE9
                                                                                          • Part of subcall function 00402BB0: cvReleaseImage.CXCORE099(?,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BFE
                                                                                          • Part of subcall function 00402BB0: cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C10
                                                                                          • Part of subcall function 00402BB0: cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C22
                                                                                        • cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,0040120F), ref: 00403198
                                                                                        • cvCreateImage.CXCORE099(?,?,80000010,00000001,?,00000000,?,0040120F), ref: 004031AF
                                                                                        • cvCreateImage.CXCORE099(?,?,80000010,00000001,?,?,?,?,?,00000000,?,0040120F), ref: 004031C7
                                                                                        • cvReleaseImage.CXCORE099(00000000,?,00000000,?,0040120F), ref: 0040321A
                                                                                        • cvReleaseImage.CXCORE099(00000004,?,00000000,?,0040120F), ref: 0040322C
                                                                                        • cvReleaseImage.CXCORE099(-00000008,?,00000000,?,0040120F), ref: 0040323D
                                                                                        • cvReleaseImage.CXCORE099(?,?,00000000,?,0040120F), ref: 00403253
                                                                                        • cvReleaseImage.CXCORE099(00000000,?,00000000,?,0040120F), ref: 00403265
                                                                                        • cvReleaseImage.CXCORE099(?,?,00000000,?,0040120F), ref: 00403276
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Image$Release$Create
                                                                                        • String ID:
                                                                                        • API String ID: 810653722-0
                                                                                        • Opcode ID: 1d98beb3a53aab4c12813adeeefc3e19331db0e6fab2847f039cf9fe8a11b982
                                                                                        • Instruction ID: 1a79d18011980f8bb9dda7d5d5bd7389d244d0d6aefedc31b6f3b3b2419f781a
                                                                                        • Opcode Fuzzy Hash: 1d98beb3a53aab4c12813adeeefc3e19331db0e6fab2847f039cf9fe8a11b982
                                                                                        • Instruction Fuzzy Hash: 0031FAB5901202ABEB109E24DC45B57BB9CFF55302F08447AE904A33C1F379FA59C6A6
                                                                                        Function 004887A0 Relevance: 13.6, APIs: 9, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z.MSVCP80(00000000,D8A7CFFC,D8A7CFFC,?,?,00488794,D8A7CFFC,0049A100,0049A100), ref: 004887D9
                                                                                        • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(D8A7CFFC,?,?,00488794,D8A7CFFC,0049A100,0049A100), ref: 004887E7
                                                                                        • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,00488794,D8A7CFFC,0049A100,0049A100), ref: 004887F5
                                                                                        • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(?,00488794,D8A7CFFC,0049A100,0049A100), ref: 00488800
                                                                                        • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,?,00488794,D8A7CFFC,0049A100,0049A100), ref: 00488819
                                                                                        • ?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z.MSVCP80(?,00000000,?,?,00488794,D8A7CFFC,0049A100,0049A100), ref: 0048882E
                                                                                        • ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z.MSVCP80(?,?,?,00488794,D8A7CFFC,0049A100,0049A100), ref: 0048884B
                                                                                        • ??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ.MSVCP80(?,?,00488794,D8A7CFFC,0049A100,0049A100), ref: 0048885B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$Myptr@?$basic_string@_$V12@$??1?$basic_string@_??4?$basic_string@_?erase@?$basic_string@_?size@?$basic_string@?substr@?$basic_string@_D@2@@std@@D@std@@U?$char_traits@V01@V01@@V?$allocator@
                                                                                        • String ID:
                                                                                        • API String ID: 731949045-0
                                                                                        • Opcode ID: 2f69720e727eced4ed2275371a078fe7476b196afe62a487cd70bae6314d5383
                                                                                        • Instruction ID: 4406f9edcf3e418624fedf0353d0674b6ffa21746b1b988d8d39eeb2d4d24482
                                                                                        • Opcode Fuzzy Hash: 2f69720e727eced4ed2275371a078fe7476b196afe62a487cd70bae6314d5383
                                                                                        • Instruction Fuzzy Hash: 5C314D31900108EFDB04EF59E898A9DBBB6FB98350F40C52AF91A973A0DB30A944DF54
                                                                                        Function 004B14B0 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 372COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                          • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                        • _Smanip.LIBCPMTD ref: 004B152C
                                                                                          • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: clock$AllocatorDebugHeapSmanip
                                                                                        • String ID: CGraphMgr::AdjustCameraResolution (size=%dx%d)$vids
                                                                                        • API String ID: 3240802707-243107872
                                                                                        • Opcode ID: 0b9f26486d5ca748ff65b87eaf69692d820365cf5d3d260ad1582382175653d3
                                                                                        • Instruction ID: a989dfa4e85d0b56287cfe2e867778c486b3f31bfd173d30f9afd811cc483807
                                                                                        • Opcode Fuzzy Hash: 0b9f26486d5ca748ff65b87eaf69692d820365cf5d3d260ad1582382175653d3
                                                                                        • Instruction Fuzzy Hash: D7021671900218DFCB14DF69C991BEEBBB0BF48304F50819EE519A7291DB34AE85CFA5
                                                                                        Function 004C9210 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 169COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                          • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                        • CreateEventW.KERNEL32(00000000,00000000,00000000,00000000,?,?,D8A7CFFC), ref: 004C928B
                                                                                        • CloseHandle.KERNEL32(?,?,?,?,?,D8A7CFFC), ref: 004C93D8
                                                                                        • cvReleaseImage.CXCORE099(00000000,?,?,?,?,D8A7CFFC), ref: 004C93E8
                                                                                        Strings
                                                                                        • CManyCamModel::GetPosterFrame, xrefs: 004C923F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorCloseCreateDebugEventHandleHeapImageReleaseclock
                                                                                        • String ID: CManyCamModel::GetPosterFrame
                                                                                        • API String ID: 3295495820-604892226
                                                                                        • Opcode ID: 0fb0d1f75a3f7064816a10a7a659a458f82e48bfb0f7d40fede8694d07b98b13
                                                                                        • Instruction ID: b7f4d3075c697768d86108b177f770b28cc6e89c2576a85e707f138266713341
                                                                                        • Opcode Fuzzy Hash: 0fb0d1f75a3f7064816a10a7a659a458f82e48bfb0f7d40fede8694d07b98b13
                                                                                        • Instruction Fuzzy Hash: 81717C70D01208DFDB04EFE4C895BEEBBB4BF58304F20815DE505AB291DB786A45CBA5
                                                                                        Function 0169D090 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 116COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,cvInitMatHeader,0174124F,.\cxarray.cpp,000000B0,?,0169E385,?,?,?,?,?,?,?,?,?), ref: 0169D0AF
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvError.CXCORE099(000000F1,cvInitMatHeader,0174124F,.\cxarray.cpp,000000B3,?,0169E385,?,?,?,?,?,?,?,?,?), ref: 0169D0DD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status
                                                                                        • String ID: .\cxarray.cpp$Non-positive cols or rows$cvInitMatHeader
                                                                                        • API String ID: 483703942-2660223677
                                                                                        • Opcode ID: 13721ec414e3a95955f5914e5d0a3a07fd1374cb627eac6cd460a1074ed6bf0c
                                                                                        • Instruction ID: 8a95cb0bb72dc7653417d390662770f4e9181fd38449aa5dce9dfd2f61bef290
                                                                                        • Opcode Fuzzy Hash: 13721ec414e3a95955f5914e5d0a3a07fd1374cb627eac6cd460a1074ed6bf0c
                                                                                        • Instruction Fuzzy Hash: 213147F3B4431113CF28AE5DFC62B2AB2D6A7D0A61F18423EF556E7780C760B8824395
                                                                                        Function 0050E6A0 Relevance: 12.4, APIs: 8, Instructions: 361memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeapmemset
                                                                                        • String ID:
                                                                                        • API String ID: 622753528-0
                                                                                        • Opcode ID: 2c09cb3bd4d98cd5ac2316cddb9aa19e67c7f66a0578b6bf1a6e020fd8d26f0b
                                                                                        • Instruction ID: 15c03739bf2cff661cf5d104c6130bcee5a7d3e6e4c58e74d1621743953f5b5e
                                                                                        • Opcode Fuzzy Hash: 2c09cb3bd4d98cd5ac2316cddb9aa19e67c7f66a0578b6bf1a6e020fd8d26f0b
                                                                                        • Instruction Fuzzy Hash: 81F17A719022199BDB28EB10CD9ABEEBBB4BF54304F1085E9E40A671D1DB745F88CF91
                                                                                        Function 004CB0F0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 97memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                                          • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA07
                                                                                          • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA16
                                                                                          • Part of subcall function 004DA970: _DebugHeapAllocator.LIBCPMTD ref: 004DAA37
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap
                                                                                        • String ID: |LV$ZP
                                                                                        • API String ID: 571936431-1538846667
                                                                                        • Opcode ID: 8217c67bd42f6a567db927a5321e70c2cba3473b1a658e23f040ac260a6cc460
                                                                                        • Instruction ID: 978cc442b74b90625ce9c3af39009df7ee77075ce9d9cefa9296828956acecd6
                                                                                        • Opcode Fuzzy Hash: 8217c67bd42f6a567db927a5321e70c2cba3473b1a658e23f040ac260a6cc460
                                                                                        • Instruction Fuzzy Hash: 27410AB1D05248EFCB04DFA8D991BDEBBF5BB48304F10815EF815A7281D778AA04CBA5
                                                                                        Function 004825C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 75librarywindowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadCursorW.USER32(00000000,00007F89), ref: 00482602
                                                                                        • GetWindowsDirectoryW.KERNEL32(00000000,00000104,00000104,?,0049A100,D8A7CFFC,?), ref: 00482644
                                                                                        • LoadLibraryW.KERNEL32(00000000,\winhlp32.exe,000000FF,?,0049A100,D8A7CFFC,?), ref: 0048266A
                                                                                        • LoadCursorW.USER32(00000000,0000006A), ref: 0048267F
                                                                                        • CopyIcon.USER32(?), ref: 00482692
                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 004826A5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Load$CursorLibrary$CopyDirectoryFreeIconWindows
                                                                                        • String ID: \winhlp32.exe
                                                                                        • API String ID: 501009500-695620452
                                                                                        • Opcode ID: 72d25b9e93f0e45ffb332d077584a673b3d5e48780a8d95c32651a89c6593934
                                                                                        • Instruction ID: ec6d5bdbcb5f979a409084d156352cb5eef125df936233655878cf5ad0338882
                                                                                        • Opcode Fuzzy Hash: 72d25b9e93f0e45ffb332d077584a673b3d5e48780a8d95c32651a89c6593934
                                                                                        • Instruction Fuzzy Hash: 0D313A71D00208AFDB04EFA4E959BEDBBB5FB18314F50462AF916A72D0DB786948CB14
                                                                                        Function 016C90E0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 73COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,cvGraphRemoveVtx,0174124F,.\cxdatastructs.cpp,00000BB3), ref: 016C9103
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvGetSeqElem.CXCORE099(?,?), ref: 016C9117
                                                                                        • cvError.CXCORE099(000000FB,cvGraphRemoveVtx,The vertex is not found,.\cxdatastructs.cpp,00000BB7), ref: 016C9140
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$ElemStatus
                                                                                        • String ID: .\cxdatastructs.cpp$The vertex is not found$cvGraphRemoveVtx
                                                                                        • API String ID: 3073403934-3562999182
                                                                                        • Opcode ID: c57f38982e2b55e09e9fa24a8ef04cd43387ac6e3565436b8532f11cd0567ab5
                                                                                        • Instruction ID: e0b2bc7545743583c3b6961fa2c40bdd38328904c98e9f180bc2166b3920ba8e
                                                                                        • Opcode Fuzzy Hash: c57f38982e2b55e09e9fa24a8ef04cd43387ac6e3565436b8532f11cd0567ab5
                                                                                        • Instruction Fuzzy Hash: 2411E4737403119FCB10DA1EEC91A26B7E5EFC1B29B19426CFE15CB792C770E84286A0
                                                                                        Function 016C4590 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,cvEndWriteSeq,0174124F,.\cxdatastructs.cpp,00000401), ref: 016C45B2
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvFlushSeqWriter.CXCORE099(?), ref: 016C45C0
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016C45C8
                                                                                        • cvError.CXCORE099(000000FF,cvEndWriteSeq,Inner function failed.,.\cxdatastructs.cpp,00000403), ref: 016C45E7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorStatus$FlushWriter
                                                                                        • String ID: .\cxdatastructs.cpp$Inner function failed.$cvEndWriteSeq
                                                                                        • API String ID: 1314510593-1203831791
                                                                                        • Opcode ID: 2898df2bb8376ed0bdcceb97337c4c28754c2bbce48d33e2ec3029b2f551cb67
                                                                                        • Instruction ID: 162ee6334bfc11a863a5cb08af2998fd733e1e6b48ba1b775cad81377ec00f3f
                                                                                        • Opcode Fuzzy Hash: 2898df2bb8376ed0bdcceb97337c4c28754c2bbce48d33e2ec3029b2f551cb67
                                                                                        • Instruction Fuzzy Hash: 9F1106F2B002126B8610EB1EFDA0C15BB91FBD4A22706436DF62997392D720E4808A64
                                                                                        Function 016C7570 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 50memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvMemStorageAlloc.CXCORE099(?,?), ref: 016C759A
                                                                                        • cvGetErrStatus.CXCORE099 ref: 016C75A4
                                                                                        • cvError.CXCORE099(000000FF,cvMemStorageAllocString,Inner function failed.,.\cxdatastructs.cpp,000001AD), ref: 016C75C3
                                                                                        • memcpy.MSVCR80(00000000,?,?), ref: 016C75D6
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocErrorStatusStoragememcpy
                                                                                        • String ID: .\cxdatastructs.cpp$Inner function failed.$cvMemStorageAllocString
                                                                                        • API String ID: 672187814-599128953
                                                                                        • Opcode ID: e0aa9b00080f510bd5f3c48f24c04c57061050b3d42cf174a992f2cb8bc3321f
                                                                                        • Instruction ID: 3d1dff1905e0418b757de8198bf785cb97ffeba2a2e38ebab64a950d45e78205
                                                                                        • Opcode Fuzzy Hash: e0aa9b00080f510bd5f3c48f24c04c57061050b3d42cf174a992f2cb8bc3321f
                                                                                        • Instruction Fuzzy Hash: DBF0F4B3B4036227C6009A6DAC50EA7F7CACFE59A5F18497EF944D7302EB21D80543E1
                                                                                        Function 0169D470 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000F7,cvReleaseSparseMat,0174124F,.\cxarray.cpp,000002C2), ref: 0169D48E
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvReleaseMemStorage.CXCORE099(?), ref: 0169D4BB
                                                                                        • cvFree_.CXCORE099(?,?), ref: 0169D4C4
                                                                                        • cvFree_.CXCORE099(?,?,?,?,?), ref: 0169D4D1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Free_$ErrorReleaseStatusStorage
                                                                                        • String ID: .\cxarray.cpp$cvReleaseSparseMat
                                                                                        • API String ID: 3484121471-266544567
                                                                                        • Opcode ID: d58a3094fa9c0d6e582df108b5812d871ad00ac30e22e4702a587f53da3eea07
                                                                                        • Instruction ID: bf2ed6010d6e4a23002e96ded79dcd5ca153418bef29e84491bb654d8a4e4c84
                                                                                        • Opcode Fuzzy Hash: d58a3094fa9c0d6e582df108b5812d871ad00ac30e22e4702a587f53da3eea07
                                                                                        • Instruction Fuzzy Hash: 4FF022B2B4131037DF207B6CEC62F56B2AE5F50E24F50425CF001AB789C7B0B89442A9
                                                                                        Function 004042F0 Relevance: 12.1, APIs: 8, Instructions: 101COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvCopy.CXCORE099(?,?,00000000,?,?,?,FFFFFFFE,?,?,?,?,00401620), ref: 00404309
                                                                                        • cvInvert.CXCORE099(?,?,00000000,?,?,FFFFFFFE,?,?,?,?,00401620), ref: 00404321
                                                                                        • cvGEMM.CXCORE099(?,?,?,?,?,00000000,?,?,?,?,?,FFFFFFFE), ref: 0040436B
                                                                                          • Part of subcall function 00403550: cvResetImageROI.CXCORE099(?,?,FFFFFFFE), ref: 004035F7
                                                                                          • Part of subcall function 00403550: cvResetImageROI.CXCORE099(?,FFFFFFFE), ref: 00403603
                                                                                          • Part of subcall function 00403550: cvResetImageROI.CXCORE099(?,?,FFFFFFFE), ref: 0040360F
                                                                                          • Part of subcall function 00403550: cvSet.CXCORE099(?), ref: 00403636
                                                                                          • Part of subcall function 00403550: cvSet.CXCORE099(?), ref: 0040365D
                                                                                        • cvSetImageROI.CXCORE099(?), ref: 004043B7
                                                                                        • cvSetImageROI.CXCORE099(?), ref: 004043D9
                                                                                        • cvCopy.CXCORE099(?,?,00000000), ref: 004043E5
                                                                                        • cvResetImageROI.CXCORE099(?), ref: 004043EE
                                                                                        • cvResetImageROI.CXCORE099(?), ref: 004043F7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Image$Reset$Copy$Invert
                                                                                        • String ID:
                                                                                        • API String ID: 2642547888-0
                                                                                        • Opcode ID: e93eb0512fcc8a041c5aa665e6f27bd66d5727e802e950380074bd07c4e28349
                                                                                        • Instruction ID: 4832167a604e7eee410914a1b349f3b52c2c1ab0660e6587da0ebae9eec7833f
                                                                                        • Opcode Fuzzy Hash: e93eb0512fcc8a041c5aa665e6f27bd66d5727e802e950380074bd07c4e28349
                                                                                        • Instruction Fuzzy Hash: 5B3153F4A007009FC314EF14D886F57BBE4AF89710F04896DE98A57381D635E9158BA6
                                                                                        Function 004012F0 Relevance: 12.1, APIs: 8, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000118,?), ref: 00402ED9
                                                                                          • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000114), ref: 00402EEB
                                                                                          • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(0000011C), ref: 00402EFD
                                                                                          • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000120), ref: 00402F0F
                                                                                          • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000124), ref: 00402F21
                                                                                          • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000128), ref: 00402F33
                                                                                          • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(0000012C), ref: 00402F45
                                                                                          • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000130), ref: 00402F57
                                                                                          • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000134), ref: 00402F69
                                                                                          • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000100), ref: 00402F77
                                                                                          • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000104), ref: 00402F89
                                                                                          • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000110), ref: 00402F9B
                                                                                          • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000108), ref: 00402FAD
                                                                                          • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(0000010C), ref: 00402FBF
                                                                                          • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(00000138), ref: 00402FD1
                                                                                          • Part of subcall function 00402EC0: cvReleaseMat.CXCORE099(0000013C), ref: 00402FE3
                                                                                        • cvReleaseImage.CXCORE099(?,?,?,004012A0,?), ref: 00401313
                                                                                        • cvReleaseImage.CXCORE099(00000000,?,?,004012A0,?), ref: 00401325
                                                                                        • cvReleaseImage.CXCORE099(00000000,?,?,004012A0,?), ref: 00401337
                                                                                        • cvReleaseImage.CXCORE099(-000000A8,?,?,004012A0,?), ref: 00401347
                                                                                        • cvReleaseImage.CXCORE099(?,-000000A8,?,?,004012A0,?), ref: 00401355
                                                                                        • cvReleaseMat.CXCORE099(00000000,004012A0,?), ref: 0040136E
                                                                                        • cvReleaseImage.CXCORE099(?,004012A0,?), ref: 0040137C
                                                                                        • ??3@YAXPAX@Z.MSVCR80(?,004012A0,?), ref: 00401387
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Release$Image$??3@
                                                                                        • String ID:
                                                                                        • API String ID: 4199280203-0
                                                                                        • Opcode ID: ce4da6eb0e3a7f94bb66be05ad3657c3e2c6a0438bd0ebaefe0091d5ba8a80e6
                                                                                        • Instruction ID: 9a6bf2f685f8ffb5b2492dd8c0792c90c05741bbbc79e9eb21885bcc9159b9e2
                                                                                        • Opcode Fuzzy Hash: ce4da6eb0e3a7f94bb66be05ad3657c3e2c6a0438bd0ebaefe0091d5ba8a80e6
                                                                                        • Instruction Fuzzy Hash: 8F11E9F580021297FB20AB14E84AB5BB7A8EF41700F58443AE845636D0F73DF9A5C797
                                                                                        Function 004C27C0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 336COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,D8A7CFFC,?,?,00000000,00534159,000000FF,?,004C2664,?,00000001,00000000,004BCB55,00000001,00000000,00000000), ref: 004C2804
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 004C2818
                                                                                        • _CxxThrowException.MSVCR80(d&L,0057CBF8), ref: 004C2826
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(d&L,0057CBF8,?,?,?,00000000,00534159,000000FF,?,004C2664,?,00000001,00000000,004BCB55,00000001,00000000), ref: 004C2835
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: d&L$map/set<T> too long
                                                                                        • API String ID: 3248949544-2396053701
                                                                                        • Opcode ID: 9e2109b489b36a333a9366bcbadb2707d019cd34c0dca1b399f2e05f1bc863c7
                                                                                        • Instruction ID: 0421590c6fc88a653ea049570befb3043dc480636a3316981a528d684021d55e
                                                                                        • Opcode Fuzzy Hash: 9e2109b489b36a333a9366bcbadb2707d019cd34c0dca1b399f2e05f1bc863c7
                                                                                        • Instruction Fuzzy Hash: 8DD11B74A002459FCB04FFA9C991EAF7776AF89304B20456EF4159B356CB78AC05CBB8
                                                                                        Function 004D4D80 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 336COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,D8A7CFFC,?,?,00000000,00535759,000000FF,?,004D4C24,?,00000001,00000000,?,00000001,00000000,00000000), ref: 004D4DC4
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 004D4DD8
                                                                                        • _CxxThrowException.MSVCR80($LM,0057CBF8), ref: 004D4DE6
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80($LM,0057CBF8,?,?,?,00000000,00535759,000000FF,?,004D4C24,?,00000001,00000000,?,00000001,00000000), ref: 004D4DF5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: $LM$map/set<T> too long
                                                                                        • API String ID: 3248949544-3238143215
                                                                                        • Opcode ID: b3a5ef0cd3d0604de93e7cfc4f998ecbca4839092f53841d330d18dc272e40e7
                                                                                        • Instruction ID: a07927191520cae1e6be455f76438f534ad6819f987c116f95f500b89d554bea
                                                                                        • Opcode Fuzzy Hash: b3a5ef0cd3d0604de93e7cfc4f998ecbca4839092f53841d330d18dc272e40e7
                                                                                        • Instruction Fuzzy Hash: A9D10B71A142159FCB04EFE5E8A1E6F7776AFC9304B50455FF0129B359DA38AC02CBA8
                                                                                        Function 004AAB20 Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 256COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                          • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                        • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 004AAC1D
                                                                                        • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 004AAC4F
                                                                                          • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                        Strings
                                                                                        • Inserting effect %s to stack at position %d., xrefs: 004AACE1
                                                                                        • CVideoProcessor::InsertEffectToStack, xrefs: 004AAB4B
                                                                                        • Inserting effect %s\%s\%s to stack at position %d., xrefs: 004AAC73
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: clock$AllocatorBase::Concurrency::details::Concurrency::task_options::get_schedulerDebugHeapPolicyScheduler
                                                                                        • String ID: CVideoProcessor::InsertEffectToStack$Inserting effect %s to stack at position %d.$Inserting effect %s\%s\%s to stack at position %d.
                                                                                        • API String ID: 1896687067-3121683814
                                                                                        • Opcode ID: 2f379fbdc71ef8fe106dd6932f9e4df42c7bfac42d585d9b32fea62b007a0ea8
                                                                                        • Instruction ID: 105fcc333d0e6ff14583993c1dd746094cb4f3fab98b4d368d8a839d86cc259d
                                                                                        • Opcode Fuzzy Hash: 2f379fbdc71ef8fe106dd6932f9e4df42c7bfac42d585d9b32fea62b007a0ea8
                                                                                        • Instruction Fuzzy Hash: 56B12B70900208EFCB14DFA8C891BDEBBB5BF59314F10825EE419AB391DB74AE45CB95
                                                                                        Function 004F6860 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 180memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004F68AB
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004F68DB
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004F6903
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004F692B
                                                                                          • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                                          • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                                          • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                                          • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                                          • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                                        • ??0CxImage@@QAE@K@Z.CXIMAGECRT(00000000,000000FF,?,?,?,?,?,?,?,?,?,00000000,?,00000001,D8A7CFFC), ref: 004F696D
                                                                                          • Part of subcall function 004CB5F0: SHGetSpecialFolderPathW.SHELL32(00000000,?,?,00000000), ref: 004CB626
                                                                                          • Part of subcall function 004CB5F0: _wmkdir.MSVCR80 ref: 004CB633
                                                                                          • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                          • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                          • Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                                        Strings
                                                                                        • \ManyCam\BackgroundEffect, xrefs: 004F69A8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$FileFindFirstFolderImage@@PathSpecial_wmkdir
                                                                                        • String ID: \ManyCam\BackgroundEffect
                                                                                        • API String ID: 711174743-980167294
                                                                                        • Opcode ID: be2178804a92c928cd2aed66c8cbe30649dd095b03b0f11a4b1ac172dfbbafa9
                                                                                        • Instruction ID: 1d1004133df218b0561d43129003d36592f772ef424460559cb02d2d1cb950c8
                                                                                        • Opcode Fuzzy Hash: be2178804a92c928cd2aed66c8cbe30649dd095b03b0f11a4b1ac172dfbbafa9
                                                                                        • Instruction Fuzzy Hash: 5E8189B0901258DEDB14EF64DC41BDEBBB6AB94308F0081DEE449A3281DB795B98CF95
                                                                                        Function 00513CB0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 140COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00513D55
                                                                                        • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00513D92
                                                                                        • cvCreateImage.CXCORE099(?,?,00000008,00000004), ref: 00513E4E
                                                                                        • cvResize.CV099(00000000,00000000,00000001), ref: 00513E63
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Base::Concurrency::details::Concurrency::task_options::get_schedulerCreateImagePolicyResizeScheduler
                                                                                        • String ID: Avatars$Objects
                                                                                        • API String ID: 2992923878-1969768225
                                                                                        • Opcode ID: 88d80d9e5b1925a2c6919934a6c20aa7d629ba449a3cc0373393a8c87a9d5497
                                                                                        • Instruction ID: 11ef104c15373c8e9f941a2410d1520fa6931b44404b7003273920e72e9da790
                                                                                        • Opcode Fuzzy Hash: 88d80d9e5b1925a2c6919934a6c20aa7d629ba449a3cc0373393a8c87a9d5497
                                                                                        • Instruction Fuzzy Hash: 385189B1D00209DBDF04DFA5E8A66EEBFB5FF48300F10816AE455BB294DB355A58CB81
                                                                                        Function 00405430 Relevance: 10.6, APIs: 7, Instructions: 129COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: IcosIsin
                                                                                        • String ID:
                                                                                        • API String ID: 14690888-0
                                                                                        • Opcode ID: 276f5b0b340e471206aa856c43127869a290fb93fcdf002dd0d7d5e66133fcaa
                                                                                        • Instruction ID: f55afc7f36c79dbe8a91edad75af3db0966c0985aa664003f4d56b1ff0a10eb2
                                                                                        • Opcode Fuzzy Hash: 276f5b0b340e471206aa856c43127869a290fb93fcdf002dd0d7d5e66133fcaa
                                                                                        • Instruction Fuzzy Hash: A351AF34609602DFC324DF14E68982ABBB0FF84700B918D88E4E5676A9D731E879CA56
                                                                                        Function 004A93F0 Relevance: 10.6, APIs: 7, Instructions: 118memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004A945B
                                                                                          • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                          • Part of subcall function 004164A0: FindFirstFileW.KERNEL32(00000000,00000104,000000D8,00000104,00000000), ref: 004164F5
                                                                                        • wcscmp.MSVCR80 ref: 004A948B
                                                                                        • wcscmp.MSVCR80 ref: 004A94A4
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004A94F6
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004A9508
                                                                                        • wcslen.MSVCR80 ref: 004A9514
                                                                                        • wcslen.MSVCR80 ref: 004A957A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$wcscmpwcslen$FileFindFirst
                                                                                        • String ID:
                                                                                        • API String ID: 1577558999-0
                                                                                        • Opcode ID: 0cb7d27af655883c31428af5e0bb9fad3cc48976a5dbef61661fdd01497b3954
                                                                                        • Instruction ID: f16ea4ad88e480f90c3d3a557b52af9eaab9dd6428fdd0c1f69d551c8bda1375
                                                                                        • Opcode Fuzzy Hash: 0cb7d27af655883c31428af5e0bb9fad3cc48976a5dbef61661fdd01497b3954
                                                                                        • Instruction Fuzzy Hash: 5E5120B19041189BCB24EB65DD91BEDB774BF14308F0085EE960A62281EF34AF88CF5C
                                                                                        Function 016A11C0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 94COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(FFFFFF2D,cvSet2D,index is out of range,.\cxarray.cpp,000009EE), ref: 016A125F
                                                                                        • cvPtr2D.CXCORE099(?,?,?,00000000), ref: 016A12AD
                                                                                        • cvScalarToRawData.CXCORE099(?,00000000,?,00000000), ref: 016A12C2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: DataErrorPtr2Scalar
                                                                                        • String ID: .\cxarray.cpp$cvSet2D$index is out of range
                                                                                        • API String ID: 3017369907-2746843581
                                                                                        • Opcode ID: 27b033d3fe152e61246da60f82342c3aa8ef2eea9152f9b708638b8f4d3d5235
                                                                                        • Instruction ID: 68eeeb3cd71b79b2c7182fe8a81cf98a7ff6aabcf124b472550c7e027954fac8
                                                                                        • Opcode Fuzzy Hash: 27b033d3fe152e61246da60f82342c3aa8ef2eea9152f9b708638b8f4d3d5235
                                                                                        • Instruction Fuzzy Hash: AF21D1B26083045BD314DE08DC91A6BB3E5FBD8614F488A2DF995D7381E334EE488B96
                                                                                        Function 016C9020 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 66COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000FB,cvGraphRemoveVtxByPtr,The vertex does not belong to the graph,.\cxdatastructs.cpp,00000B94), ref: 016C9055
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvGraphRemoveEdgeByPtr.CXCORE099(?,?,?), ref: 016C9079
                                                                                        • cvError.CXCORE099(000000E5,cvGraphRemoveVtxByPtr,0174124F,.\cxdatastructs.cpp,00000B91), ref: 016C90C7
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$EdgeGraphRemoveStatus
                                                                                        • String ID: .\cxdatastructs.cpp$The vertex does not belong to the graph$cvGraphRemoveVtxByPtr
                                                                                        • API String ID: 4137948049-2879183826
                                                                                        • Opcode ID: c3b4b637949643e2b0b20a1149a3ba78e7986d3bf5d0ef0db5a6429ee21f9912
                                                                                        • Instruction ID: a60fc9afabe1d3d348822f9f7e0efe492eca6ca1de21673f4fc2174bbe127ce0
                                                                                        • Opcode Fuzzy Hash: c3b4b637949643e2b0b20a1149a3ba78e7986d3bf5d0ef0db5a6429ee21f9912
                                                                                        • Instruction Fuzzy Hash: B5118EB23017026FD310DA1EEC81E66B7A9FB80B34B14432DFA2597792C371E811CAA0
                                                                                        Function 0169D500 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,cvInitSparseMatIterator,NULL iterator pointer,.\cxarray.cpp,000002FE), ref: 0169D538
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvError.CXCORE099(000000FB,cvInitSparseMatIterator,Invalid sparse matrix header,.\cxarray.cpp,000002FB), ref: 0169D59E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status
                                                                                        • String ID: .\cxarray.cpp$Invalid sparse matrix header$NULL iterator pointer$cvInitSparseMatIterator
                                                                                        • API String ID: 483703942-2632940346
                                                                                        • Opcode ID: ef04056669e99eb654f857beb39abd34cf3a2cb7f4faa052b2a46949a87778a0
                                                                                        • Instruction ID: 0228f7ba2354b4f7f4f868e4c66e59e0d52558f711980122ce2e72ee8d2a9c6d
                                                                                        • Opcode Fuzzy Hash: ef04056669e99eb654f857beb39abd34cf3a2cb7f4faa052b2a46949a87778a0
                                                                                        • Instruction Fuzzy Hash: 891102F3B443026BDF20AE9CECD1559F3D9ABA4628B64853EF156D3780E361E8908744
                                                                                        Function 016C4050 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 64COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(FFFFFF2D,cvSetSeqBlockSize,0174124F,.\cxdatastructs.cpp,000001F4,0000BA50,016C76EE,00000000,00000400,?,?,?,?,00000000), ref: 016C4089
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvError.CXCORE099(FFFFFF2D,cvSetSeqBlockSize,Storage block size is too small to fit the sequence elements,.\cxdatastructs.cpp,00000204,00000000,0000BA50,016C76EE,00000000,00000400,?,?,?,?,00000000), ref: 016C40E1
                                                                                        • cvError.CXCORE099(000000E5,cvSetSeqBlockSize,0174124F,.\cxdatastructs.cpp,000001F2,0000BA50,016C76EE,00000000,00000400,?,?,?,?,00000000), ref: 016C4108
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status
                                                                                        • String ID: .\cxdatastructs.cpp$Storage block size is too small to fit the sequence elements$cvSetSeqBlockSize
                                                                                        • API String ID: 483703942-3159673213
                                                                                        • Opcode ID: 308f6d2e29362a09b94c658e27bc48aabd2cf21dfa646d9d26402ee3aea7d2a1
                                                                                        • Instruction ID: dd71799962006a2177d7aac3f96b5d09c77646f71e79dd519d0a22a39be300a7
                                                                                        • Opcode Fuzzy Hash: 308f6d2e29362a09b94c658e27bc48aabd2cf21dfa646d9d26402ee3aea7d2a1
                                                                                        • Instruction Fuzzy Hash: 7C012BF378471227DB00E62EFC31D26A2959B90E24B18423CF511E77CADBA1E4918194
                                                                                        Function 004B5F10 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,D8A7CFFC,?,?,?,?,?,?,?,00000000,005337E9,000000FF,?,004B5503,004B1AE0), ref: 004B5F3D
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 004B5F51
                                                                                        • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004B5F5F
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,005337E9,000000FF,?,004B5503,004B1AE0), ref: 004B5F6E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: CKK$vector<T> too long
                                                                                        • API String ID: 3248949544-3216571628
                                                                                        • Opcode ID: 3718fa35949eba5a82b900746a9376809f8905b55e5b69c6eb2af84f65c3591d
                                                                                        • Instruction ID: c8d92b487c042dcc06c93ea087005db71d51a26c7136d47a4fad7ddcb25ee778
                                                                                        • Opcode Fuzzy Hash: 3718fa35949eba5a82b900746a9376809f8905b55e5b69c6eb2af84f65c3591d
                                                                                        • Instruction Fuzzy Hash: 47F0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0DB756A08CB54
                                                                                        Function 016CE589 Relevance: 9.1, APIs: 6, Instructions: 148COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvStartReadSeq.CXCORE099(00000000,?,00000000), ref: 016CE5D2
                                                                                        • cvClearSeq.CXCORE099(?), ref: 016CE63A
                                                                                        • cvStartAppendToSeq.CXCORE099(?,?,?), ref: 016CE649
                                                                                        • cvCreateSeqBlock.CXCORE099(?), ref: 016CE660
                                                                                        • cvChangeSeqBlock.CXCORE099(?,00000001), ref: 016CE6B5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: BlockStart$AppendChangeClearCreateRead
                                                                                        • String ID:
                                                                                        • API String ID: 3520445126-0
                                                                                        • Opcode ID: c8cd0e39b036c6f29fef7679431e0da3bf92ebafb45238f69e1bb39bcea99f98
                                                                                        • Instruction ID: a9e966e0d0669f847a64caeaed625b552ba9fb0bd0d693956b9e5528d03b9453
                                                                                        • Opcode Fuzzy Hash: c8cd0e39b036c6f29fef7679431e0da3bf92ebafb45238f69e1bb39bcea99f98
                                                                                        • Instruction Fuzzy Hash: 5C5126B56193419FD714CF59C890B6ABBF9EF88A04F04881CF98587341E776E805CBA2
                                                                                        Function 004E2290 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,D8A7CFFC,?,?,00000000,00536A39,000000FF,?,004E1A94,?,00000001,00000000,004E0575,00000001,00000000,00000000), ref: 004E22D4
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 004E22E8
                                                                                        • _CxxThrowException.MSVCR80(004E1A94,0057CBF8), ref: 004E22F6
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004E1A94,0057CBF8,?,?,?,00000000,00536A39,000000FF,?,004E1A94,?,00000001,00000000,004E0575,00000001,00000000), ref: 004E2305
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: map/set<T> too long
                                                                                        • API String ID: 3248949544-1285458680
                                                                                        • Opcode ID: 037b1c6f34042e82ce7b50c5ae10a42ae7eaf65c3770f3036ce6bbe0d0c371b4
                                                                                        • Instruction ID: eb3dced5db3925a888724237d041c26940005993663a78e11fc02054abcc7e87
                                                                                        • Opcode Fuzzy Hash: 037b1c6f34042e82ce7b50c5ae10a42ae7eaf65c3770f3036ce6bbe0d0c371b4
                                                                                        • Instruction Fuzzy Hash: E7D10F70A002C99FCB04EFAAC991D6F777ABF89345B10455EF4119F366CA78AC01DBA4
                                                                                        Function 00411300 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,D8A7CFFC,?,?,00000000,00528E39,000000FF,?,004112C4,?,00000001,00000000,0040F3C5,00000001,00000000,00000000), ref: 00411344
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 00411358
                                                                                        • _CxxThrowException.MSVCR80(004112C4,0057CBF8), ref: 00411366
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004112C4,0057CBF8,?,?,?,00000000,00528E39,000000FF,?,004112C4,?,00000001,00000000,0040F3C5,00000001,00000000), ref: 00411375
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: map/set<T> too long
                                                                                        • API String ID: 3248949544-1285458680
                                                                                        • Opcode ID: 42cbf8a29792d702c98aabde1d8b08b81332d8e2c8f3267b75d2f7efa1133912
                                                                                        • Instruction ID: fc6447a121a983bb72d300740fc035bcb7914751d3a952c33331dda71f3fca67
                                                                                        • Opcode Fuzzy Hash: 42cbf8a29792d702c98aabde1d8b08b81332d8e2c8f3267b75d2f7efa1133912
                                                                                        • Instruction Fuzzy Hash: 4DD12D70A002099FCB04EFE5C991EEFB775AF89304B10455EF512AB365CA7CAD51CBA8
                                                                                        Function 004C14E0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,D8A7CFFC,?,?,00000000,005340C9,000000FF,?,004C1384,?,00000001,00000000,004BAFA3,00000001,00000000,00000000), ref: 004C1524
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 004C1538
                                                                                        • _CxxThrowException.MSVCR80(004C1384,0057CBF8), ref: 004C1546
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004C1384,0057CBF8,?,?,?,00000000,005340C9,000000FF,?,004C1384,?,00000001,00000000,004BAFA3,00000001,00000000), ref: 004C1555
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: map/set<T> too long
                                                                                        • API String ID: 3248949544-1285458680
                                                                                        • Opcode ID: 373c4984a0380365a134575c025ccd3d03ef30724ed9c15aa6ec8d22811ce55d
                                                                                        • Instruction ID: 5f54f1dc26024d97c3e5589f28a2b26444c27508ce2d65950266073b7809569a
                                                                                        • Opcode Fuzzy Hash: 373c4984a0380365a134575c025ccd3d03ef30724ed9c15aa6ec8d22811ce55d
                                                                                        • Instruction Fuzzy Hash: D1D10F75E042459FCB04EFA5C891EAF7775AF8A304F1045AEF502AB355DA38AD01CBB8
                                                                                        Function 0048D7D0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,D8A7CFFC,?,?,?,00530F79,000000FF,?,0048AEF4,?,00000001,?,?,00000001,00000000,00000000), ref: 0048D814
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 0048D828
                                                                                        • _CxxThrowException.MSVCR80(0048AEF4,0057CBF8), ref: 0048D836
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(0048AEF4,0057CBF8,?,?,?,00530F79,000000FF,?,0048AEF4,?,00000001,?,?,00000001,00000000,00000000), ref: 0048D845
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: map/set<T> too long
                                                                                        • API String ID: 3248949544-1285458680
                                                                                        • Opcode ID: 30f3dba2d2509044dd435c0e4a58e2e90cb7d7e200ab4d5d41f53f078059e0ff
                                                                                        • Instruction ID: f924f05d9c195ac9d2efefafaa7b998481315dfbc5b04f0f3db32ea2b030e7a3
                                                                                        • Opcode Fuzzy Hash: 30f3dba2d2509044dd435c0e4a58e2e90cb7d7e200ab4d5d41f53f078059e0ff
                                                                                        • Instruction Fuzzy Hash: 1ED1DB74E102459FCB04FFA5C891E6F7B75AF89304F10896EF4159B295CA38AD01CFA8
                                                                                        Function 0048C8C0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,D8A7CFFC,?,?,?,00530F19,000000FF,?,0048A224,?,00000001,?,?,00000001,00000000,00000000), ref: 0048C904
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 0048C918
                                                                                        • _CxxThrowException.MSVCR80(0048A224,0057CBF8), ref: 0048C926
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(0048A224,0057CBF8,?,?,?,00530F19,000000FF,?,0048A224,?,00000001,?,?,00000001,00000000,00000000), ref: 0048C935
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: map/set<T> too long
                                                                                        • API String ID: 3248949544-1285458680
                                                                                        • Opcode ID: 5d9bd5cfefa7126eaa9cce7f59cf12a6ec2056fb24f196b19c599b19faf1435e
                                                                                        • Instruction ID: 781e3e5cdacf5d297dd74e0af013611e08a9c6e7430d9740113c692fd0013158
                                                                                        • Opcode Fuzzy Hash: 5d9bd5cfefa7126eaa9cce7f59cf12a6ec2056fb24f196b19c599b19faf1435e
                                                                                        • Instruction Fuzzy Hash: B0D1ED70A002499FCB04FFA5C891D6F7775EF8A708F20496EF6159B255CB38AD05CBA8
                                                                                        Function 004C7A20 Relevance: 9.1, APIs: 1, Strings: 5, Instructions: 86COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                          • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                          • Part of subcall function 00407140: RegOpenKeyExW.ADVAPI32(?,80000002,00000000,00000000,00000000,80000002,SOFTWARE\ManyCam), ref: 00407162
                                                                                        • memset.MSVCR80 ref: 004C7ABE
                                                                                          • Part of subcall function 00407190: RegQueryValueExW.ADVAPI32(00000040,?,00000000,00000040,?,?,004C7AEB,AppVersion,?,00000040,80000002,SOFTWARE\ManyCam,00020019), ref: 004071CC
                                                                                          • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                          • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeapclock$OpenQueryValuememset
                                                                                        • String ID: @$AppVersion$CManyCamModel::GetManyCamVersion$SOFTWARE\ManyCam$ob@
                                                                                        • API String ID: 1430646295-175800182
                                                                                        • Opcode ID: 99caf996730d2821cc7d9e1b6342d5801e04e7129e3737ca7ce9bef82be1f397
                                                                                        • Instruction ID: 07a999de59d8292b32f2331ae8109d5d18864066084ba78fe0f4ff90b5b286a5
                                                                                        • Opcode Fuzzy Hash: 99caf996730d2821cc7d9e1b6342d5801e04e7129e3737ca7ce9bef82be1f397
                                                                                        • Instruction Fuzzy Hash: 31315B70A04218DEDB10DB54D952BEEBBB4AB05304F0041AEE5457B2C1DBB86E48CBA6
                                                                                        Function 004C1CC0 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,D8A7CFFC,?,?,00000000,005340F9,000000FF,?,004C1B64,?,00000001,00000000,004BB8D3,00000001,00000000,00000000), ref: 004C1D04
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 004C1D18
                                                                                        • _CxxThrowException.MSVCR80(004C1B64,0057CBF8), ref: 004C1D26
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(004C1B64,0057CBF8,?,?,?,00000000,005340F9,000000FF,?,004C1B64,?,00000001,00000000,004BB8D3,00000001,00000000), ref: 004C1D35
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: map/set<T> too long
                                                                                        • API String ID: 3248949544-1285458680
                                                                                        • Opcode ID: 244b48426afd2b3cb84e5586bde9a12e9605ad4a338fae707614c6ae995eb5f3
                                                                                        • Instruction ID: 76fe67f2c80d83fee2b03a8fd12379f2c1e3e221b52a71524e2575de1d4bc0e2
                                                                                        • Opcode Fuzzy Hash: 244b48426afd2b3cb84e5586bde9a12e9605ad4a338fae707614c6ae995eb5f3
                                                                                        • Instruction Fuzzy Hash: 1DD1E974A00205AFCB14EFE6C891EEF7775AFC9308B104D5EF4129B256DA39A801CBB5
                                                                                        Function 00474C80 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,D8A7CFFC,?,?,00000000,0052F989,000000FF,?,00474884,?,00000001,00000000,004A9763,00000001,00000000,00000000), ref: 00474CC4
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 00474CD8
                                                                                        • _CxxThrowException.MSVCR80(00474884,0057CBF8), ref: 00474CE6
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(00474884,0057CBF8,?,?,?,00000000,0052F989,000000FF,?,00474884,?,00000001,00000000,004A9763,00000001,00000000), ref: 00474CF5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: map/set<T> too long
                                                                                        • API String ID: 3248949544-1285458680
                                                                                        • Opcode ID: fb5a5b0bfe5d7466eb37912541b6a1e1978402ae83b6b00b3775f69bc8b7d628
                                                                                        • Instruction ID: 902e9eb1271cb93d2a72db74486b01d1d5c84e1b516abcfe74867b495f5f0d12
                                                                                        • Opcode Fuzzy Hash: fb5a5b0bfe5d7466eb37912541b6a1e1978402ae83b6b00b3775f69bc8b7d628
                                                                                        • Instruction Fuzzy Hash: 1ED1FB70A002099FCB04EFA5D891EEF7776AF89318B20855EF4159F295CB38AC51CBA5
                                                                                        Function 0048CF10 Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(map/set<T> too long,D8A7CFFC,?,?,?,00530F49,000000FF,?,0048A514,?,00000001,?,?,00000001,00000000,00000000), ref: 0048CF54
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 0048CF68
                                                                                        • _CxxThrowException.MSVCR80(0048A514,0057CBF8), ref: 0048CF76
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(0048A514,0057CBF8,?,?,?,00530F49,000000FF,?,0048A514,?,00000001,?,?,00000001,00000000,00000000), ref: 0048CF85
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: map/set<T> too long
                                                                                        • API String ID: 3248949544-1285458680
                                                                                        • Opcode ID: 6ffb65bce278b8fe47ce7c833305a1f3afc7f0cb37ed8eddf46bce9baa873d41
                                                                                        • Instruction ID: 50f8718e498666fa4da98437a76d4638b1e2a723603710fac9882f3192207998
                                                                                        • Opcode Fuzzy Hash: 6ffb65bce278b8fe47ce7c833305a1f3afc7f0cb37ed8eddf46bce9baa873d41
                                                                                        • Instruction Fuzzy Hash: 1BD1AA70A002459FCB04FFA5D8D1EAF77B6BF89304B10495EF511AB396CA39A901CBE5
                                                                                        Function 004059C0 Relevance: 9.1, APIs: 6, Instructions: 85COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvCreateMat.CXCORE099(00000004,00000001,00000005,?,?,004015E6,?), ref: 004059C9
                                                                                        • cvCreateMat.CXCORE099(00000004,00000001,00000005,?,?,?,?,?,004015E6,?), ref: 00405A0C
                                                                                        • cvCreateMat.CXCORE099(00000004,00000001,00000005,?,?,?,?,?,?,?,?,004015E6,?), ref: 00405A4F
                                                                                          • Part of subcall function 004057D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,00000000), ref: 004057DA
                                                                                          • Part of subcall function 004057D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,00000000), ref: 004057EC
                                                                                          • Part of subcall function 004057D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,00000000), ref: 004057FE
                                                                                          • Part of subcall function 004057D0: cvCreateMat.CXCORE099(00000004,00000004,00000005,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00405810
                                                                                          • Part of subcall function 004057D0: cvGEMM.CXCORE099(?,?), ref: 0040586A
                                                                                          • Part of subcall function 004057D0: cvGEMM.CXCORE099(?,?), ref: 00405895
                                                                                          • Part of subcall function 004057D0: cvReleaseMat.CXCORE099(?), ref: 004058A2
                                                                                          • Part of subcall function 004057D0: cvReleaseMat.CXCORE099(?), ref: 004058AF
                                                                                          • Part of subcall function 004057D0: cvReleaseMat.CXCORE099(?), ref: 004058BC
                                                                                          • Part of subcall function 004057D0: cvReleaseMat.CXCORE099(?), ref: 004058C9
                                                                                        • cvReleaseMat.CXCORE099(?,?,?,?,00000000), ref: 00405A9A
                                                                                        • cvReleaseMat.CXCORE099(?), ref: 00405AA7
                                                                                        • cvReleaseMat.CXCORE099(?), ref: 00405AB4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateRelease
                                                                                        • String ID:
                                                                                        • API String ID: 557197377-0
                                                                                        • Opcode ID: ba2c734ec160b10dc2be184458e091322f75ff8d3104fcbc22788eb87a98d7e3
                                                                                        • Instruction ID: 043076e51676209564484e982c9936a884ec24064fff71ead1165430e30ebd4e
                                                                                        • Opcode Fuzzy Hash: ba2c734ec160b10dc2be184458e091322f75ff8d3104fcbc22788eb87a98d7e3
                                                                                        • Instruction Fuzzy Hash: C6311574605201DFD304DF10D499E26BBA1BFC8704F5289CCE2941B2E6DB71D936CB82
                                                                                        Function 017280A0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 81COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: sprintf
                                                                                        • String ID: %d.$-.Inf$.Inf$.Nan
                                                                                        • API String ID: 590974362-1425397501
                                                                                        • Opcode ID: 653df6338c7f906a5517dd3d04a9b0f87357df1f08473131bfd5d8d48ff326e0
                                                                                        • Instruction ID: 5bf67c35b301375c75264fbd6fdfed08fa674f60b2dc345b1373a7195d835b0e
                                                                                        • Opcode Fuzzy Hash: 653df6338c7f906a5517dd3d04a9b0f87357df1f08473131bfd5d8d48ff326e0
                                                                                        • Instruction Fuzzy Hash: BA21077460C210CBCB256A68FD5536ABBE0BF85751F64C59CE8D5C2388E632886A8787
                                                                                        Function 017281A0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 80COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: sprintf
                                                                                        • String ID: %d.$-.Inf$.Inf$.Nan
                                                                                        • API String ID: 590974362-1425397501
                                                                                        • Opcode ID: 5ba6cff2081840734c3f0da685dd59b61245ee4a51209ca0bb554c4e3b0143e9
                                                                                        • Instruction ID: 2c90086ce2fa6f4a470aa6c654cfdf24a3a673159c65e82b15864cf348a9b526
                                                                                        • Opcode Fuzzy Hash: 5ba6cff2081840734c3f0da685dd59b61245ee4a51209ca0bb554c4e3b0143e9
                                                                                        • Instruction Fuzzy Hash: E221317060C7008BCB25AB5CED55365BFE0FF82750F64859CE9D582398E732846ACB87
                                                                                        Function 00402BB0 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvCreateImage.CXCORE099(?,?,00000008,00000001,?,?,00403181,?,?), ref: 00402BC0
                                                                                        • cvCreateImage.CXCORE099(?,?,00000008,00000001,?,00000000,?,00000000,?,0040120F), ref: 00402BD4
                                                                                        • cvCreateImage.CXCORE099(?,?,00000020,00000003,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BE9
                                                                                        • cvReleaseImage.CXCORE099(?,?,?,?,?,?,00000000,?,00000000,?,0040120F), ref: 00402BFE
                                                                                        • cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C10
                                                                                        • cvReleaseImage.CXCORE099(?,?,00000000,?,00000000,?,0040120F), ref: 00402C22
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Image$CreateRelease
                                                                                        • String ID:
                                                                                        • API String ID: 3874174198-0
                                                                                        • Opcode ID: 90bf2cca833fb2c28ec0a48af1516d2f96f179e9554cc466a05b48644bb4997a
                                                                                        • Instruction ID: 6a9ac0958563a1589a8d938dd82cbe29a94ad790e47f913414e9d99cb75ce162
                                                                                        • Opcode Fuzzy Hash: 90bf2cca833fb2c28ec0a48af1516d2f96f179e9554cc466a05b48644bb4997a
                                                                                        • Instruction Fuzzy Hash: F901F9F590130176F630AB259D4EF4B76DCFF91701F04483AF55AA12C1F6B4E184C221
                                                                                        Function 004032A0 Relevance: 9.1, APIs: 6, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvReleaseImage.CXCORE099(004012A4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032CA
                                                                                        • cvReleaseImage.CXCORE099(004012A8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032DC
                                                                                        • cvReleaseImage.CXCORE099(004012AC,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 004032EA
                                                                                        • cvReleaseImage.CXCORE099(004012C0,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403302
                                                                                        • cvReleaseImage.CXCORE099(004012C4,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403314
                                                                                        • cvReleaseImage.CXCORE099(004012C8,00000100,004012A0,00000000,00402ECD,00000000,?,00401305,?,?,004012A0,?), ref: 00403326
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ImageRelease
                                                                                        • String ID:
                                                                                        • API String ID: 535124018-0
                                                                                        • Opcode ID: d5d590391344c0c731e22e2c0c0412fa703b525e44fcf2c6df5cf6810ee77da8
                                                                                        • Instruction ID: f6f80441a689a6daaa6ac2ab205e4bd6027bf7437223482053866a57996ed6f5
                                                                                        • Opcode Fuzzy Hash: d5d590391344c0c731e22e2c0c0412fa703b525e44fcf2c6df5cf6810ee77da8
                                                                                        • Instruction Fuzzy Hash: A91198F6801201E7EB309E11D889B4BBBACBF50302F44443AD84552285E778B78DCAAB
                                                                                        Function 00434B70 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 152COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00447FF0: SendMessageW.USER32(?,0000110A,00000000,00000000), ref: 00448006
                                                                                        • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00434C17
                                                                                          • Part of subcall function 004DB530: _DebugHeapAllocator.LIBCPMTD ref: 004DB54A
                                                                                        • memset.MSVCR80 ref: 00434C2B
                                                                                          • Part of subcall function 00447E60: SendMessageW.USER32(?,00001132,00000000,yLC), ref: 00447E78
                                                                                        • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00434CEC
                                                                                          • Part of subcall function 004DAF40: _DebugHeapAllocator.LIBCPMTD ref: 004DAF57
                                                                                        • memset.MSVCR80 ref: 00434D1D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeapMessageSendmemset$Base::Concurrency::details::Concurrency::task_options::get_schedulerPolicyScheduler
                                                                                        • String ID: pzC
                                                                                        • API String ID: 1527497025-2444570644
                                                                                        • Opcode ID: e3d9d7585f77d899c6d2de3521e35a6c3d02375cb3cf3d8ffcf042e74bc981e3
                                                                                        • Instruction ID: ed1ee3073941a6660e753338659c4a22794240fa1e9d27d03445b3c6d8f704d4
                                                                                        • Opcode Fuzzy Hash: e3d9d7585f77d899c6d2de3521e35a6c3d02375cb3cf3d8ffcf042e74bc981e3
                                                                                        • Instruction Fuzzy Hash: 9C610CB1D01118DBDB14DFA5D891BEEBBB5FF48304F2041AEE10A67281DB386A45CF99
                                                                                        Function 00408360 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 116stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • lstrlenW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004083C6
                                                                                        • CompareStringW.KERNEL32(00000400,00000001,?,00000003,<A>,00000003), ref: 00408424
                                                                                        • CompareStringW.KERNEL32(00000400,00000001,?,00000004,</A>,00000004), ref: 00408474
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: CompareString$lstrlen
                                                                                        • String ID: </A>$<A>
                                                                                        • API String ID: 1657112622-2122467442
                                                                                        • Opcode ID: 71153d6a453ea1603edaace69c389d9b4173073ffd4576bfc9ed4d047b5a66fa
                                                                                        • Instruction ID: 8d4014fe370238e856f28d0c67f96b0aed6e5c53389ece421d0f182d8b12796b
                                                                                        • Opcode Fuzzy Hash: 71153d6a453ea1603edaace69c389d9b4173073ffd4576bfc9ed4d047b5a66fa
                                                                                        • Instruction Fuzzy Hash: CB5121B4A0421ADFDB04CF88C990BAEB7B2FF84304F108159E915AB3D0DB75A946CF95
                                                                                        Function 004098C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                          • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                          • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                          • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 00409943
                                                                                          • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                          • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                          • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 00409981
                                                                                        • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,?,?,0053CC2C,data\images\addEffectDlg\,?,?,?,D8A7CFFC), ref: 004099A1
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$Image@@Load@
                                                                                        • String ID: .png$data\images\addEffectDlg\
                                                                                        • API String ID: 1315443971-2820274302
                                                                                        • Opcode ID: b1f5f912a3a6442a3cc382653bc540b1293c177797d8700b4929a6cfcbca8e46
                                                                                        • Instruction ID: 99387fa8a9a4026cbf0ab0abdc8698a1dc38235ed2b893dafecf0ce6710d2d8a
                                                                                        • Opcode Fuzzy Hash: b1f5f912a3a6442a3cc382653bc540b1293c177797d8700b4929a6cfcbca8e46
                                                                                        • Instruction Fuzzy Hash: 363117B1D1520CABCB04EFA9D945BDDBFB4FB08304F10852EE42577281D7745909CB98
                                                                                        Function 0041C830 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                          • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                          • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                          • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0041C8AC
                                                                                          • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                          • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                          • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0041C8EA
                                                                                        • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,0041C80E,00000049,0053F620,data\images\maindlg\,00000049,?,00000000,D8A7CFFC,?,0041C80E,0000000C,00000049), ref: 0041C90D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$Image@@Load@
                                                                                        • String ID: .png$data\images\maindlg\
                                                                                        • API String ID: 1315443971-2402009575
                                                                                        • Opcode ID: 1ae46db1c05b4e9d5e20b3199a0bbc276ac8498851860a350528a00f3f14c102
                                                                                        • Instruction ID: 95f2c906bb04f7db6848c29b7cfe536fa7cadaced1f5336b0e2a281727f52370
                                                                                        • Opcode Fuzzy Hash: 1ae46db1c05b4e9d5e20b3199a0bbc276ac8498851860a350528a00f3f14c102
                                                                                        • Instruction Fuzzy Hash: AD312DB1D05248EBCB04EFA5D986BDDBBB4FF18714F10452EE01577291D7746A08CBA8
                                                                                        Function 0041DB20 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                          • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                          • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                          • Part of subcall function 004CB670: _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0041DB9C
                                                                                          • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                          • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EE68
                                                                                          • Part of subcall function 0040EE30: _DebugHeapAllocator.LIBCPMTD ref: 0040EEAA
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0041DBDA
                                                                                        • ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,.png,?,?,005405C4,data\images\maindlg\,?,?,?,D8A7CFFC,Zoom in,CameraDlg\btn_zoomIn,00000000,?), ref: 0041DBFD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$Image@@Load@
                                                                                        • String ID: .png$data\images\maindlg\
                                                                                        • API String ID: 1315443971-2402009575
                                                                                        • Opcode ID: 339cf44c9e6672a47bb4ab3fad3452b9ff9abffd4164bb4841253d5f49bda66a
                                                                                        • Instruction ID: d4b00160755fc9498c9e644aa4a373da1a989c0672b95b20752ea7274bdd65c2
                                                                                        • Opcode Fuzzy Hash: 339cf44c9e6672a47bb4ab3fad3452b9ff9abffd4164bb4841253d5f49bda66a
                                                                                        • Instruction Fuzzy Hash: 03313AB1D052089BCB04EF94D945BDEBBB4FB48318F20852EE516772C1D7746A48CBA8
                                                                                        Function 016A1530 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvPtr3D.CXCORE099(?,?,?,?,00000000), ref: 016A1597
                                                                                        • cvError.CXCORE099(000000F1,cvSetReal3D,cvSetReal* support only single-channel arrays,.\cxarray.cpp,00000A8F), ref: 016A15CC
                                                                                          • Part of subcall function 0169F8A0: cvAlloc.CXCORE099(?), ref: 0169F9C2
                                                                                          • Part of subcall function 0169F8A0: cvGetErrStatus.CXCORE099(?,?,?,00000001), ref: 0169F9D0
                                                                                          • Part of subcall function 0169F8A0: cvError.CXCORE099(000000FF,icvGetNodePtr,Inner function failed.,.\cxarray.cpp,00000351,?,?,?,00000001), ref: 0169F9EF
                                                                                        Strings
                                                                                        • cvSetReal* support only single-channel arrays, xrefs: 016A15C0
                                                                                        • cvSetReal3D, xrefs: 016A15C5
                                                                                        • .\cxarray.cpp, xrefs: 016A15BB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$AllocPtr3Status
                                                                                        • String ID: .\cxarray.cpp$cvSetReal* support only single-channel arrays$cvSetReal3D
                                                                                        • API String ID: 802726420-1394378547
                                                                                        • Opcode ID: b019054e37cad25ca1bb330bc2b069d7a45453141bcbf0718365b98018fa68c5
                                                                                        • Instruction ID: 0b0aceb71fae6dc7601284feb7df25054445ae37adc9907c9150089570e6b1cd
                                                                                        • Opcode Fuzzy Hash: b019054e37cad25ca1bb330bc2b069d7a45453141bcbf0718365b98018fa68c5
                                                                                        • Instruction Fuzzy Hash: 9711B1F5A043019BD704EA18CC5192BB7E5FB99604F848E1DF8D697381E730EE448B96
                                                                                        Function 016A1060 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvPtr3D.CXCORE099(?,?,?,?,00000000), ref: 016A10CD
                                                                                        • cvError.CXCORE099(000000F1,cvGetReal3D,cvGetReal* support only single-channel arrays,.\cxarray.cpp,0000098D), ref: 016A1103
                                                                                          • Part of subcall function 0169F8A0: cvAlloc.CXCORE099(?), ref: 0169F9C2
                                                                                          • Part of subcall function 0169F8A0: cvGetErrStatus.CXCORE099(?,?,?,00000001), ref: 0169F9D0
                                                                                          • Part of subcall function 0169F8A0: cvError.CXCORE099(000000FF,icvGetNodePtr,Inner function failed.,.\cxarray.cpp,00000351,?,?,?,00000001), ref: 0169F9EF
                                                                                        Strings
                                                                                        • cvGetReal* support only single-channel arrays, xrefs: 016A10F7
                                                                                        • cvGetReal3D, xrefs: 016A10FC
                                                                                        • .\cxarray.cpp, xrefs: 016A10F2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$AllocPtr3Status
                                                                                        • String ID: .\cxarray.cpp$cvGetReal* support only single-channel arrays$cvGetReal3D
                                                                                        • API String ID: 802726420-1737909197
                                                                                        • Opcode ID: 1ae51bf7a71cb20cbaacb52984f11b8eff0b1dfbf97dacde404c8ff66dc32cad
                                                                                        • Instruction ID: 98e1fb326caebb9a08e968cc0cb88a1f06295cf2d777d96acc2eaedd13f469c9
                                                                                        • Opcode Fuzzy Hash: 1ae51bf7a71cb20cbaacb52984f11b8eff0b1dfbf97dacde404c8ff66dc32cad
                                                                                        • Instruction Fuzzy Hash: B311B2B5A083019BD700DF18CC41A6BB7E5EBD9614F848A0DF88997355E770EE548B93
                                                                                        Function 016A1120 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvPtrND.CXCORE099(?,?,00000001,00000001,00000000), ref: 016A116F
                                                                                        • cvError.CXCORE099(000000F1,cvGetRealND,cvGetReal* support only single-channel arrays,.\cxarray.cpp,000009AD), ref: 016A11A5
                                                                                          • Part of subcall function 0169F8A0: cvAlloc.CXCORE099(?), ref: 0169F9C2
                                                                                          • Part of subcall function 0169F8A0: cvGetErrStatus.CXCORE099(?,?,?,00000001), ref: 0169F9D0
                                                                                          • Part of subcall function 0169F8A0: cvError.CXCORE099(000000FF,icvGetNodePtr,Inner function failed.,.\cxarray.cpp,00000351,?,?,?,00000001), ref: 0169F9EF
                                                                                        Strings
                                                                                        • cvGetReal* support only single-channel arrays, xrefs: 016A1199
                                                                                        • cvGetRealND, xrefs: 016A119E
                                                                                        • .\cxarray.cpp, xrefs: 016A1194
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$AllocStatus
                                                                                        • String ID: .\cxarray.cpp$cvGetReal* support only single-channel arrays$cvGetRealND
                                                                                        • API String ID: 2507989650-4245120118
                                                                                        • Opcode ID: a0f4cc474bdb09eb234be1f72c53e8d8ef4db9e6a0b85d3b7a08ce8ec05424df
                                                                                        • Instruction ID: 62a36fa7a1b3de45f08653383d0c688071d24f4f8e1a7607057f780c978c01ed
                                                                                        • Opcode Fuzzy Hash: a0f4cc474bdb09eb234be1f72c53e8d8ef4db9e6a0b85d3b7a08ce8ec05424df
                                                                                        • Instruction Fuzzy Hash: E8019C72E0420167D700DA18EC42FAB77A5DB91A04F84890CF8808B381E371FD588BC7
                                                                                        Function 016C7000 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,cvRemoveNodeFromTree,0174124F,.\cxdatastructs.cpp,00000F08), ref: 016C701E
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvError.CXCORE099(000000FB,cvRemoveNodeFromTree,frame node could not be deleted,.\cxdatastructs.cpp,00000F0B), ref: 016C7045
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status
                                                                                        • String ID: .\cxdatastructs.cpp$cvRemoveNodeFromTree$frame node could not be deleted
                                                                                        • API String ID: 483703942-980540551
                                                                                        • Opcode ID: e38171a3aeadf2985137b93bbac230a31e3b00298494f74b9b0d22c7d21e7fc9
                                                                                        • Instruction ID: c59cbba0f054ee9e2599d45c3d6c70b57b1fe7b3d9811cd2f0e30d09aa4f9819
                                                                                        • Opcode Fuzzy Hash: e38171a3aeadf2985137b93bbac230a31e3b00298494f74b9b0d22c7d21e7fc9
                                                                                        • Instruction Fuzzy Hash: 0901F2F87402025BDE18DB1ADC61D36B7A2EF80D21B69C0ACF809973A3D760E841DB44
                                                                                        Function 0048F010 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,D8A7CFFC,?,?,?,?,?,?,?,00000000,00531089,000000FF,?,0048BDE3,?), ref: 0048F03D
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 0048F051
                                                                                        • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048F05F
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531089,000000FF,?,0048BDE3,?), ref: 0048F06E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: vector<T> too long
                                                                                        • API String ID: 3248949544-3788999226
                                                                                        • Opcode ID: 71dadd736df40f3aec662dc85990cd5a9acc2abe6039822e8930e788f3d2d61d
                                                                                        • Instruction ID: 682a0ac2237076830f2f8a4780188971040c04754dbc9da0d02d05fab003b1b6
                                                                                        • Opcode Fuzzy Hash: 71dadd736df40f3aec662dc85990cd5a9acc2abe6039822e8930e788f3d2d61d
                                                                                        • Instruction Fuzzy Hash: EAF04FB1944648EBCB14DFA4ED45FDDBB78FB14720F50426AF812A32D0DB756A08CB54
                                                                                        Function 005154A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,D8A7CFFC,?,?,?,?,?,?,?,00000000,00539FA9,000000FF,?,00514D33,00000000), ref: 005154CD
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 005154E1
                                                                                        • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 005154EF
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00539FA9,000000FF,?,00514D33,00000000), ref: 005154FE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: vector<T> too long
                                                                                        • API String ID: 3248949544-3788999226
                                                                                        • Opcode ID: 21906fa773c1a88a46cbeca3caa33a554fe8bf6e2e2ae55b577b5ad68c6107b2
                                                                                        • Instruction ID: 3b973596a2f941747c7d90d8fc74631754525317a6dec37d5ee4e5a0a6c799d4
                                                                                        • Opcode Fuzzy Hash: 21906fa773c1a88a46cbeca3caa33a554fe8bf6e2e2ae55b577b5ad68c6107b2
                                                                                        • Instruction Fuzzy Hash: 5EF0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0DB756A08CB54
                                                                                        Function 0048F5A0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,D8A7CFFC,?,?,?,?,?,?,?,00000000,005310F9,000000FF,?,0048C0E3,?), ref: 0048F5CD
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 0048F5E1
                                                                                        • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048F5EF
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,005310F9,000000FF,?,0048C0E3,?), ref: 0048F5FE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: vector<T> too long
                                                                                        • API String ID: 3248949544-3788999226
                                                                                        • Opcode ID: 2e5544c3049f0ddd4019a116dffb44736a158589b34b35f21578acc8ae9f3b44
                                                                                        • Instruction ID: 08e9fbeb3975674469a3edd29ebdb77383574d31636ade62e638ab3924d92cf8
                                                                                        • Opcode Fuzzy Hash: 2e5544c3049f0ddd4019a116dffb44736a158589b34b35f21578acc8ae9f3b44
                                                                                        • Instruction Fuzzy Hash: 3DF0AFB1944648EBCB14DFA4ED45FDDBB78FB04720F40022AF812A32C0DB756A08CB54
                                                                                        Function 004307E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,D8A7CFFC,?,?,?,?,?,?,?,00000000,0052A649,000000FF,?,004304C6,?,D8A7CFFC), ref: 0043080D
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 00430821
                                                                                        • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0043082F
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,0052A649,000000FF,?,004304C6,?), ref: 0043083E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: vector<T> too long
                                                                                        • API String ID: 3248949544-3788999226
                                                                                        • Opcode ID: e084c971732a66b90e1072e7244ee56ba224c388b66ba4f93c615bfa38d58c9c
                                                                                        • Instruction ID: 84ce0209dc11d6b23fc1989ca18a4f5fc0ac43ec5a2d3810fda43137453e27bd
                                                                                        • Opcode Fuzzy Hash: e084c971732a66b90e1072e7244ee56ba224c388b66ba4f93c615bfa38d58c9c
                                                                                        • Instruction Fuzzy Hash: FCF0A9B1944248EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54
                                                                                        Function 004E27F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,D8A7CFFC,?,?,?,?,?,?,?,?,00000000,00536A69,000000FF,?,004E144B,D8A7CFFC), ref: 004E281D
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 004E2831
                                                                                        • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004E283F
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,?,00000000,00536A69,000000FF,?,004E144B), ref: 004E284E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: vector<T> too long
                                                                                        • API String ID: 3248949544-3788999226
                                                                                        • Opcode ID: dc35638380dab2938959a34dbcce56baedfc7c7e4cd6927fef2e7d6d97a3b54c
                                                                                        • Instruction ID: 0a4d440cb5536f40db0fd076e9c7fc5d2a12fc606929b1cb6c9b0b09eff913f8
                                                                                        • Opcode Fuzzy Hash: dc35638380dab2938959a34dbcce56baedfc7c7e4cd6927fef2e7d6d97a3b54c
                                                                                        • Instruction Fuzzy Hash: B4F03CB1944648EBCB14DF94ED45B9DBB78FB14720F50426AA812A32D0DB756A08CB54
                                                                                        Function 005158F0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,D8A7CFFC,?,?,?,?,?,?,?,00000000,00539FF9,000000FF,?,00515013,00000000), ref: 0051591D
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 00515931
                                                                                        • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0051593F
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00539FF9,000000FF,?,00515013,00000000), ref: 0051594E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: vector<T> too long
                                                                                        • API String ID: 3248949544-3788999226
                                                                                        • Opcode ID: c03e804887ee8c35b5c9129f015bd810eaabdc85a554e80187cf2ad872c0fd71
                                                                                        • Instruction ID: 51a0fa11ac444c003223335a96b02d8df365eee37e9292b937eae9cfb1e93a6e
                                                                                        • Opcode Fuzzy Hash: c03e804887ee8c35b5c9129f015bd810eaabdc85a554e80187cf2ad872c0fd71
                                                                                        • Instruction Fuzzy Hash: ABF0A9B1944248EBCB14DFA4ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54
                                                                                        Function 00412890 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,D8A7CFFC,?,?,?,?,?,?,?,00000000,00528FB9,000000FF,?,00411C76,?,D8A7CFFC), ref: 004128BD
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 004128D1
                                                                                        • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004128DF
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00528FB9,000000FF,?,00411C76,?), ref: 004128EE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: vector<T> too long
                                                                                        • API String ID: 3248949544-3788999226
                                                                                        • Opcode ID: c780cc5cd66b70a61fb923b6734da329fed68386e0d1462283d30a24de8a1d3f
                                                                                        • Instruction ID: 4f722f1132bf029aa43680a0f31b4d6b59234f2f3b0eea29470ee80f38ab1d71
                                                                                        • Opcode Fuzzy Hash: c780cc5cd66b70a61fb923b6734da329fed68386e0d1462283d30a24de8a1d3f
                                                                                        • Instruction Fuzzy Hash: B3F08CB1904248EBCB14DF90ED41B9DBB78FB04720F40022AB812A32C0EB756A08CB54
                                                                                        Function 004D4940 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,D8A7CFFC,?,?,?,?,?,?,?,00000000,00535729,000000FF,?,004D3CB6,00000000,D8A7CFFC), ref: 004D496D
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 004D4981
                                                                                        • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004D498F
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00535729,000000FF,?,004D3CB6,00000000), ref: 004D499E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: vector<T> too long
                                                                                        • API String ID: 3248949544-3788999226
                                                                                        • Opcode ID: f5e9ddf57e258ff8f81d687b94cbb6babb7938dca145e5172867018050d52fb0
                                                                                        • Instruction ID: 2198fcef12488e2d17d3691da39b82749544227340ee56d3737a145847e009f6
                                                                                        • Opcode Fuzzy Hash: f5e9ddf57e258ff8f81d687b94cbb6babb7938dca145e5172867018050d52fb0
                                                                                        • Instruction Fuzzy Hash: 21F0A9B1904648EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54
                                                                                        Function 004B5A70 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,D8A7CFFC,?,?,?,?,?,?,?,00000000,00533789,000000FF,?,004B5203,?), ref: 004B5A9D
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 004B5AB1
                                                                                        • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 004B5ABF
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00533789,000000FF,?,004B5203,?), ref: 004B5ACE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: vector<T> too long
                                                                                        • API String ID: 3248949544-3788999226
                                                                                        • Opcode ID: 7d4be2965033fb03e547b7350437180e22248366361f058fced24ed85baafd60
                                                                                        • Instruction ID: fc41df5464ddba924a0dc626ab5e99040adcc0584381bc92148727cb0a18adb2
                                                                                        • Opcode Fuzzy Hash: 7d4be2965033fb03e547b7350437180e22248366361f058fced24ed85baafd60
                                                                                        • Instruction Fuzzy Hash: C9F0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0DB756A08CB54
                                                                                        Function 0048FA20 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,D8A7CFFC,?,?,?,?,?,?,?,00000000,00531159,000000FF,?,0048C3E3,?), ref: 0048FA4D
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 0048FA61
                                                                                        • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048FA6F
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531159,000000FF,?,0048C3E3,?), ref: 0048FA7E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: vector<T> too long
                                                                                        • API String ID: 3248949544-3788999226
                                                                                        • Opcode ID: e43f4da5e34bbdf5da09b38449cb6b4d10e80e7ee71886185af6db6e9ad99d86
                                                                                        • Instruction ID: c8a4cafde9e9d18d89a6ec27ab975a93f5cc337054f01616f8720c420af3b1d3
                                                                                        • Opcode Fuzzy Hash: e43f4da5e34bbdf5da09b38449cb6b4d10e80e7ee71886185af6db6e9ad99d86
                                                                                        • Instruction Fuzzy Hash: 9BF087B1904648EBCB14DFA0ED41BDDBB78FB04720F40022AE822A32C0EB756A08CB54
                                                                                        Function 00411B80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,D8A7CFFC,?,?,?,?,?,?,?,00000000,00528E99,000000FF,?,00410AF3,00000000), ref: 00411BAD
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 00411BC1
                                                                                        • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 00411BCF
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00528E99,000000FF,?,00410AF3,00000000), ref: 00411BDE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: vector<T> too long
                                                                                        • API String ID: 3248949544-3788999226
                                                                                        • Opcode ID: 91c4acec3fcf390d7650ee22321e3af3fea277019d6c7fd99ac7c15ae0389148
                                                                                        • Instruction ID: ab577654a64f9acfc70fc64036853a5e06cda14a9969e1db11fea8e1d234e52f
                                                                                        • Opcode Fuzzy Hash: 91c4acec3fcf390d7650ee22321e3af3fea277019d6c7fd99ac7c15ae0389148
                                                                                        • Instruction Fuzzy Hash: 4EF08CB1904248EBCB14DF90ED41B9DBB78FB14720F40022AA822A32C0DB756A08CB54
                                                                                        Function 0048EBA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,D8A7CFFC,?,?,?,?,?,?,?,00000000,00531039,000000FF,?,0048BAC3,?), ref: 0048EBCD
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 0048EBE1
                                                                                        • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048EBEF
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531039,000000FF,?,0048BAC3,?), ref: 0048EBFE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: vector<T> too long
                                                                                        • API String ID: 3248949544-3788999226
                                                                                        • Opcode ID: 1ea01a54b671203e94099090e90c6f810493855dc45a6ce695e3d5e9399e45a7
                                                                                        • Instruction ID: 92daabea73afc4e90302cbcf7baf13e44f6b9f868eface51cfc7e975ed78bb7a
                                                                                        • Opcode Fuzzy Hash: 1ea01a54b671203e94099090e90c6f810493855dc45a6ce695e3d5e9399e45a7
                                                                                        • Instruction Fuzzy Hash: 95F03CB1944648EBCB14DFA4ED45B9DBB78FB14720F50426AE812A32D0DB756A08CB54
                                                                                        Function 0044ED50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,D8A7CFFC,?,?,?,?,?,?,?,00000000,0052CF99,000000FF,?,0044CB83,00000000), ref: 0044ED7D
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 0044ED91
                                                                                        • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0044ED9F
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,0052CF99,000000FF,?,0044CB83,00000000), ref: 0044EDAE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: vector<T> too long
                                                                                        • API String ID: 3248949544-3788999226
                                                                                        • Opcode ID: 5b8e1bbaaa4858481c8b052d95aae316f4802631e30b8cefb630b981b18aab31
                                                                                        • Instruction ID: f5a7866f547bb55f07dc25e2db114e65ea79899798aec203e725cd6f1ff4eb0e
                                                                                        • Opcode Fuzzy Hash: 5b8e1bbaaa4858481c8b052d95aae316f4802631e30b8cefb630b981b18aab31
                                                                                        • Instruction Fuzzy Hash: E2F0AFB1904248EBCB14DF90ED41FDDBB78FB04720F40022AF812A32C0EB756A08CB54
                                                                                        Function 00413D60 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,D8A7CFFC,?,?,?,?,?,?,?,?,00000000,00529039,000000FF,?,0041396B,D8A7CFFC), ref: 00413D8D
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 00413DA1
                                                                                        • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 00413DAF
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,?,00000000,00529039,000000FF,?,0041396B), ref: 00413DBE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: vector<T> too long
                                                                                        • API String ID: 3248949544-3788999226
                                                                                        • Opcode ID: 448ea5f94cb60192865ba4fbef2add8389144e365060ecc549b7188aeb5b01d7
                                                                                        • Instruction ID: 9c1b3f4287bc4e1579ca5606d1e83d7bd75289f32f9710707e675685a1b0ed81
                                                                                        • Opcode Fuzzy Hash: 448ea5f94cb60192865ba4fbef2add8389144e365060ecc549b7188aeb5b01d7
                                                                                        • Instruction Fuzzy Hash: 35F08CB1904248EBCB14DF90ED45B9DBB78FB04720F40022AA822A32C0DB756A08CB54
                                                                                        Function 00430D10 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,D8A7CFFC,?,?,?,?,?,?,?,00000000,0052A699,000000FF,?,004301A3,00000000), ref: 00430D3D
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 00430D51
                                                                                        • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 00430D5F
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,0052A699,000000FF,?,004301A3,00000000), ref: 00430D6E
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: vector<T> too long
                                                                                        • API String ID: 3248949544-3788999226
                                                                                        • Opcode ID: 4e7c7e61b8e4b61418f89952c155b68a96c666f8f64ae422fdef5ea6b294711e
                                                                                        • Instruction ID: 2c432eddfbe67746ec497c333af96acf5ab7e20aac0011f52034aeffc7690669
                                                                                        • Opcode Fuzzy Hash: 4e7c7e61b8e4b61418f89952c155b68a96c666f8f64ae422fdef5ea6b294711e
                                                                                        • Instruction Fuzzy Hash: 43F0A9B1904248EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32D0EB756A08CB54
                                                                                        Function 0048FE80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,D8A7CFFC,?,?,?,?,?,?,?,00000000,005311A9,000000FF,?,0048C6C3,?), ref: 0048FEAD
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 0048FEC1
                                                                                        • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0048FECF
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,005311A9,000000FF,?,0048C6C3,?), ref: 0048FEDE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: vector<T> too long
                                                                                        • API String ID: 3248949544-3788999226
                                                                                        • Opcode ID: 27461d1cee31f37f4b12f43d61b2addfb9a3f208f85983c24dba573d14a14082
                                                                                        • Instruction ID: 5f6de052f28c2a1b459ecf3d81b30dea1840ef8b00bbd3f5c657bc7d8005cdfb
                                                                                        • Opcode Fuzzy Hash: 27461d1cee31f37f4b12f43d61b2addfb9a3f208f85983c24dba573d14a14082
                                                                                        • Instruction Fuzzy Hash: 0AF0A9B1904648EBCB14DFA0ED41FDDBB78FB04720F40022AF822A32C0EB756A08CB54
                                                                                        Function 0049EEA0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z.MSVCP80(vector<T> too long,D8A7CFFC,?,?,?,?,?,?,?,00000000,00531FD9,000000FF,?,0049E8F3,?), ref: 0049EECD
                                                                                        • std::bad_exception::bad_exception.LIBCMTD ref: 0049EEE1
                                                                                        • _CxxThrowException.MSVCR80(?,0057CBF8), ref: 0049EEEF
                                                                                        • ??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ.MSVCP80(?,0057CBF8,?,?,?,?,?,?,?,?,00000000,00531FD9,000000FF,?,0049E8F3,?), ref: 0049EEFE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: D@2@@std@@D@std@@U?$char_traits@V?$allocator@$??0?$basic_string@??1?$basic_string@ExceptionThrowstd::bad_exception::bad_exception
                                                                                        • String ID: vector<T> too long
                                                                                        • API String ID: 3248949544-3788999226
                                                                                        • Opcode ID: 164d6ffe732d9fa8baa0de175643794e8cd3c3d995353351aea268910f753e13
                                                                                        • Instruction ID: 9df2125c4ef5457798524062e3a11b60d2f3a7f222f2b8b9a439bf1f8e3d57c1
                                                                                        • Opcode Fuzzy Hash: 164d6ffe732d9fa8baa0de175643794e8cd3c3d995353351aea268910f753e13
                                                                                        • Instruction Fuzzy Hash: 0DF03CB1944648EBCB14DFA4ED45B9DBB78FB14720F50426AB812A32D0DB756A08CB54
                                                                                        Function 01691020 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 0169107A
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorStatus
                                                                                        • String ID: .\cxalloc.cpp$Negative or too large argument of cvAlloc function$Out of memory$cvAlloc
                                                                                        • API String ID: 1596131371-4268399676
                                                                                        • Opcode ID: ebe39c5d11c13ad6ea97e6ec9f51528ae2dd757db65bc770e84809466c6749cd
                                                                                        • Instruction ID: af4e70f74d20f0631b7a9c24d049a98c2f828ad730cae4492a2805d6c4d29a7b
                                                                                        • Opcode Fuzzy Hash: ebe39c5d11c13ad6ea97e6ec9f51528ae2dd757db65bc770e84809466c6749cd
                                                                                        • Instruction Fuzzy Hash: 3AF0A0A2F8437123CA2076997C26F4AA1041702D61F110268F911F7285D29168C08291
                                                                                        Function 0170B043 Relevance: 7.8, APIs: 5, Instructions: 300COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Isqrt
                                                                                        • String ID:
                                                                                        • API String ID: 4112084577-0
                                                                                        • Opcode ID: 26d331d7746f3b5878dd5f1e8cff2ece1376ba5af8b045364a94b3eab1bd86ef
                                                                                        • Instruction ID: 934c44d085a442ed307d99b5f2824b317b8760a43384ce37b952e9e0811cde35
                                                                                        • Opcode Fuzzy Hash: 26d331d7746f3b5878dd5f1e8cff2ece1376ba5af8b045364a94b3eab1bd86ef
                                                                                        • Instruction Fuzzy Hash: 7BD125B1D083459FC3A5DF29C58028BFBF1FBC8350F618D2EE99892265E73589458F82
                                                                                        Function 01709583 Relevance: 7.8, APIs: 5, Instructions: 264COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Isqrt
                                                                                        • String ID:
                                                                                        • API String ID: 4112084577-0
                                                                                        • Opcode ID: 9dd018a3a529b6480944a33d0eae2b2020ea5a907d5b839e366b9cd5be5f2512
                                                                                        • Instruction ID: e80f1015d1990d2290e6f1bb82d3f50529a8c47a8788b483958490f9657f9b26
                                                                                        • Opcode Fuzzy Hash: 9dd018a3a529b6480944a33d0eae2b2020ea5a907d5b839e366b9cd5be5f2512
                                                                                        • Instruction Fuzzy Hash: 1BB155B2D087119BC352DF1AC14015AFBF0FFC87A4F218D5EE6D9A2266E73589548F82
                                                                                        Function 016CC510 Relevance: 7.7, APIs: 5, Instructions: 216COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvStartReadSeq.CXCORE099(?,?,00000000,00000000,?), ref: 016CC578
                                                                                        • cvStartAppendToSeq.CXCORE099(?,?,?,?,00000000,00000000,?), ref: 016CC583
                                                                                        • cvChangeSeqBlock.CXCORE099(?,00000001,?,?,?,?,?,00000000,?), ref: 016CC5D3
                                                                                          • Part of subcall function 016CADD0: cvClipLine.CXCORE099(?,?,?,?,?,?), ref: 016CAE5F
                                                                                        • cvCreateSeqBlock.CXCORE099(?,?,?,?,?,?,?,?,00000000,?), ref: 016CC791
                                                                                        • cvEndWriteSeq.CXCORE099(?,?,?,?,00000000,?), ref: 016CC7EE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: BlockStart$AppendChangeClipCreateLineReadWrite
                                                                                        • String ID:
                                                                                        • API String ID: 1921861369-0
                                                                                        • Opcode ID: adfcb1c45cfeb054a1ffb62e44140832a9780ad38c48c9378fa0aa11e4030f7e
                                                                                        • Instruction ID: bdae4ec181ab814e72c546872c69e16ac8a576738f7a5702f5d33114c0afe88d
                                                                                        • Opcode Fuzzy Hash: adfcb1c45cfeb054a1ffb62e44140832a9780ad38c48c9378fa0aa11e4030f7e
                                                                                        • Instruction Fuzzy Hash: 6A9122756087418FD324CF09D980A6ABBF5FFC9B10F44892DE9DA83345D771A825CB52
                                                                                        Function 017114D0 Relevance: 7.7, APIs: 5, Instructions: 213COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Isqrt
                                                                                        • String ID:
                                                                                        • API String ID: 4112084577-0
                                                                                        • Opcode ID: 45ee7e9b16f632c08893cdc5f4380c2465d8d0f87cda2f9277db21a2236bd331
                                                                                        • Instruction ID: 45cbcbe09873dfd65eb76fbe7131e515a0c79c238ab9a05e5f08809842043a0f
                                                                                        • Opcode Fuzzy Hash: 45ee7e9b16f632c08893cdc5f4380c2465d8d0f87cda2f9277db21a2236bd331
                                                                                        • Instruction Fuzzy Hash: 5D61D1B3F04602A287477EA4C5512D9BBB4EA507E0BB54D48E5C6B11BEFB2389708EC1
                                                                                        Function 0050D790 Relevance: 7.7, APIs: 6, Instructions: 164COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: wcscatwcscpy
                                                                                        • String ID:
                                                                                        • API String ID: 1670345547-0
                                                                                        • Opcode ID: e2b6f5d47b797e7b3fc719e1e1982e1acc003f1d96efd1ad022790a38e43f0aa
                                                                                        • Instruction ID: 3389ee2cf22810ea72753d2d0cc2d0bc4eb9618de903a8545642f9e6fbc98239
                                                                                        • Opcode Fuzzy Hash: e2b6f5d47b797e7b3fc719e1e1982e1acc003f1d96efd1ad022790a38e43f0aa
                                                                                        • Instruction Fuzzy Hash: BF714EB5A0010ADFCB14CF54D984AAEBBB5FF85310F148998E90AAB381D770EE44CF65
                                                                                        Function 00503DF0 Relevance: 7.7, APIs: 5, Instructions: 164COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ?good@ios_base@std@@QBE_NXZ.MSVCP80(D8A7CFFC,?,?,?,D8A7CFFC,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,D8A7CFFC), ref: 00503E2C
                                                                                        • ?flags@ios_base@std@@QBEHXZ.MSVCP80(?,?,?,D8A7CFFC,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,D8A7CFFC), ref: 00503E81
                                                                                        • ?getloc@ios_base@std@@QBE?AVlocale@2@XZ.MSVCP80(0050260E,?,?,?,D8A7CFFC,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,D8A7CFFC), ref: 00503E9F
                                                                                        • ??1locale@std@@QAE@XZ.MSVCP80(?,D8A7CFFC,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,D8A7CFFC), ref: 00503ECE
                                                                                        • ?good@ios_base@std@@QBE_NXZ.MSVCP80(?,?,?,D8A7CFFC,000000FF,?,00538C88,000000FF,?,0050260E,?,00000001,D8A7CFFC), ref: 00503FD0
                                                                                          • Part of subcall function 00503AA0: ?fail@ios_base@std@@QBE_NXZ.MSVCP80 ref: 00503ABD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ?good@ios_base@std@@$??1locale@std@@?fail@ios_base@std@@?flags@ios_base@std@@?getloc@ios_base@std@@Vlocale@2@
                                                                                        • String ID:
                                                                                        • API String ID: 1501252752-0
                                                                                        • Opcode ID: ddfaf7a637f4d78839835dee01d19acffd7136be91526d35f5f5c0920258139d
                                                                                        • Instruction ID: 6ba259f0433efdbda44c084f56a44e9fe0f1a453adb065355b40409e40917acf
                                                                                        • Opcode Fuzzy Hash: ddfaf7a637f4d78839835dee01d19acffd7136be91526d35f5f5c0920258139d
                                                                                        • Instruction Fuzzy Hash: 9961F874E002099FCB04DFA4D995AEEBBF5FF89300F248159E502A7392DB36AE05DB50
                                                                                        Function 00506EF0 Relevance: 7.6, APIs: 5, Instructions: 104memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 00506F28
                                                                                          • Part of subcall function 0040EA00: _DebugHeapAllocator.LIBCPMTD ref: 0040EA0E
                                                                                        • ??2@YAPAXI@Z.MSVCR80(00000004,00565168,D8A7CFFC,?,?,?,?,?,?,?,?,?,?,00539108,000000FF), ref: 00506F2F
                                                                                        • codecvt.LIBCPMTD ref: 00506F9F
                                                                                        • wcstol.MSVCR80 ref: 00506FEE
                                                                                        • codecvt.LIBCPMTD ref: 00507011
                                                                                          • Part of subcall function 00415BF0: ??3@YAXPAX@Z.MSVCR80(?,?,?,00415B3D,00000000,?,00415660,?,00000000,?,00415162,?,?,004141EC,00000000,?), ref: 00415C0B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeapcodecvt$??2@??3@wcstol
                                                                                        • String ID:
                                                                                        • API String ID: 74129304-0
                                                                                        • Opcode ID: f820b669af4b91f01ff1afac2cb9a1d8ae762e6116985bebba3912421fffcbed
                                                                                        • Instruction ID: 6d66b3f1b8e0294eece4e25a7ed8cbe839a85e6d975fee0ec5976f71f30e8fe7
                                                                                        • Opcode Fuzzy Hash: f820b669af4b91f01ff1afac2cb9a1d8ae762e6116985bebba3912421fffcbed
                                                                                        • Instruction Fuzzy Hash: 7E4103B0D05209EFDB14DF94D895BEEBBB0BB48314F20852AE416AB2C0DB756A45CF94
                                                                                        Function 0046C100 Relevance: 7.6, APIs: 5, Instructions: 96stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • lstrlenW.KERNEL32(00000000,00569E8C), ref: 0046C121
                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080), ref: 0046C16B
                                                                                        • GetLastError.KERNEL32(?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080), ref: 0046C17D
                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080), ref: 0046C19E
                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,00000000,00000000,00000000,00000080,00000000,0000007C,00000080,?,00000000,00000000,00000000), ref: 0046C1DC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                        • String ID:
                                                                                        • API String ID: 3322701435-0
                                                                                        • Opcode ID: cbcd1fa559f8ae4230e768bd00e513c0907913d8661ee28b925d20b683ff2109
                                                                                        • Instruction ID: c9f41260a9b7f310c3a2772d0b559dbbeee8ca943a5465fee336bfd2e85e9abf
                                                                                        • Opcode Fuzzy Hash: cbcd1fa559f8ae4230e768bd00e513c0907913d8661ee28b925d20b683ff2109
                                                                                        • Instruction Fuzzy Hash: E3310DB5A40208BFEB04DF94CC96FAF77B9FB48704F108549F615EB280D675A940DB94
                                                                                        Function 00405E10 Relevance: 7.6, APIs: 5, Instructions: 82COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvCreateMat.CXCORE099(00000004,00000004,00000005), ref: 00405E22
                                                                                        • cvCreateMat.CXCORE099(00000004,00000004,00000005,00000004,00000004,00000005), ref: 00405E2F
                                                                                          • Part of subcall function 004052F0: cvSet.CXCORE099(?,?,?,?,?,?,00000000,?,00401783), ref: 0040530E
                                                                                        • cvGEMM.CXCORE099(00000000,?), ref: 00405E67
                                                                                        • cvCopy.CXCORE099(00000000,00000000,00000000,00000000,?), ref: 00405E70
                                                                                        • cvScaleAdd.CXCORE099(00000000), ref: 00405EC9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Create$CopyScale
                                                                                        • String ID:
                                                                                        • API String ID: 461463502-0
                                                                                        • Opcode ID: 9b155aa8d9b7d350014ff22c71609d5e50d78062370eef75407f380a65ed93fa
                                                                                        • Instruction ID: 243994d87a2382b29a994a3e478baa9f1873f37bc1af83bd278c7c66fdfcfe6b
                                                                                        • Opcode Fuzzy Hash: 9b155aa8d9b7d350014ff22c71609d5e50d78062370eef75407f380a65ed93fa
                                                                                        • Instruction Fuzzy Hash: 322129B2E0061076D7103B65DC4BB577B68DF40754F410869FE84AB2E2F97289208BD6
                                                                                        Function 00520C30 Relevance: 7.5, APIs: 5, Instructions: 30synchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C38
                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C45
                                                                                        • SetEvent.KERNEL32(0000000A,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C60
                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?), ref: 00520C6C
                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,004BA32E,00000000,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00520C76
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$Leave$EnterEventObjectSingleWait
                                                                                        • String ID:
                                                                                        • API String ID: 2480823239-0
                                                                                        • Opcode ID: 69de553fff6750679b5045ee798069faca8b5646966b91e150a6d47a83d5acfd
                                                                                        • Instruction ID: 20fc61db396638aa89e1fa09a044bcff496ff3b65396fda0f4d22a802af35d76
                                                                                        • Opcode Fuzzy Hash: 69de553fff6750679b5045ee798069faca8b5646966b91e150a6d47a83d5acfd
                                                                                        • Instruction Fuzzy Hash: 12F05E761002109BD320DB19EC4899BF7B8EFE5731B008A1EF66693760C774A84ADB50
                                                                                        Function 0048B460 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ.MSVCP80(00000000,00000000,?,0047AE1E), ref: 0048B46C
                                                                                        • ?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z.MSVCP80(?,?,0047AE1E), ref: 0048B47E
                                                                                        • ?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ.MSVCP80(?,0047AE1E), ref: 0048B487
                                                                                        • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,0047AE1E), ref: 0048B497
                                                                                        • ?at@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z.MSVCP80(00000000,?,0047AE1E), ref: 0048B4A7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$?at@?$basic_string@_?empty@?$basic_string@_?resize@?$basic_string@_?size@?$basic_string@D@2@@std@@D@std@@Myptr@?$basic_string@_U?$char_traits@V?$allocator@
                                                                                        • String ID:
                                                                                        • API String ID: 4057328569-0
                                                                                        • Opcode ID: c7ba979821146be9279d2770a084e86471b0649c4ca3e01649a5b532db9d5204
                                                                                        • Instruction ID: d80ad3f19352604951a50fa2e2320d740545fe158bc114347127201c31090748
                                                                                        • Opcode Fuzzy Hash: c7ba979821146be9279d2770a084e86471b0649c4ca3e01649a5b532db9d5204
                                                                                        • Instruction Fuzzy Hash: 20F05434901208EFDF04DF94E9969ACBBB5FF54301F1040A9E906A7362CB306F54EB94
                                                                                        Function 0042C9B0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0042C9E5
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0042C9F7
                                                                                          • Part of subcall function 0042F960: _invalid_parameter_noinfo.MSVCR80(-0000003E,?,004AB3E0,00000000,0000000A,00000001,D8A7CFFC,000000FF,?,004AB79D), ref: 0042F974
                                                                                          • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E198
                                                                                          • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E1D1
                                                                                          • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E203
                                                                                          • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E23C
                                                                                          • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E258
                                                                                          • Part of subcall function 0042E150: GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000400), ref: 0042E295
                                                                                          • Part of subcall function 0042E150: _DebugHeapAllocator.LIBCPMTD ref: 0042E2A5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$DateFormat_invalid_parameter_noinfo
                                                                                        • String ID: www.manycam.com$www.manycam.com
                                                                                        • API String ID: 553431348-1145362033
                                                                                        • Opcode ID: 907b669c7419f88507c8a825532ba4f2d68d0285e46d80b14031e18f66ef58df
                                                                                        • Instruction ID: 55a663fd7b0127f2866d6ce172646f00f7e0cf50757378cb7dafc49b07509b25
                                                                                        • Opcode Fuzzy Hash: 907b669c7419f88507c8a825532ba4f2d68d0285e46d80b14031e18f66ef58df
                                                                                        • Instruction Fuzzy Hash: 47414271A001199BCB08DB99E891BEEB7B5FF48318F54412EE212B7391DB385944CBA9
                                                                                        Function 00473410 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 116COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00416740: _DebugHeapAllocator.LIBCPMTD ref: 00416795
                                                                                          • Part of subcall function 00474150: _DebugHeapAllocator.LIBCPMTD ref: 00474184
                                                                                        • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004734D8
                                                                                        • Concurrency::details::ContextBase::GetWorkQueueIdentity.LIBCMTD ref: 004734ED
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorBase::Concurrency::details::ContextDebugHeapIdentityQueueWork
                                                                                        • String ID: Success.$Unspecified error.
                                                                                        • API String ID: 1131629171-706436185
                                                                                        • Opcode ID: b3f4d17c8da6cdcfc0b6d0ff55324c749d524ae8afab65f8b4ff8dddb847087a
                                                                                        • Instruction ID: bc827c14786d1c61271ce0a8054c91633283c620aa6f54ee5145cccaa2d137c5
                                                                                        • Opcode Fuzzy Hash: b3f4d17c8da6cdcfc0b6d0ff55324c749d524ae8afab65f8b4ff8dddb847087a
                                                                                        • Instruction Fuzzy Hash: BA417071801148EECB04EBD5D956BEEBBB4EF14308F10815EE416771D1EB782B08CBA6
                                                                                        Function 004B1320 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 109COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                          • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                        • _Smanip.LIBCPMTD ref: 004B1372
                                                                                          • Part of subcall function 00520530: memset.MSVCR80 ref: 00520538
                                                                                        • _Smanip.LIBCPMTD ref: 004B1421
                                                                                          • Part of subcall function 005204F0: CoTaskMemFree.OLE32(?,?,004B1A46,000000FF,000000FF,?,?,?,?,D8A7CFFC), ref: 005204FD
                                                                                          • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Smanipclock$AllocatorDebugFreeHeapTaskmemset
                                                                                        • String ID: CGraphMgr::GetCameraResolution$vids
                                                                                        • API String ID: 3774843521-3834299117
                                                                                        • Opcode ID: 57f87322dc0667cbc6c92d53d1968dbb6fd63cc6e5eefb218d5141586365d371
                                                                                        • Instruction ID: e56a76c056f848615ba6731e9865e0c3898b4e488a6d99c30ba1f2ebbdeffdb9
                                                                                        • Opcode Fuzzy Hash: 57f87322dc0667cbc6c92d53d1968dbb6fd63cc6e5eefb218d5141586365d371
                                                                                        • Instruction Fuzzy Hash: 45411A70900209DFCB14DF95D991BDEBBB4BF48304F50819EE509AB392DB34AA45CFA4
                                                                                        Function 00418180 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 91windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(00000000,?,0000004E,00000000), ref: 004181E3
                                                                                        • SendMessageW.USER32(00000000,?,00000111), ref: 00418234
                                                                                          • Part of subcall function 004182A0: GetDlgCtrlID.USER32(?), ref: 004182AD
                                                                                          • Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$CtrlParent
                                                                                        • String ID: open
                                                                                        • API String ID: 1383977212-2758837156
                                                                                        • Opcode ID: 01cc08d3ab3f4a93a3031a1c368f21ad3e1f66622c4ad21caec5fa85ffc382d2
                                                                                        • Instruction ID: c0f4561a2c49f87f87505e6ad243b5dafbf5b9024aec12e38c733bc4d86155cd
                                                                                        • Opcode Fuzzy Hash: 01cc08d3ab3f4a93a3031a1c368f21ad3e1f66622c4ad21caec5fa85ffc382d2
                                                                                        • Instruction Fuzzy Hash: FD313E70A042599FEF08DBA5DC51BFEBBB5BF48304F14415DE506B73C2CA38A9418B69
                                                                                        Function 0040D710 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 89memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00406640: GetDlgItem.USER32(?,00000000), ref: 00406651
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0040D74B
                                                                                          • Part of subcall function 004167C0: _DebugHeapAllocator.LIBCPMTD ref: 004167CE
                                                                                          • Part of subcall function 0040E970: GetWindowRect.USER32(?,?), ref: 0040E981
                                                                                        • MoveWindow.USER32(00000064,00000000,00000000,?,?,00000000,?,0053D874,00000000,?,00000499), ref: 0040D7C2
                                                                                          • Part of subcall function 0040E950: SendMessageW.USER32(00000000,00000445,?,0040D7DD), ref: 0040E963
                                                                                          • Part of subcall function 0040EFF0: SendMessageW.USER32(?,000000C5,00000000,00000000), ref: 0040F008
                                                                                          • Part of subcall function 0040E990: SetFocus.USER32(?,?,?,00434E57,?,00000000,?), ref: 0040E99D
                                                                                          • Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD
                                                                                          • Part of subcall function 00406670: GetParent.USER32 ref: 0040669A
                                                                                          • Part of subcall function 00406670: GetWindowRect.USER32(?,?), ref: 004066C0
                                                                                          • Part of subcall function 00406670: GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
                                                                                          • Part of subcall function 00406670: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$AllocatorDebugHeapMessageParentRectSend$FocusInfoItemLongMoveParametersSystem
                                                                                        • String ID: d$d
                                                                                        • API String ID: 3921613472-195624457
                                                                                        • Opcode ID: be6d5f90de31245e1e353859d4c1b30396a498e5700c83b75fcdaf14fb3ee6aa
                                                                                        • Instruction ID: 3ca6db3b2f9967b65cd4f0e061b2cad756e61815fc9b19dab2999dc164d22b62
                                                                                        • Opcode Fuzzy Hash: be6d5f90de31245e1e353859d4c1b30396a498e5700c83b75fcdaf14fb3ee6aa
                                                                                        • Instruction Fuzzy Hash: F3312D71A01109AFDB04DFEDD995FAEB7B6AF48308F14455CF202B72C1CA74AA10CB68
                                                                                        Function 0041D690 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        • Error, xrefs: 0041D74C
                                                                                        • Error opening properties for this camera., xrefs: 0041D751
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Error$Error opening properties for this camera.
                                                                                        • API String ID: 0-2118436274
                                                                                        • Opcode ID: 19554b0057f9a520c76bc3dad455c1dc10b7e99a60b9304a2b7680d00d384350
                                                                                        • Instruction ID: 147417b0d663a9565f7becfaf8392b6f7256af2672039c8dcafe371fef67c71d
                                                                                        • Opcode Fuzzy Hash: 19554b0057f9a520c76bc3dad455c1dc10b7e99a60b9304a2b7680d00d384350
                                                                                        • Instruction Fuzzy Hash: 1B212CB0D00208EFDB04EFA5DD92BEEBBB4EB04718F10052EE416A72D1DB786945DB95
                                                                                        Function 00438A10 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 65memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
                                                                                          • Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852
                                                                                        • clock.MSVCR80 ref: 00438AA7
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeapclockfflushfwprintf
                                                                                        • String ID: >>> Entering: %s$ob@
                                                                                        • API String ID: 1338021872-1849792878
                                                                                        • Opcode ID: 096be4365fe6ecaff6f57c3d342fa79fd521a6c5a1afd4c32245b02c1f24962e
                                                                                        • Instruction ID: e5c4b020fe9bb3bd421ac8dd4bd2dede87d7f0cb66a8b34f549f2a89e30843bb
                                                                                        • Opcode Fuzzy Hash: 096be4365fe6ecaff6f57c3d342fa79fd521a6c5a1afd4c32245b02c1f24962e
                                                                                        • Instruction Fuzzy Hash: 9D216075900209AFDB04EF94C942AEEBB74FF44718F10852DF816A73C1DB746A04CBA5
                                                                                        Function 016C70F0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,cvNextTreeNode,NULL iterator pointer,.\cxdatastructs.cpp,00000F46), ref: 016C7112
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorStatus
                                                                                        • String ID: .\cxdatastructs.cpp$NULL iterator pointer$cvNextTreeNode
                                                                                        • API String ID: 1596131371-2656122608
                                                                                        • Opcode ID: 69f8b7eb8e85f120ff7e4f9b622d95ea2caac80deb315dfc1f591c98979a472a
                                                                                        • Instruction ID: 33eea2ea19529f7a1d862b1cfc6b4b0dd480ece80747eb082f7c8562e6e41908
                                                                                        • Opcode Fuzzy Hash: 69f8b7eb8e85f120ff7e4f9b622d95ea2caac80deb315dfc1f591c98979a472a
                                                                                        • Instruction Fuzzy Hash: 5E1194767083018FDB29CE1EF850666F7E6EBC0B25B18896ED14987741C372A486CF50
                                                                                        Function 0169F19E Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(FFFFFF33,cvInitArrayOp,Depth is not the same for all arrays,.\cxarray.cpp,00000224), ref: 0169F271
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error
                                                                                        • String ID: .\cxarray.cpp$Depth is not the same for all arrays$cvInitArrayOp
                                                                                        • API String ID: 2619118453-2455988125
                                                                                        • Opcode ID: 64c8b2b8588207543445f150eb84bfa5a029cbb065c893efd5a48df910cc5826
                                                                                        • Instruction ID: d3fc2adb630ad6cc44c9fef80884bf47e264af317aec2d755fc766bcb74d7a3c
                                                                                        • Opcode Fuzzy Hash: 64c8b2b8588207543445f150eb84bfa5a029cbb065c893efd5a48df910cc5826
                                                                                        • Instruction Fuzzy Hash: 291122323042029BDF51DE5CCD80B29BFAAEB81215F4B05D9EA10DB75AC370E842CB81
                                                                                        Function 017220C9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvNextNArraySlice.CXCORE099(?), ref: 01722106
                                                                                        • cvError.CXCORE099(FFFFFF2E,cvNorm,0174124F,.\cxnorm.cpp,000004BC), ref: 01722153
                                                                                        • cvErrorFromIppStatus.CXCORE099(00000000,cvNorm,OpenCV function failed,.\cxnorm.cpp,000004B0), ref: 0172217B
                                                                                        • cvError.CXCORE099(00000000), ref: 01722184
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$ArrayFromNextSliceStatus
                                                                                        • String ID: .\cxnorm.cpp$cvNorm
                                                                                        • API String ID: 1688085075-318670674
                                                                                        • Opcode ID: 89b9f6916788a708246ba06f731d4fc48db8584773d0b9c0620f00b94463435e
                                                                                        • Instruction ID: 56c0a2be5d0adcfcae8dda26c81ab8f8566df2402e5b6ea11f8ee4b1be3863dd
                                                                                        • Opcode Fuzzy Hash: 89b9f6916788a708246ba06f731d4fc48db8584773d0b9c0620f00b94463435e
                                                                                        • Instruction Fuzzy Hash: 9A0124B26083269BD7209E19EC40B2BF7E4FBC5714F004A1CFA8453156D332E965CB86
                                                                                        Function 01727108 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40stringCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Statussprintfstrtol
                                                                                        • String ID: %df%s
                                                                                        • API String ID: 4031473813-383938766
                                                                                        • Opcode ID: 846c6d77e3ae2876d4658778b10022355176af4524438fb873fe8d31335d6305
                                                                                        • Instruction ID: 4ec5b3bca77f7459c93bcc7fbe6895a6c6049a2de92b5f80c66d5d86af06906c
                                                                                        • Opcode Fuzzy Hash: 846c6d77e3ae2876d4658778b10022355176af4524438fb873fe8d31335d6305
                                                                                        • Instruction Fuzzy Hash: 660149715043506FD738DF18CD46BABF7A69FD6300F54C90DFA958A185D730A4428B53
                                                                                        Function 01691120 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,cvSetMemoryManager,Either both pointers should be NULL or none of them,.\cxalloc.cpp,00000057), ref: 0169114E
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        Strings
                                                                                        • Either both pointers should be NULL or none of them, xrefs: 01691142
                                                                                        • cvSetMemoryManager, xrefs: 01691147
                                                                                        • .\cxalloc.cpp, xrefs: 0169113D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorStatus
                                                                                        • String ID: .\cxalloc.cpp$Either both pointers should be NULL or none of them$cvSetMemoryManager
                                                                                        • API String ID: 1596131371-4148291665
                                                                                        • Opcode ID: 2e92ce60830cdef9579687b15e5c6969857eb9e987729ac37709ec85ddd7ca40
                                                                                        • Instruction ID: 9a767aae2ee6f464716940cab947bb03bc5156ff51af49e5cceb622a99ac8c7c
                                                                                        • Opcode Fuzzy Hash: 2e92ce60830cdef9579687b15e5c6969857eb9e987729ac37709ec85ddd7ca40
                                                                                        • Instruction Fuzzy Hash: 21F0BEF1B087226B9B209F29BC15A033798AB569B1B16C15EE912E7399E37184408781
                                                                                        Function 016C7080 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(FFFFFF2D,icvInitTreeNodeIterator,0174124F,.\cxdatastructs.cpp,00000F2F), ref: 016C70B1
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        • cvError.CXCORE099(000000E5,icvInitTreeNodeIterator,0174124F,.\cxdatastructs.cpp,00000F2C), ref: 016C70DD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$Status
                                                                                        • String ID: .\cxdatastructs.cpp$icvInitTreeNodeIterator
                                                                                        • API String ID: 483703942-1516140079
                                                                                        • Opcode ID: e9dddb5a5bbd615e1a5586cefd3ca73789ea9c82f5fadcf0e140fa11b4be4083
                                                                                        • Instruction ID: 035004c846be11f07103f059a24b6f53b49f4344f3a8b600f5b8544c905af874
                                                                                        • Opcode Fuzzy Hash: e9dddb5a5bbd615e1a5586cefd3ca73789ea9c82f5fadcf0e140fa11b4be4083
                                                                                        • Instruction Fuzzy Hash: 1FF0A7F478434327DB046B1BDC22E16BA92EFA0D05F49857CB415972A2D770E000D621
                                                                                        Function 016D7440 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(FFFFFF2B,CvMatrix::show,CvMatrix::show method requires HighGUI.Link it to your program and call any function from it,.\cximage.cpp,0000018A), ref: 016D7469
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        Strings
                                                                                        • CvMatrix::show, xrefs: 016D745F
                                                                                        • CvMatrix::show method requires HighGUI.Link it to your program and call any function from it, xrefs: 016D745A
                                                                                        • .\cximage.cpp, xrefs: 016D7455
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorStatus
                                                                                        • String ID: .\cximage.cpp$CvMatrix::show$CvMatrix::show method requires HighGUI.Link it to your program and call any function from it
                                                                                        • API String ID: 1596131371-862777670
                                                                                        • Opcode ID: 7e0a37a38f89fc27b4570902bcf269c97007df54271186854c19637ecf670462
                                                                                        • Instruction ID: 9f2062036ea7d92494589e6650640d16c258c2b1c95cdadf8468118a950032b5
                                                                                        • Opcode Fuzzy Hash: 7e0a37a38f89fc27b4570902bcf269c97007df54271186854c19637ecf670462
                                                                                        • Instruction Fuzzy Hash: 12D0C2F5F8020023E905A5299C12E1676482B30B28B40812CFA01D22A0D760901082AA
                                                                                        Function 00418380 Relevance: 6.3, APIs: 4, Instructions: 316windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetFocus.USER32 ref: 004186F4
                                                                                          • Part of subcall function 00408360: lstrlenW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004083C6
                                                                                          • Part of subcall function 00408360: CompareStringW.KERNEL32(00000400,00000001,?,00000003,<A>,00000003), ref: 00408424
                                                                                          • Part of subcall function 00408360: CompareStringW.KERNEL32(00000400,00000001,?,00000004,</A>,00000004), ref: 00408474
                                                                                          • Part of subcall function 004078E0: GetClientRect.USER32(?,00000000), ref: 004078F1
                                                                                          • Part of subcall function 00418A60: SetBkMode.GDI32(?,00000001), ref: 00418A71
                                                                                          • Part of subcall function 00418A40: SelectObject.GDI32(?,?), ref: 00418A51
                                                                                        • GetSysColor.USER32(00000011), ref: 004184AA
                                                                                          • Part of subcall function 00418810: DeleteDC.GDI32(00000000), ref: 00418824
                                                                                        • GetFocus.USER32 ref: 0041858A
                                                                                          • Part of subcall function 00418AF0: DrawTextW.USER32(00000000,?,00000000,?,000000FF), ref: 00418B0D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: CompareFocusString$ClientColorDeleteDrawModeObjectRectSelectTextlstrlen
                                                                                        • String ID:
                                                                                        • API String ID: 1926319676-0
                                                                                        • Opcode ID: 26e55d2ddd3d839f70efe0ddea58adb9d72dd7b4482a26fa95ec74e06393aeaf
                                                                                        • Instruction ID: 8fd3581a3690b51667abaed722c69e7692ca1fee28cda492897b23429118541a
                                                                                        • Opcode Fuzzy Hash: 26e55d2ddd3d839f70efe0ddea58adb9d72dd7b4482a26fa95ec74e06393aeaf
                                                                                        • Instruction Fuzzy Hash: DCD1FA719002089FDB08DF95C891AEEBBB5FF48344F14811EE5166B392DF39A985CF94
                                                                                        Function 0170F070 Relevance: 6.3, APIs: 4, Instructions: 280COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Isqrt
                                                                                        • String ID:
                                                                                        • API String ID: 4112084577-0
                                                                                        • Opcode ID: c89726a4bd9c83c33552bfea9e137e5f278b6858284cf159c315ed5342d0bcc8
                                                                                        • Instruction ID: 16e77fb81f9dd9ec95f779f1303907632abd5f43459b1b4e75567518d8a2af2e
                                                                                        • Opcode Fuzzy Hash: c89726a4bd9c83c33552bfea9e137e5f278b6858284cf159c315ed5342d0bcc8
                                                                                        • Instruction Fuzzy Hash: 8AA193F2E08705A78317BE50D565299BBE0EB447E0F754C48D4DAA11BEFE3289748EC1
                                                                                        Function 0170C019 Relevance: 6.2, APIs: 4, Instructions: 210COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0ae3a60d75bdf5cfdf41a42cf612f876b542a3b6f34ebf8e21bf45ef07f3f7bc
                                                                                        • Instruction ID: 7fec9a741a3bc125ddda530af903f0de7c45d7f5432da432fca43e29eb7d1257
                                                                                        • Opcode Fuzzy Hash: 0ae3a60d75bdf5cfdf41a42cf612f876b542a3b6f34ebf8e21bf45ef07f3f7bc
                                                                                        • Instruction Fuzzy Hash: 0A91777190C341CBC3A2AF55C14028AF7F0FBC4360F618E6EE9C5922A5E7798945CF82
                                                                                        Function 004731C0 Relevance: 6.2, APIs: 4, Instructions: 177memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0047326B
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004732C6
                                                                                          • Part of subcall function 0040EDB0: _DebugHeapAllocator.LIBCPMTD ref: 0040EDE7
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 00473373
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004733BF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap
                                                                                        • String ID:
                                                                                        • API String ID: 571936431-0
                                                                                        • Opcode ID: 8d22956a6eca960c08d3dff8719a7386b74edfd0f08a11446174f923434c786a
                                                                                        • Instruction ID: ba553dcd13a5858e603f1fb76aea40c35e3a739926aa5d8f94fbf40c4e6c359d
                                                                                        • Opcode Fuzzy Hash: 8d22956a6eca960c08d3dff8719a7386b74edfd0f08a11446174f923434c786a
                                                                                        • Instruction Fuzzy Hash: 38716C71D04248EFCB08EFA5C891BEEBBB1AF44304F10856EE416BB2D1DB385A05CB94
                                                                                        Function 004377F0 Relevance: 6.1, APIs: 4, Instructions: 141COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00437873
                                                                                          • Part of subcall function 004DB530: _DebugHeapAllocator.LIBCPMTD ref: 004DB54A
                                                                                        • Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 00437893
                                                                                        • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00437911
                                                                                        • Concurrency::task_options::get_scheduler.LIBCPMTD ref: 00437931
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Base::Concurrency::details::Concurrency::task_options::get_schedulerPolicyScheduler$AllocatorDebugHeap
                                                                                        • String ID:
                                                                                        • API String ID: 3769596188-0
                                                                                        • Opcode ID: ae50dedc5bff3189a4c5ee1f5f7d387c5ef5596cba0e4c588fdb73d77bb84b94
                                                                                        • Instruction ID: e04cd424ada27803d4de57edeb00dc09ccd5da108a2e1a4cd45ff0b3344883ed
                                                                                        • Opcode Fuzzy Hash: ae50dedc5bff3189a4c5ee1f5f7d387c5ef5596cba0e4c588fdb73d77bb84b94
                                                                                        • Instruction Fuzzy Hash: 2551C9B1D052089BCB08EFD5D851AEEBBB5EF48304F10816EE415AB391DB386905CB95
                                                                                        Function 005128B0 Relevance: 6.1, APIs: 4, Instructions: 129memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 005128FB
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0051292B
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 00512953
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0051297B
                                                                                          • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB139
                                                                                          • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB155
                                                                                          • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB171
                                                                                          • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1A3
                                                                                          • Part of subcall function 004CB0F0: _DebugHeapAllocator.LIBCPMTD ref: 004CB1D6
                                                                                          • Part of subcall function 0050E580: wcscpy.MSVCR80 ref: 0050E5EC
                                                                                          • Part of subcall function 0050E580: wcscpy.MSVCR80 ref: 0050E623
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$wcscpy
                                                                                        • String ID:
                                                                                        • API String ID: 147117728-0
                                                                                        • Opcode ID: d0bbc9be73f287d5b3265cda2ea85270813d23556e8a0590b6fb4fd8d4f8cf1c
                                                                                        • Instruction ID: 4db675f979ab1b4fcf933bf1fc0f7ec6c4e65dab18244cadebc46eb2865c177d
                                                                                        • Opcode Fuzzy Hash: d0bbc9be73f287d5b3265cda2ea85270813d23556e8a0590b6fb4fd8d4f8cf1c
                                                                                        • Instruction Fuzzy Hash: FF512AB0906259DFEB14DF58D899BAEBBB5BF48304F1042EDE409A7281C7385E44CF95
                                                                                        Function 004DBFF0 Relevance: 6.1, APIs: 4, Instructions: 119memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004DC033
                                                                                          • Part of subcall function 004DBE90: _DebugHeapAllocator.LIBCPMTD ref: 004DBEC9
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004DC086
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap
                                                                                        • String ID:
                                                                                        • API String ID: 571936431-0
                                                                                        • Opcode ID: c59892185d700c258966fea98a3a67c139e76443b60bb6cbe48b80099f68f78a
                                                                                        • Instruction ID: 57ad7a94b4f17953cceabe80b37dddf1255517824b701b9908fe33c64e9df595
                                                                                        • Opcode Fuzzy Hash: c59892185d700c258966fea98a3a67c139e76443b60bb6cbe48b80099f68f78a
                                                                                        • Instruction Fuzzy Hash: 855108B1D01209EFCB04DF98D991BEEBBB5EF48314F20821EE415A7381D7786A05CBA5
                                                                                        Function 004DBE90 Relevance: 6.1, APIs: 4, Instructions: 106memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004DBEC9
                                                                                          • Part of subcall function 004DBD20: Concurrency::details::SchedulerBase::GetPolicy.LIBCMTD ref: 004DBD89
                                                                                        • ??2@YAPAXI@Z.MSVCR80(00000020,00000000,?,D8A7CFFC,?,?,?,?,?,?,00000000,005360A4,000000FF,?,004DC043,?), ref: 004DBF07
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004DBF32
                                                                                        • codecvt.LIBCPMTD ref: 004DBF91
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$??2@Base::Concurrency::details::PolicySchedulercodecvt
                                                                                        • String ID:
                                                                                        • API String ID: 2274784594-0
                                                                                        • Opcode ID: b34eaf5f8b4bc995a75b7663f0490cbbca256718e0fc2991ba0d564274ad3819
                                                                                        • Instruction ID: a5f5fe00beb6dc335f7db01107ea1e8339e23b863d8d973fd5a3badf8319c300
                                                                                        • Opcode Fuzzy Hash: b34eaf5f8b4bc995a75b7663f0490cbbca256718e0fc2991ba0d564274ad3819
                                                                                        • Instruction Fuzzy Hash: 4241C3B1D00209EFCB04DF99D855BEEBBB5FB48314F10822EE825A7380D7786A41CB95
                                                                                        Function 004CB670 Relevance: 6.1, APIs: 4, Instructions: 105memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004CB6AA
                                                                                          • Part of subcall function 004CDD10: _DebugHeapAllocator.LIBCPMTD ref: 004CDD47
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004CB711
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004CB76F
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 004CB787
                                                                                          • Part of subcall function 0040EDB0: _DebugHeapAllocator.LIBCPMTD ref: 0040EDE7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap
                                                                                        • String ID:
                                                                                        • API String ID: 571936431-0
                                                                                        • Opcode ID: d8dd091d62933aa0e0d22cb533b24b345fb768a8967b578f071013b0fdbbec97
                                                                                        • Instruction ID: 38e3a450d274fc90888437ce31c1c227629e1880207a410873065ac097306c4e
                                                                                        • Opcode Fuzzy Hash: d8dd091d62933aa0e0d22cb533b24b345fb768a8967b578f071013b0fdbbec97
                                                                                        • Instruction Fuzzy Hash: 9B411771D01109EFDB04EFA5C992BEEBBB4AF14304F10852EE512B72D1DB746A08CBA5
                                                                                        Function 004233E0 Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0040DB90: EnableWindow.USER32(?,004233F6), ref: 0040DBA1
                                                                                        • memset.MSVCR80 ref: 00423401
                                                                                          • Part of subcall function 00424C20: SendMessageW.USER32(?,00000418,00000000,?), ref: 00424C38
                                                                                        • memset.MSVCR80 ref: 00423472
                                                                                          • Part of subcall function 00424CB0: SendMessageW.USER32(?,00000432,00000000,004234AC), ref: 00424CC8
                                                                                        • GetSysColor.USER32(0000000D), ref: 004234AE
                                                                                          • Part of subcall function 00424C50: SendMessageW.USER32(?,00000413,00000000,00000000), ref: 00424C68
                                                                                        • GetSysColor.USER32(0000000E), ref: 004234C2
                                                                                          • Part of subcall function 00424C80: SendMessageW.USER32(?,00000414,00000000,00000000), ref: 00424C98
                                                                                          • Part of subcall function 00424BF0: SendMessageW.USER32(?,0000041A,00000000,00000000), ref: 00424C08
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$Colormemset$EnableWindow
                                                                                        • String ID:
                                                                                        • API String ID: 3254005938-0
                                                                                        • Opcode ID: 9547226adb342bfd39b01646857f65c79a1ef8127a810dff08a050f6dd987676
                                                                                        • Instruction ID: 106a6f500417accf57ea954c1e823afec406d325b5afcb2095aae49042dfd20f
                                                                                        • Opcode Fuzzy Hash: 9547226adb342bfd39b01646857f65c79a1ef8127a810dff08a050f6dd987676
                                                                                        • Instruction Fuzzy Hash: FF311270E441069BDB04DB99DCA2F7EB7B5AF88708F04811DF5157B3C2CA78A416CB69
                                                                                        Function 00406040 Relevance: 6.1, APIs: 4, Instructions: 85COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Iatan$Isqrt
                                                                                        • String ID:
                                                                                        • API String ID: 1025909456-0
                                                                                        • Opcode ID: 57f5941b643651e987862c1e0d1d6f7d17b30a8860795f25dd51119af805d3df
                                                                                        • Instruction ID: 369849f07fd1038270b353e5a516803fc2d99b3ba7736fd5bc0cfa9b85f71fc3
                                                                                        • Opcode Fuzzy Hash: 57f5941b643651e987862c1e0d1d6f7d17b30a8860795f25dd51119af805d3df
                                                                                        • Instruction Fuzzy Hash: 8631E671609302EFC701AF44E64816ABFA4FFC1751FA18D88E4E922199D73198758F8B
                                                                                        Function 00403480 Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvPyrDown.CV099(?,?,00000007,FFFFFFFE,?,?,?,0040176B,?,?), ref: 004034E8
                                                                                        • cvPyrDown.CV099(?,?,00000007,?,?,00000007,FFFFFFFE,?,?,?,0040176B,?,?), ref: 004034F7
                                                                                        • cvSobel.CV099(?,?,00000001,00000000,00000003,?,?,00000007,?,?,00000007,FFFFFFFE,?,?,?,0040176B), ref: 0040350A
                                                                                        • cvSobel.CV099(?,?,00000000,00000001,00000003,?,?,00000001,00000000,00000003,?,?,00000007,?,?,00000007), ref: 0040351D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: DownSobel
                                                                                        • String ID:
                                                                                        • API String ID: 2091289516-0
                                                                                        • Opcode ID: 608739ef99aa2b8ac6037748a2c71a64cfb87480d08a35d0b3f2b324fed52bd1
                                                                                        • Instruction ID: b26035920ab24ae20490de8e438dd73d2ed62edcb4c8bde505a6cb4d7121f0fe
                                                                                        • Opcode Fuzzy Hash: 608739ef99aa2b8ac6037748a2c71a64cfb87480d08a35d0b3f2b324fed52bd1
                                                                                        • Instruction Fuzzy Hash: 46215EB5700701ABD724DE28DD81F67B7E9BB88711F448929FA869B6D0C671F5018B10
                                                                                        Function 0050DF50 Relevance: 6.1, APIs: 4, Instructions: 77memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0050DF91
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0050DFAD
                                                                                          • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4E3
                                                                                          • Part of subcall function 0050E4A0: _DebugHeapAllocator.LIBCPMTD ref: 0050E4FF
                                                                                        • ?Decode@CxImage@@QAE_NPAEKK@Z.CXIMAGECRT(?,?,00000000,?,?,?,?), ref: 0050DFFE
                                                                                        • ??3@YAXPAX@Z.MSVCR80(000000FF,?,?,00000000,?,?,?,?), ref: 0050E00D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap$??3@Decode@Image@@
                                                                                        • String ID:
                                                                                        • API String ID: 2750522454-0
                                                                                        • Opcode ID: 769ab098ef2205272df9c02d6f4271a03703872ce89b94fc88ef9a4cb5e21456
                                                                                        • Instruction ID: 3c37372c448fd1ff81ab42699f4e176843c1d29902be1aeb85d09944e11fd3e7
                                                                                        • Opcode Fuzzy Hash: 769ab098ef2205272df9c02d6f4271a03703872ce89b94fc88ef9a4cb5e21456
                                                                                        • Instruction Fuzzy Hash: 9B3118B1D05248EFCB04DFA8D985BDEBBB4FB48314F10861DF815A7281DB746A04CBA5
                                                                                        Function 00446480 Relevance: 6.1, APIs: 4, Instructions: 51windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetTopWindow.USER32(?), ref: 0044648F
                                                                                        • GetWindow.USER32(00000000,00000002), ref: 004464A0
                                                                                        • SendMessageW.USER32(00000000,?,?,?), ref: 004464BF
                                                                                        • GetTopWindow.USER32(00000000), ref: 004464CF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 1496643700-0
                                                                                        • Opcode ID: 0fc2dd0073c28b6c66ec9f54719fca97d74c0b9b452a9e8b98ab4c061e3703d5
                                                                                        • Instruction ID: 5599d8aec985cfa69e8589d1268fc08193e69a2bbc754be235a44f600a99598a
                                                                                        • Opcode Fuzzy Hash: 0fc2dd0073c28b6c66ec9f54719fca97d74c0b9b452a9e8b98ab4c061e3703d5
                                                                                        • Instruction Fuzzy Hash: 9411FA75A00208FFDB04DFE8D944EAE77B9AB88300F10855EFA0697390D734AE05DB69
                                                                                        Function 00491B50 Relevance: 6.0, APIs: 4, Instructions: 50COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _invalid_parameter_noinfo.MSVCR80(?,000000FF,?,0048E333,0048B283,00495099,?,0048B283,000000FF,000000FF,00495099,D8A7CFFC,00531700,000000FF,?,00495099), ref: 00491B68
                                                                                        • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,000000FF,?,0048E333,0048B283,00495099,?,0048B283,000000FF,000000FF,00495099,D8A7CFFC,00531700,000000FF,?,00495099), ref: 00491B83
                                                                                        • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,0048E333,0048B283,00495099,?,0048B283,000000FF,000000FF,00495099,D8A7CFFC,00531700,000000FF,?,00495099,?), ref: 00491BA9
                                                                                        • _invalid_parameter_noinfo.MSVCR80(?,0048E333,0048B283,00495099,?,0048B283,000000FF,000000FF,00495099,D8A7CFFC,00531700,000000FF,?,00495099,?), ref: 00491BB3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Myptr@?$basic_string@_U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@_invalid_parameter_noinfo
                                                                                        • String ID:
                                                                                        • API String ID: 2188846742-0
                                                                                        • Opcode ID: cf415323ecff6b965b9dcc6927c72044f43967f3e5d630dff8fedc2412618fef
                                                                                        • Instruction ID: 54e63703126b4be510269095b0d1381d719784210473edfb5369c30f1e79e64e
                                                                                        • Opcode Fuzzy Hash: cf415323ecff6b965b9dcc6927c72044f43967f3e5d630dff8fedc2412618fef
                                                                                        • Instruction Fuzzy Hash: 1C11C634A0000ADFCF14DF58C694CADBBB2EF99315B2182A9E9055B361EB34BF45DB84
                                                                                        Function 00475460 Relevance: 6.0, APIs: 4, Instructions: 46COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Delete$??3@Objectmemset
                                                                                        • String ID:
                                                                                        • API String ID: 2240089121-0
                                                                                        • Opcode ID: f775acb041dbfe5c56a33f25cd465f9aa31629570cacb76639abf9799f9fa6fa
                                                                                        • Instruction ID: 33d3a3a66d25ed9f4d03f09c9153b39c32194220fa2733effb8460e3d87a6c1a
                                                                                        • Opcode Fuzzy Hash: f775acb041dbfe5c56a33f25cd465f9aa31629570cacb76639abf9799f9fa6fa
                                                                                        • Instruction Fuzzy Hash: 55112AB4A00208EFDB44DF94D888B9EBBB1FF84315F548098D9052B391D779EA85CF80
                                                                                        Function 004223E0 Relevance: 6.0, APIs: 4, Instructions: 43windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • memset.MSVCR80 ref: 00422406
                                                                                          • Part of subcall function 004232A0: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004232B6
                                                                                        • wcslen.MSVCR80 ref: 00422427
                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000000), ref: 00422448
                                                                                        • SendMessageW.USER32(?,0000100F,?,00000000), ref: 00422460
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: MessageSend$memsetwcslen
                                                                                        • String ID:
                                                                                        • API String ID: 1629969563-0
                                                                                        • Opcode ID: 27b4e246d41088bd54c352e73dc6f3ec4014a33d544db1ace6c82cc66d73829c
                                                                                        • Instruction ID: fd28faf10420b3e9cf0d4e7cd47fee78e406ddaa3a8982db2d9a389e17546391
                                                                                        • Opcode Fuzzy Hash: 27b4e246d41088bd54c352e73dc6f3ec4014a33d544db1ace6c82cc66d73829c
                                                                                        • Instruction Fuzzy Hash: F901E9B1D00208EBEB14DFD0EC8ABDEBBB5BB58704F044118F601AB391DB75A9058B95
                                                                                        Function 00403340 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvCreateMat.CXCORE099(00000004,00000004,00000005,00000000,00401253,?,?), ref: 00403347
                                                                                        • cvCreateImage.CXCORE099(?,?,00000008,00000001,00401253,?,?), ref: 00403366
                                                                                        • cvReleaseMat.CXCORE099(000000A4,00401253,?,?), ref: 0040337A
                                                                                        • cvReleaseImage.CXCORE099(000000A0,00401253,?,?), ref: 00403388
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateImageRelease
                                                                                        • String ID:
                                                                                        • API String ID: 3144300847-0
                                                                                        • Opcode ID: ffbb64d3606a58d76dd273cbc426d93207a52b513e33f185116b626fbda38bd7
                                                                                        • Instruction ID: 4452188ac5ececaf9476ffc26b46a09e5286b645042c6e493afe79c57806edd9
                                                                                        • Opcode Fuzzy Hash: ffbb64d3606a58d76dd273cbc426d93207a52b513e33f185116b626fbda38bd7
                                                                                        • Instruction Fuzzy Hash: 9DF0E0B5500312B6E7206F146C4AB9B7B94AF52301F040425FE44652C0FB749991C656
                                                                                        Function 005212D0 Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,004BA301,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 005212D9
                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,004BA301,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 005212E6
                                                                                        • CreateThread.KERNEL32(00000000,00000000,00521280,?,00000000,00000000), ref: 00521303
                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,004BA301,?,?,004B95C5,00000000,00000000,?,000000FF,?,00000000,?,?), ref: 00521311
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: CriticalSection$Leave$CreateEnterThread
                                                                                        • String ID:
                                                                                        • API String ID: 2283434278-0
                                                                                        • Opcode ID: 418f5b227edb57f9a6f757c2f81d22d4be826a1a10dd088fbaa45c80337aa0d5
                                                                                        • Instruction ID: 8814811c4dcae3b6cb02d0e2ce8d72e62d21bf38926ec32fb9567c6bbb799682
                                                                                        • Opcode Fuzzy Hash: 418f5b227edb57f9a6f757c2f81d22d4be826a1a10dd088fbaa45c80337aa0d5
                                                                                        • Instruction Fuzzy Hash: 01F03E72201610AAE3705B55FC08BD77BB8EFD1B62F10051EF106D15D0D7A06445D765
                                                                                        Function 0041E370 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetSystemMetrics.USER32(0000004E), ref: 0041E37B
                                                                                        • GetSystemMetrics.USER32(0000004F), ref: 0041E386
                                                                                        • GetSystemMetrics.USER32(0000004C), ref: 0041E391
                                                                                        • GetSystemMetrics.USER32(0000004D), ref: 0041E3A2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: MetricsSystem
                                                                                        • String ID:
                                                                                        • API String ID: 4116985748-0
                                                                                        • Opcode ID: 22b1d73353d5bc3e7bbfce1216fdfc9bbe2c5f0851a8470d3ca0ef857e634515
                                                                                        • Instruction ID: 0309d501508c84c491e30ef2097f10fb6b95fe06418acfa07dbdd42ca1e239de
                                                                                        • Opcode Fuzzy Hash: 22b1d73353d5bc3e7bbfce1216fdfc9bbe2c5f0851a8470d3ca0ef857e634515
                                                                                        • Instruction Fuzzy Hash: 69018078E00209AFE704DF94E8499ACBBB1FF58300F1482AAEE5997781DB702A54DB45
                                                                                        Function 0172B5B8 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvWriteRawData.CXCORE099(?,?,?,?), ref: 0172B5D3
                                                                                          • Part of subcall function 0172AE90: memset.MSVCR80 ref: 0172AED5
                                                                                          • Part of subcall function 0172AE90: cvError.CXCORE099(?,cvWriteRawData,Invalid pointer to file storage,.\cxpersistence.cpp,00000BF0), ref: 0172B1AB
                                                                                        • cvNextNArraySlice.CXCORE099(?,?,?,?,?), ref: 0172B5DD
                                                                                        • cvEndWriteStruct.CXCORE099(?), ref: 0172B5EA
                                                                                        • cvEndWriteStruct.CXCORE099(?,?), ref: 0172B5F0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Write$Struct$ArrayDataErrorNextSlicememset
                                                                                        • String ID:
                                                                                        • API String ID: 1543503095-0
                                                                                        • Opcode ID: af5ece95be27b20ad03cfa0299e94254165e306a017276fbd6d2d8e69b993fd7
                                                                                        • Instruction ID: 7165e95cb486dc080da065ac29900974c9ff401886e96aeea0f0a5fc10a1707c
                                                                                        • Opcode Fuzzy Hash: af5ece95be27b20ad03cfa0299e94254165e306a017276fbd6d2d8e69b993fd7
                                                                                        • Instruction Fuzzy Hash: 91E092B58047135BD620FB24DC45FBFB3A9AFE5240F40480CE84943106FB34661A8AFB
                                                                                        Function 0172B5B6 Relevance: 6.0, APIs: 4, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvWriteRawData.CXCORE099(?,?,?,?), ref: 0172B5D3
                                                                                          • Part of subcall function 0172AE90: memset.MSVCR80 ref: 0172AED5
                                                                                          • Part of subcall function 0172AE90: cvError.CXCORE099(?,cvWriteRawData,Invalid pointer to file storage,.\cxpersistence.cpp,00000BF0), ref: 0172B1AB
                                                                                        • cvNextNArraySlice.CXCORE099(?,?,?,?,?), ref: 0172B5DD
                                                                                        • cvEndWriteStruct.CXCORE099(?), ref: 0172B5EA
                                                                                        • cvEndWriteStruct.CXCORE099(?,?), ref: 0172B5F0
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Write$Struct$ArrayDataErrorNextSlicememset
                                                                                        • String ID:
                                                                                        • API String ID: 1543503095-0
                                                                                        • Opcode ID: 4bc341c9cec1873ae2c9db8b88e9978be35364c7c473551503f63a82d5ef8118
                                                                                        • Instruction ID: 8977414173f5e9df1e69ae345cb37a3afe20edc165d12cd6c053b9a4d5ac7c38
                                                                                        • Opcode Fuzzy Hash: 4bc341c9cec1873ae2c9db8b88e9978be35364c7c473551503f63a82d5ef8118
                                                                                        • Instruction Fuzzy Hash: D6E092B54046231BD610FB249C45EBFB39A6FE4240F40480CE80547106FA34A60646F7
                                                                                        Function 00488730 Relevance: 6.0, APIs: 4, Instructions: 23COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,?,00488724,D8A7CFFC,0049A100,D8A7CFF8,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?,?), ref: 00488737
                                                                                        • ?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IAEPA_WXZ.MSVCP80(?,00488724,D8A7CFFC,0049A100,D8A7CFF8,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?,?,0049A100), ref: 00488742
                                                                                        • ?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z.MSVCP80(00000000,?,?,00488724,D8A7CFFC,0049A100,D8A7CFF8,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?), ref: 00488759
                                                                                        • ??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z.MSVCP80(?,?,?,00488724,D8A7CFFC,0049A100,D8A7CFF8,?,00487BE3,0049A0FC,-0000001C,?,0047AE82,?,00000000,?), ref: 00488766
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: U?$char_traits@_V?$allocator@_W@2@@std@@W@std@@$Myptr@?$basic_string@_$??4?$basic_string@_?erase@?$basic_string@_V01@V01@@V12@
                                                                                        • String ID:
                                                                                        • API String ID: 3537912873-0
                                                                                        • Opcode ID: 5056e8f042ebb5b06e388abe9d7013084b117bbf253dc20301d42485009f9af0
                                                                                        • Instruction ID: 68c4d93e9c4a580dced358607109a40fa72366f08dc93a0fa3c65411e4fd161c
                                                                                        • Opcode Fuzzy Hash: 5056e8f042ebb5b06e388abe9d7013084b117bbf253dc20301d42485009f9af0
                                                                                        • Instruction Fuzzy Hash: 6CE01235200108AFEB14EF54EC58D99777BFB98391F008125FA0A8B362DB30AD44DB94
                                                                                        Function 00435780 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 159COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 4NC$4NC
                                                                                        • API String ID: 0-1717309502
                                                                                        • Opcode ID: 636313644eab2cc9ed53f4b1fb6c7fe5ccbcacf0ac8ecf14d2ef5cb6642a3b42
                                                                                        • Instruction ID: edff85f3833ba22acf9ab8710c3cb5385f553245e4d39bd84e7972ae7c9abc0b
                                                                                        • Opcode Fuzzy Hash: 636313644eab2cc9ed53f4b1fb6c7fe5ccbcacf0ac8ecf14d2ef5cb6642a3b42
                                                                                        • Instruction Fuzzy Hash: 93616D70900508DFDB08EFA6D896BEEBBB5BF44318F10452EE5166B2D1DB782945CB88
                                                                                        Function 0050DC80 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 158memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 0050F800: _DebugHeapAllocator.LIBCPMTD ref: 0050F815
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 0050DCC9
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeap
                                                                                        • String ID: MCE-$_mAnnnYca@aM_
                                                                                        • API String ID: 571936431-899104912
                                                                                        • Opcode ID: f40b280ed1325e6bba48490bd75d2d284572e43d25bd79c82fdd87b9afc39f8c
                                                                                        • Instruction ID: 1e720448ac6b5cb3d8f353a52fb492bd5fc10a5b1a629d097a1df7f28f5dd433
                                                                                        • Opcode Fuzzy Hash: f40b280ed1325e6bba48490bd75d2d284572e43d25bd79c82fdd87b9afc39f8c
                                                                                        • Instruction Fuzzy Hash: 03715A30905258CBEB24DB54CD64FADBBB6BF61304F1482D8D5096B2C2CB75AE84CF65
                                                                                        Function 004B3190 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 157comCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00438A10: clock.MSVCR80 ref: 00438AA7
                                                                                          • Part of subcall function 00438A10: _DebugHeapAllocator.LIBCPMTD ref: 00438AC5
                                                                                        • OleCreatePropertyFrame.OLEAUT32(?,00000000,00000000,?,00000001,?,00000000,?,00000000,00000000,00000000), ref: 004B335F
                                                                                        • CoTaskMemFree.OLE32(?,?,?,D8A7CFFC), ref: 004B337C
                                                                                          • Part of subcall function 00438AF0: clock.MSVCR80 ref: 00438B1F
                                                                                        Strings
                                                                                        • CGraphMgr::ShowCameraProperties, xrefs: 004B31C1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: clock$AllocatorCreateDebugFrameFreeHeapPropertyTask
                                                                                        • String ID: CGraphMgr::ShowCameraProperties
                                                                                        • API String ID: 2338886374-3071715877
                                                                                        • Opcode ID: b892e083cea794b7bef9db6e71d19fafbfb14f69ee18f4ad05b9c8b3defac545
                                                                                        • Instruction ID: 691d08390fa4834040d12ba73b1f3886b5f8bcf1a23ad6f21803c9f1b6b811bf
                                                                                        • Opcode Fuzzy Hash: b892e083cea794b7bef9db6e71d19fafbfb14f69ee18f4ad05b9c8b3defac545
                                                                                        • Instruction Fuzzy Hash: 7B611571904618DBDB14DF95CC95BEEB7B4BF48304F10419AE00AAB291DB786F84CFA4
                                                                                        Function 0050D9E0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 106COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateDirectoryW.KERNEL32(0050E57A,00000000,D8A7CFFC), ref: 0050DA14
                                                                                        • wcscat.MSVCR80 ref: 0050DA27
                                                                                          • Part of subcall function 00500B70: ?fail@ios_base@std@@QBE_NXZ.MSVCP80(0050DAA4,00000000,00000002,00000000,00000020,00000040,00000001), ref: 00500B86
                                                                                          • Part of subcall function 00500BF0: ?fail@ios_base@std@@QBE_NXZ.MSVCP80(?,?,0050DAB6,?,00000000,00000002,00000000,00000020,00000040,00000001), ref: 00500C04
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ?fail@ios_base@std@@$CreateDirectorywcscat
                                                                                        • String ID: zP
                                                                                        • API String ID: 2898546159-257844785
                                                                                        • Opcode ID: 4f0b56061c965f2f2cf825f5a83e1c041622dd382fe08cce812f0975218b0ce2
                                                                                        • Instruction ID: fef8abd74728a25b5cf643a3bcb35e4a0f4abb1658a775f4a695eedb0014710f
                                                                                        • Opcode Fuzzy Hash: 4f0b56061c965f2f2cf825f5a83e1c041622dd382fe08cce812f0975218b0ce2
                                                                                        • Instruction Fuzzy Hash: 7F414970A012189FDB24DB54CD56FAEBBB4BF84310F008299E2096B2D1DB70AE84CF51
                                                                                        Function 0041E140 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 98COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00406640: GetDlgItem.USER32(?,00000000), ref: 00406651
                                                                                          • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A415
                                                                                          • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A437
                                                                                          • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A455
                                                                                          • Part of subcall function 0041A3B0: _DebugHeapAllocator.LIBCPMTD ref: 0041A47D
                                                                                          • Part of subcall function 0041A3B0: ?Load@CxImage@@QAE_NPB_WK@Z.CXIMAGECRT(00000000,00000000,?,00000000,?,0053E990,?,?,?,?,?,\class.xml,?,?,?,data\images\), ref: 0041A530
                                                                                          • Part of subcall function 0041DE10: ??_V@YAXPAX@Z.MSVCR80(0000001F,D8A7CFFC,?,?,?,0000001F,00000001,CameraDlg\btn_properties,00000000,?,000003EB), ref: 0041DE55
                                                                                          • Part of subcall function 0040DA40: MoveWindow.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,?,?,00408A2E,0000006D,0000002D,00000157,00000017,00000001,00000000,?), ref: 0040DA61
                                                                                          • Part of subcall function 0041AA40: GetWindowLongW.USER32(?,D8A7CFFC), ref: 0041AA51
                                                                                          • Part of subcall function 0041E880: SetWindowLongW.USER32(D8A7CFFC,00000001,D8A7CFFC), ref: 0041E895
                                                                                        • SetLayeredWindowAttributes.USER32(?,00000000,000000B2,00000002,000000EC,00000000,000000EC,0000000A,0000000A,0000002D,00000014,00000001,Apply the selection,button,00000000,D8A7CFFC), ref: 0041E1F1
                                                                                          • Part of subcall function 0041E8B0: MoveWindow.USER32(?,?,00000000,?,00000000,00000001,-00000003,?,0041E25F,?,00000001,?,?), ref: 0041E8E7
                                                                                          • Part of subcall function 0041E370: GetSystemMetrics.USER32(0000004E), ref: 0041E37B
                                                                                          • Part of subcall function 0041E370: GetSystemMetrics.USER32(0000004F), ref: 0041E386
                                                                                          • Part of subcall function 0041E370: GetSystemMetrics.USER32(0000004C), ref: 0041E391
                                                                                          • Part of subcall function 0041E370: GetSystemMetrics.USER32(0000004D), ref: 0041E3A2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$AllocatorDebugHeapMetricsSystem$LongMove$AttributesImage@@ItemLayeredLoad@
                                                                                        • String ID: Apply the selection$button
                                                                                        • API String ID: 70508497-2603280126
                                                                                        • Opcode ID: 325f42cf690be37cc5bd74bc9656fe42c8c439b5651ae68e07e9d9de847688b4
                                                                                        • Instruction ID: 04a5c8e6f4919bc5989b0440a3589c8b02fa676512b2dbfed97fa3f5bca5e94e
                                                                                        • Opcode Fuzzy Hash: 325f42cf690be37cc5bd74bc9656fe42c8c439b5651ae68e07e9d9de847688b4
                                                                                        • Instruction Fuzzy Hash: 6D310B70A40208ABDB08EBA5DD92FADB775AF44718F10011EF502A72D2DB797941CB59
                                                                                        Function 016E7148 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 80COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(FFFFFF2E,cvPerspectiveProject,0174124F,.\cxmatmul.cpp,00000830), ref: 016E730A
                                                                                        • cvErrorFromIppStatus.CXCORE099(00000000,cvPerspectiveProject,OpenCV function failed,.\cxmatmul.cpp,0000083A), ref: 016E736F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error$FromStatus
                                                                                        • String ID: .\cxmatmul.cpp$cvPerspectiveProject
                                                                                        • API String ID: 2848281142-1276396372
                                                                                        • Opcode ID: 8161f1156b2103b9b9d90c3f98581d4ea06ac7772a22fd24e45b9bf264c3478e
                                                                                        • Instruction ID: 96f4b0e56c32a8749bed166525bc8d785fa7066319e2728f2506c3a9a9e613b8
                                                                                        • Opcode Fuzzy Hash: 8161f1156b2103b9b9d90c3f98581d4ea06ac7772a22fd24e45b9bf264c3478e
                                                                                        • Instruction Fuzzy Hash: 2D31CE326053028BCB04DF08DC8899AB7A2FFC8308F194A9CE4859B255D732E969C7C1
                                                                                        Function 016C41A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 79COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,cvSeqElemIdx,0174124F,.\cxdatastructs.cpp,00000243), ref: 016C4242
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error
                                                                                        • String ID: .\cxdatastructs.cpp$cvSeqElemIdx
                                                                                        • API String ID: 2619118453-2925048379
                                                                                        • Opcode ID: a649a573badc176c53e6fe54bb6f15c0673520222fad81d20ff7bb80d46e1543
                                                                                        • Instruction ID: 626474710b526b7ff6d3dfc29da913971f8ced43198d6355316e9929af5bf5f3
                                                                                        • Opcode Fuzzy Hash: a649a573badc176c53e6fe54bb6f15c0673520222fad81d20ff7bb80d46e1543
                                                                                        • Instruction Fuzzy Hash: BA21F6773012014F8714DDAEEDD0966F7A7EFD0932318876ED9658B689CB31F8468780
                                                                                        Function 0041EED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetSystemMetrics.USER32(00000004), ref: 0041EEDD
                                                                                          • Part of subcall function 0040DA70: SetWindowPos.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,0040880B,?,?,0040880B,00000000,00000000,00000000,000001E2,-0000012B), ref: 0040DA95
                                                                                          • Part of subcall function 004065F0: GetParent.USER32(?), ref: 004065FD
                                                                                          • Part of subcall function 00406670: GetParent.USER32 ref: 0040669A
                                                                                          • Part of subcall function 00406670: GetWindowRect.USER32(?,?), ref: 004066C0
                                                                                          • Part of subcall function 00406670: GetWindowLongW.USER32(00000000,000000F0), ref: 004066DD
                                                                                          • Part of subcall function 00406670: SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0040670D
                                                                                          • Part of subcall function 00406640: GetDlgItem.USER32(?,00000000), ref: 00406651
                                                                                          • Part of subcall function 00408120: ??_V@YAXPAX@Z.MSVCR80(?,D8A7CFFC,?,?,?,?,00000000,00000000,00000000,00000000,0040641C,00000000), ref: 0040815C
                                                                                          • Part of subcall function 00408120: lstrlenW.KERNEL32(0040641C,?,?,00000000,00000000,00000000,00000000,0040641C,00000000), ref: 00408172
                                                                                          • Part of subcall function 0040DA40: MoveWindow.USER32(000001E2,-0000012B,000001E2,00000000,00000000,00000000,?,?,00408A2E,0000006D,0000002D,00000157,00000017,00000001,00000000,?), ref: 0040DA61
                                                                                        • MoveWindow.USER32(00000000,00000000,00000001,000000E7,0000005F,00000048,00000017,00000001,00000113,00000034,000000C6,00000017,00000001,http://www.manycam.com/codec,00000000,00000211), ref: 0041EF99
                                                                                        Strings
                                                                                        • http://www.manycam.com/codec, xrefs: 0041EF48
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Window$MoveParentSystem$InfoItemLongMetricsParametersRectlstrlen
                                                                                        • String ID: http://www.manycam.com/codec
                                                                                        • API String ID: 3918154117-1165702928
                                                                                        • Opcode ID: 3c772632c4e0218f7060b3e77bd1fd24f4dad1a2c19bf84bf2807e60cca908d2
                                                                                        • Instruction ID: 149f93423e983da9d283a3b54f422c1b69b7f72d1b3e7c1b80e5497dd6e0fc8b
                                                                                        • Opcode Fuzzy Hash: 3c772632c4e0218f7060b3e77bd1fd24f4dad1a2c19bf84bf2807e60cca908d2
                                                                                        • Instruction Fuzzy Hash: 5C110D70B802096BFB18E7A5CC67FBE7225AF44708F00042DB717BA2C2DAB96520865D
                                                                                        Function 016CA1D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,icvPolyLine,0174124F,.\cxdrawing.cpp,00000673,?,?,?,016CA62F,?,?,?,?,?,?), ref: 016CA212
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: Error
                                                                                        • String ID: .\cxdrawing.cpp$icvPolyLine
                                                                                        • API String ID: 2619118453-3292343506
                                                                                        • Opcode ID: 25961aca7650dbfed7bbc060c66ea7fa2c0452abc64d6f515278ecdf34f2aed1
                                                                                        • Instruction ID: fcd7d93eb6fd63ccd09bd012726b6a43998000b65f778580ddec31933beac331
                                                                                        • Opcode Fuzzy Hash: 25961aca7650dbfed7bbc060c66ea7fa2c0452abc64d6f515278ecdf34f2aed1
                                                                                        • Instruction Fuzzy Hash: 0E11E2B27047146B8714D99EDC50D67F3EBDBC8A24B04812DF509D3315E631FA0686A0
                                                                                        Function 004C4AC0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _invalid_parameter_noinfo.MSVCR80(00000000,00533F58,?,?,?,?,?,?,004BCB55,?,00533F58,000000FF,00533F58,004B85D2,00000000,00000000), ref: 004C4AD1
                                                                                        • _invalid_parameter_noinfo.MSVCR80(?,00000000,00533F58,?,?,?,?,?,?,004BCB55,?,00533F58,000000FF,00533F58,004B85D2,00000000), ref: 004C4AEE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID: X?S
                                                                                        • API String ID: 3215553584-928156776
                                                                                        • Opcode ID: 300afce18172fda367b1e5a93a3139029df3230341556c5fc4a0edfbb8e029cc
                                                                                        • Instruction ID: 6e252d52473bf057cc5c9ab3544af976a75f27afc912d5b1b1ccf3972680467b
                                                                                        • Opcode Fuzzy Hash: 300afce18172fda367b1e5a93a3139029df3230341556c5fc4a0edfbb8e029cc
                                                                                        • Instruction Fuzzy Hash: 7B214178E00204EFCB44EFA5C6A0E6FBB75AF89315B14819EE4055B311D738EE41CBA8
                                                                                        Function 00490E90 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _invalid_parameter_noinfo.MSVCR80(?,0049315F,?,00000000,?,?,0048D60B,000000FF,?,?,00499CB6,?,?,?,00531AE6,000000FF), ref: 00490EA1
                                                                                        • _invalid_parameter_noinfo.MSVCR80(00000003,?,0049315F,?,00000000,?,?,0048D60B,000000FF,?,?,00499CB6,?,?,?,00531AE6), ref: 00490EBE
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID: _1I
                                                                                        • API String ID: 3215553584-1375489561
                                                                                        • Opcode ID: f8a0f0cd8858169583a3bfb7bac23ac9426c047314b7327a1f008bdd9c0947f0
                                                                                        • Instruction ID: 39ed61a2cd6add22cacd6874f090497504692926125bc87bb284fc13d1f3f6b2
                                                                                        • Opcode Fuzzy Hash: f8a0f0cd8858169583a3bfb7bac23ac9426c047314b7327a1f008bdd9c0947f0
                                                                                        • Instruction Fuzzy Hash: 12213E74A00204EFCF04EFA5C58086EBF76AF89315B1489AEE4459B305CB38EA41CBA4
                                                                                        Function 00407190 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 67registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegQueryValueExW.ADVAPI32(00000040,?,00000000,00000040,?,?,004C7AEB,AppVersion,?,00000040,80000002,SOFTWARE\ManyCam,00020019), ref: 004071CC
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: QueryValue
                                                                                        • String ID: zL$zL
                                                                                        • API String ID: 3660427363-3006479296
                                                                                        • Opcode ID: 9f65d8b26e372b6834f41cd3cc3a1fe9bf163b5c16fb74d4df2668fbdcee74fa
                                                                                        • Instruction ID: fe241e5347fe9cda23539dab786d815e97edc30d153e6fd0c4fb1542d65cb657
                                                                                        • Opcode Fuzzy Hash: 9f65d8b26e372b6834f41cd3cc3a1fe9bf163b5c16fb74d4df2668fbdcee74fa
                                                                                        • Instruction Fuzzy Hash: 90211074A04209EBDB18CF99C454BAFB7B1FF84300F1085AEE911AB3D0D778A941CB96
                                                                                        Function 016C7180 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,cvPrevTreeNode,0174124F,.\cxdatastructs.cpp,00000F77), ref: 016C71A2
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorStatus
                                                                                        • String ID: .\cxdatastructs.cpp$cvPrevTreeNode
                                                                                        • API String ID: 1596131371-1731343417
                                                                                        • Opcode ID: c4416640652f2a794ed0d5518850934857c0cc3986235d5ee38d59546deda837
                                                                                        • Instruction ID: 59f1c35d0377222721bf53f240ec9c46ed4f53e68fd568449737341236197941
                                                                                        • Opcode Fuzzy Hash: c4416640652f2a794ed0d5518850934857c0cc3986235d5ee38d59546deda837
                                                                                        • Instruction Fuzzy Hash: 74117071B042129B9B19DA0EE850936F7A7FFD4A14329C16DE91997706D732F8028AD0
                                                                                        Function 004535B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 004B77A0: fwprintf.MSVCR80 ref: 004B7842
                                                                                          • Part of subcall function 004B77A0: fflush.MSVCR80 ref: 004B7852
                                                                                        • clock.MSVCR80 ref: 00453606
                                                                                        • _DebugHeapAllocator.LIBCPMTD ref: 00453624
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocatorDebugHeapclockfflushfwprintf
                                                                                        • String ID: Entering: %s
                                                                                        • API String ID: 1338021872-1508582857
                                                                                        • Opcode ID: 0a03b20c66a4bdf864266057b93037efe44b4c8f81b8abca9714b6f92b0e190a
                                                                                        • Instruction ID: 630723a52c49dda7b07cbf3efddf69ebd1aec7d1a56bd84d85dfb89b8348d68f
                                                                                        • Opcode Fuzzy Hash: 0a03b20c66a4bdf864266057b93037efe44b4c8f81b8abca9714b6f92b0e190a
                                                                                        • Instruction Fuzzy Hash: CE1130B5904209EFDB04DF98D841AAEB7B4FF48714F00865DF82597381D7746904CBA5
                                                                                        Function 016C4520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • cvError.CXCORE099(000000E5,cvFlushSeqWriter,0174124F,.\cxdatastructs.cpp,000003DA), ref: 016C453F
                                                                                          • Part of subcall function 016D6DF0: cvSetErrStatus.CXCORE099(00000000,00000000,?,0169107F,000000FC,cvAlloc,Out of memory,.\cxalloc.cpp,0000006F), ref: 016D6DFD
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: ErrorStatus
                                                                                        • String ID: .\cxdatastructs.cpp$cvFlushSeqWriter
                                                                                        • API String ID: 1596131371-1111835215
                                                                                        • Opcode ID: e5155896b0b050ac85b6ba02876fbb934b6b7de1b9ed288728c5b5260188fcf8
                                                                                        • Instruction ID: 66771f37918142dc3b6ea1eb85b57264da86333ca4a5fc91b53b4eb89b585f8b
                                                                                        • Opcode Fuzzy Hash: e5155896b0b050ac85b6ba02876fbb934b6b7de1b9ed288728c5b5260188fcf8
                                                                                        • Instruction Fuzzy Hash: 2C018FB67002019FC710CF19E9A0966B3E5EB98A24715845DE96A97B41C730FC42CB90
                                                                                        Function 004E29E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _invalid_parameter_noinfo.MSVCR80(?,?,004E1883,CN,000000FF,?,004E0A43,?,?,000000FF,?), ref: 004E29EF
                                                                                        • _invalid_parameter_noinfo.MSVCR80(?,?,004E1883,CN,000000FF,?,004E0A43,?,?,000000FF,?), ref: 004E2A25
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID: CN
                                                                                        • API String ID: 3215553584-3860229782
                                                                                        • Opcode ID: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
                                                                                        • Instruction ID: 055c263bba3631ac84532d8d275a506bca3ff744e03e32cc4505f628b268f32f
                                                                                        • Opcode Fuzzy Hash: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
                                                                                        • Instruction Fuzzy Hash: 6D110234A00049EFCB14DF45C280DADB7B6FB99305B25C299E8068B315DB31AF46DB84
                                                                                        Function 00412C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _invalid_parameter_noinfo.MSVCR80(?,?,004129C3,C A,00000000,?,00412043,?,?,00000000,-0000012B,0040F9E0,00000000,?,?,-0000012B), ref: 00412C2F
                                                                                        • _invalid_parameter_noinfo.MSVCR80(?,?,004129C3,C A,00000000,?,00412043,?,?,00000000,-0000012B,0040F9E0,00000000,?,?,-0000012B), ref: 00412C65
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID: C A
                                                                                        • API String ID: 3215553584-432193327
                                                                                        • Opcode ID: dd3759dd0edff71de197c755aad0b75e312425a4acb4d65829b04bcd21f34736
                                                                                        • Instruction ID: d50c8c72ee7c7c5e73367f5c550ec2d48e9c8be17f747839894a4a99daa275eb
                                                                                        • Opcode Fuzzy Hash: dd3759dd0edff71de197c755aad0b75e312425a4acb4d65829b04bcd21f34736
                                                                                        • Instruction Fuzzy Hash: 0E01E931600008DFCB08CF48D7D49ADFBB6EF69345B668199E5069B315D730EE90DB98
                                                                                        Function 00413CB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMONLIBRARYCODE
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • _invalid_parameter_noinfo.MSVCR80(?,?,004138F3,c7A,00000000,?,00413763,?,?,00000000,?,004136D0,?,?,?,45A), ref: 00413CBF
                                                                                        • _invalid_parameter_noinfo.MSVCR80(?,?,004138F3,c7A,00000000,?,00413763,?,?,00000000,?,004136D0,?,?,?,45A), ref: 00413CF5
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                        • String ID: c7A
                                                                                        • API String ID: 3215553584-604798297
                                                                                        • Opcode ID: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
                                                                                        • Instruction ID: 4f8a117557595d7ace3a85e6c39e7ac69620622392f626f59c62cc3483bdb0bb
                                                                                        • Opcode Fuzzy Hash: 3ded8f196a3c02e06d8d6a8014f10332241c82d37bf5bc7cecde32a8ae69c9c0
                                                                                        • Instruction Fuzzy Hash: 3511D335A00009EFCB14DF48C290C9DB7B6FF99305B258199E9069B315EB31AF86DB88
                                                                                        Function 016AD5D9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377806422.0000000001691000.00000020.00000001.01000000.00000007.sdmp, Offset: 01690000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377779743.0000000001690000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377886414.0000000001741000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377914879.0000000001764000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377939754.0000000001774000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_1690000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: memset
                                                                                        • String ID: y%
                                                                                        • API String ID: 2221118986-3780131562
                                                                                        • Opcode ID: 8c45e552366ebd59fed9a336911f7b4c91a2a3d2c13aea2b2e8df0f73946977b
                                                                                        • Instruction ID: 200ab83373d905d1304fbcdf72057229d44d7ef7539dd36d4fca9c1e252cf4f8
                                                                                        • Opcode Fuzzy Hash: 8c45e552366ebd59fed9a336911f7b4c91a2a3d2c13aea2b2e8df0f73946977b
                                                                                        • Instruction Fuzzy Hash: 68F0E9B6A043054FD6109724EC51BBBB3D9E7D4244F44483ED58982202E52588048757
                                                                                        Function 004B7880 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                          • Part of subcall function 00454C20: _time64.MSVCR80 ref: 00454C25
                                                                                        • fwprintf.MSVCR80 ref: 004B78B3
                                                                                        • fflush.MSVCR80 ref: 004B78C3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: _time64fflushfwprintf
                                                                                        • String ID: | %x %X |
                                                                                        • API String ID: 804399740-1669508960
                                                                                        • Opcode ID: a995debcebdf332dee2d0cd15bea4d7e243787ad81cf3f31d987c7b7fad9b84e
                                                                                        • Instruction ID: 998b554e6e78045c2d5deda0b84162204a47a87edbaee598bb3a96ab0b245df9
                                                                                        • Opcode Fuzzy Hash: a995debcebdf332dee2d0cd15bea4d7e243787ad81cf3f31d987c7b7fad9b84e
                                                                                        • Instruction Fuzzy Hash: 4BF05471C01108ABDF04FB95DD868AEB738FF54309B5045A9E91667242DB34AA1CCBE5
                                                                                        Function 004150C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: memmove_s
                                                                                        • String ID: nAA$nAA
                                                                                        • API String ID: 1646303785-1657967095
                                                                                        • Opcode ID: 48a814f637bbc169a426d2c1a272fa5cac1a1cc5ee3381e8494429463483b6d0
                                                                                        • Instruction ID: 831bdc283bfef77eb9b1cad694d4ede0d3f081278f3ad19dba345cc0dbbac6ca
                                                                                        • Opcode Fuzzy Hash: 48a814f637bbc169a426d2c1a272fa5cac1a1cc5ee3381e8494429463483b6d0
                                                                                        • Instruction Fuzzy Hash: 0CF0D47090010DEFCB14DF9CC885D9EBBB8FB88344F10829DE919A7300E630EAA5CB90
                                                                                        Function 00523211 Relevance: 5.1, APIs: 4, Instructions: 59memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetProcessHeap.KERNEL32(00000000,0000000D,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?,0000040A,00000000), ref: 0052318D
                                                                                        • HeapAlloc.KERNEL32(00000000,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?,0000040A,00000000,00000000), ref: 00523194
                                                                                          • Part of subcall function 0052309D: IsProcessorFeaturePresent.KERNEL32(0000000C,?,0052317B,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?,0000040A), ref: 005230A0
                                                                                        • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?), ref: 005231B6
                                                                                        • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,004086D8,?,00408648,0000000D,0040858E,00000000,?,?,00406405,0000040A,?), ref: 005231E3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000004.00000002.2377180331.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                        • Associated: 00000004.00000002.2377155137.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377310419.000000000053B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377371622.0000000000595000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377392845.000000000059B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377425482.000000000059C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000004.00000002.2377447633.00000000005A4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_4_2_400000_ManyCam.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocHeapVirtual$FeatureFreePresentProcessProcessor
                                                                                        • String ID:
                                                                                        • API String ID: 4058086966-0
                                                                                        • Opcode ID: 0c4867eb5bd92bb6381ce8f4e327ffa02bccf704549b714ad9cee9f0e79b5bb8
                                                                                        • Instruction ID: b5a60a9bbef02a3c563d751fc20c4e74480abeb514ab3cab8f797184bd5a284a
                                                                                        • Opcode Fuzzy Hash: 0c4867eb5bd92bb6381ce8f4e327ffa02bccf704549b714ad9cee9f0e79b5bb8
                                                                                        • Instruction Fuzzy Hash: 3711D631240231AFEB21176CFC0AB663E65BF67741F100820FA11D62E0D738CD08EAA0